Jump to content

famguyfan

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Unless you want to tell my girlfriend the dress she's wearing makes her look fat for me I'm good. Thanks again Maniac!
  2. I posted that this morning before I left for work and left the AV off all day. Just googled something random and got the same results as my phone (give or take a page for googles tracking). ran MB quick scan again and it cae back clean w/ nothing in the quarentine bin. Thanks for all our help and everyhig all do! You guys are awesome!
  3. C:\TDSSKiller_Quarantine\21.02.2012_20.42.13\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\21.02.2012_20.42.13\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\21.02.2012_20.42.13\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AYH trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\21.02.2012_20.42.13\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.JG trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\21.02.2012_20.42.13\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\21.02.2012_20.42.13\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\21.02.2012_20.42.13\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined D:\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application deleted - quarantined
  4. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.23.01 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 7.0.6002.18005 Krazyed :: KRAZYSLAPTOP [administrator] 2/23/2012 5:27:48 PM mbam-log-2012-02-23 (17-27-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM Scan options disabled: Heuristics/Shuriken | P2P Objects scanned: 201068 Time elapsed: 5 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. Here is the MB quckscan log. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.21.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 7.0.6002.18005 Krazyed :: KRAZYSLAPTOP [administrator] Protection: Enabled 2/22/2012 2:01:21 PM mbam-log-2012-02-22 (14-01-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 200280 Time elapsed: 8 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Here is the DDS.txt contents . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18 Run by Krazyed at 14:25:39 on 2012-02-22 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1492 [GMT -6:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\rundll32.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\SysWOW64\vmnat.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program files\P4G\BatteryLife.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\ScreenPrint32 v3\ScreenPrint32.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Windows\ASScrPro.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\VMware\VMware Player\hqtray.exe C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe D:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe D:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe D:\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\taskeng.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe mRun: [screenPrint32] "C:\Program Files (x86)\ScreenPrint32 v3\ScreenPrint32.exe" -startup mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe mRun: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe mRun: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "D:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F70E25AF-7BD4-42A4-8C65-F3CD83711133} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File mRun-x64: [screenPrint32] "C:\Program Files (x86)\ScreenPrint32 v3\ScreenPrint32.exe" -startup mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun-x64: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe mRun-x64: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe mRun-x64: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe mRun-x64: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun-x64: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "D:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys --> C:\Windows\system32\DRIVERS\VBoxDrv.sys [?] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys --> C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [?] R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-7-17 14904] R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736] R2 MBAMService;MBAMService;D:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-20 652360] R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168] R2 vmci;VMware vmci;\??\C:\Windows\system32\drivers\vmci.sys --> C:\Windows\system32\drivers\vmci.sys [?] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys --> C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [?] R3 VBoxNetFlt;VBoxNetFlt Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys --> C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-7-17 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-7-17 79360] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-9-4 89920] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688] . =============== Created Last 30 ================ . 2012-02-22 17:36:24 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9ABDF875-6E9D-43D2-B725-3F0361C6BDE8}\mpengine.dll 2012-02-22 16:35:10 98816 ----a-w- C:\Windows\sed.exe 2012-02-22 16:35:10 518144 ----a-w- C:\Windows\SWREG.exe 2012-02-22 16:35:10 256000 ----a-w- C:\Windows\PEV.exe 2012-02-22 16:35:10 208896 ----a-w- C:\Windows\MBR.exe 2012-02-22 02:45:29 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-22 01:24:36 -------- d-----w- C:\Program Files (x86)\RegZooka 2012-02-22 00:47:06 -------- d-----w- C:\Windows\SysWow64\vi-VN 2012-02-22 00:47:06 -------- d-----w- C:\Windows\SysWow64\eu-ES 2012-02-22 00:47:06 -------- d-----w- C:\Windows\SysWow64\ca-ES 2012-02-22 00:47:06 -------- d-----w- C:\Windows\System32\vi-VN 2012-02-22 00:47:06 -------- d-----w- C:\Windows\System32\eu-ES 2012-02-22 00:47:06 -------- d-----w- C:\Windows\System32\ca-ES 2012-02-21 04:32:48 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-02-20 01:16:49 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-19 01:07:41 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-19 01:07:40 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F4299BE0-E446-4848-9AB9-9C9504A0F938}\gapaengine.dll 2012-02-19 00:41:29 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-02-19 00:40:36 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-02-19 00:39:49 345984 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-02-18 03:34:55 8602168 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9172ECCE-7906-4C17-B9A0-62A8D58A6C4E}\mpengine.dll 2012-01-31 15:28:12 -------- d-----w- C:\Program Files\iPod 2012-01-31 15:28:03 -------- d-----w- C:\Program Files\iTunes 2012-01-31 15:28:03 -------- d-----w- C:\Program Files (x86)\iTunes 2012-01-27 15:22:35 -------- d-----w- C:\Users\Krazyed\AppData\Roaming\JasonRobitaille 2012-01-27 15:22:19 -------- d-----w- C:\Program Files\Palm, Inc . ==================== Find3M ==================== . 2012-02-22 02:33:27 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe 2011-12-03 02:33:24 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2009-11-24 21:56:36 16508584 ----a-w- C:\Program Files\x-video-converter-platinum-cnet.exe 2009-09-23 19:16:27 1521893 ----a-w- C:\Program Files\winrar-x64-390.exe . ============= FINISH: 14:27:13.75 =============== and here is the attach.txt contents . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 7/17/2009 2:35:15 PM System Uptime: 2/22/2012 10:08:41 AM (4 hours ago) . Motherboard: PEGATRON Corp. | | G60VX Processor: Intel® Core2 Duo CPU T9600 @ 2.80GHz | Socket 478 | 800/267mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 28.861 GiB free. D: is FIXED (NTFS) - 137 GiB total, 78.11 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP614: 2/21/2012 6:01:13 PM - Windows Vista™ Service Pack 2 RP615: 2/21/2012 10:58:42 PM - Windows Update RP616: 2/22/2012 12:15:44 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent 2007 Microsoft Office system Acrobat.com Activation Assistant for the 2007 Microsoft Office suites Adobe AIR Adobe Community Help Adobe Download Assistant Adobe Dreamweaver CS5.5 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Flash Professional CS5.5 Adobe Media Player Adobe Photoshop CS5.1 Adobe Reader 9.5.0 Adobe Widget Browser Android SDK Tools Apple Application Support Apple Software Update ASUS Data Security Manager ASUS FancyStart ASUS LifeFrame3 ASUS Live Update ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS Virtual Camera Asus_Camera_ScreenSaver ATK Generic Function Service ATK Hotkey ATK Media ATKOSD2 Carbonite Online Backup Setup Creative MediaSource 5 Crystal Reports Basic for Visual Studio 2008 DAEMON Tools Lite Diablo II Drug Lord 2 Express Gate ffdshow GOM Player HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091) Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674) ITECIR Java 6 Update 18 jGRASP League of Legends LightScribe System Software 1.14.17.1 Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Compact Framework 2.0 SP2 Microsoft .NET Compact Framework 3.5 Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Choice Guard Microsoft Document Explorer 2008 Microsoft Expression Blend 3 SDK Microsoft Expression Blend 4 Microsoft Expression Blend SDK for .NET 4 Microsoft Expression Blend SDK for Silverlight 4 Microsoft Expression Design 4 Microsoft Expression Encoder 4 Microsoft Expression Encoder 4 Screen Capture Codec Microsoft Expression Studio 4 Microsoft Expression Web 4 Microsoft Expression Web 4 Service Pack 2 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Chinese (Simplified)) 2007 Microsoft Office Access MUI (Chinese (Traditional)) 2007 Microsoft Office Access MUI (English) 2007 Microsoft Office Access MUI (French) 2007 Microsoft Office Access MUI (Spanish) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Chinese (Simplified)) 2007 Microsoft Office Excel MUI (Chinese (Traditional)) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office Excel MUI (Spanish) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office IME (Chinese (Simplified)) 2007 Microsoft Office IME (Chinese (Traditional)) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Chinese (Simplified)) 2007 Microsoft Office Outlook MUI (Chinese (Traditional)) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office Outlook MUI (Spanish) 2007 Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007 Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office PowerPoint MUI (Spanish) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Basque) 2007 Microsoft Office Proof (Catalan) 2007 Microsoft Office Proof (Chinese (Simplified)) 2007 Microsoft Office Proof (Chinese (Traditional)) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Galician) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Chinese (Simplified)) 2007 Microsoft Office Proofing (Chinese (Traditional)) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Proofing (Spanish) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Chinese (Simplified)) 2007 Microsoft Office Publisher MUI (Chinese (Traditional)) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Publisher MUI (Spanish) 2007 Microsoft Office Shared MUI (Chinese (Simplified)) 2007 Microsoft Office Shared MUI (Chinese (Traditional)) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Shared MUI (Spanish) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) Microsoft Office Visual Web Developer 2007 Microsoft Office Visual Web Developer MUI (English) 2007 Microsoft Office Word MUI (Chinese (Simplified)) 2007 Microsoft Office Word MUI (Chinese (Traditional)) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Office Word MUI (Spanish) 2007 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files (English) Microsoft SQL Server Compact 3.5 Design Tools ENU Microsoft SQL Server Compact 3.5 ENU Microsoft SQL Server Compact 3.5 for Devices ENU Microsoft SQL Server Database Publishing Wizard 1.2 Microsoft Visual Basic 2008 Express Edition - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio 2008 Professional Edition - ENU Microsoft Visual Studio Web Authoring Component Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal Seagate Edition Nero 7 Ultra Edition neroxml Notepad++ Pando Media Booster PDF Settings CS5 Plants vs. Zombies Python 2.7 QuickTime RAPTOR Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03 ScreenPrint32 v3.5 Seagate Manager Installer Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Groove 2007 (KB2552997) Security Update for Microsoft Office InfoPath 2007 (KB2510061) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Skype Toolbars Skype™ 4.2 Sound Blaster Audigy HD Asus Sql Server Customer Experience Improvement Program StarCraft II Steam The Elder Scrolls V: Skyrim tools-linux Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2583910) Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) VC Runtimes MSI Visual Studio 2005 Tools for Office Second Edition Runtime Visual Studio Tools for the Office system 3.0 Runtime VLC media player 1.0.3 VMware Player Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live OneCare safety scanner Windows Live Sign-in Assistant Windows Live Upload Tool Windows Mobile 5.0 SDK R2 for Pocket PC Windows Mobile 5.0 SDK R2 for Smartphone WinFlash Wireless Console 2 World of Tanks v.0.6.3.11 WPF Toolkit February 2010 (Version 3.5.50211.1) Xfire (remove only) Xilisoft Video Converter Platinum . ==== End Of File ===========================
  6. ComboFix 12-02-22.01 - Krazyed 02/22/2012 10:38:45.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1574 [GMT -6:00] Running from: c:\users\Krazyed\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - Windows: deleted 72 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\dll c:\program files\dll\cryptapi.dll c:\program files\dll\dtprohlp.dll c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll c:\users\Krazyed\AppData\Local\assembly\tmp c:\windows\admintxt.txt c:\windows\SysWow64\html c:\windows\SysWow64\html\calendar.html c:\windows\SysWow64\html\calendarbottom.html c:\windows\SysWow64\html\calendartop.html c:\windows\SysWow64\html\crystalexportdialog.htm c:\windows\SysWow64\html\crystalprinthost.html c:\windows\SysWow64\images c:\windows\SysWow64\images\toolbar\calendar.gif c:\windows\SysWow64\images\toolbar\crlogo.gif c:\windows\SysWow64\images\toolbar\export.gif c:\windows\SysWow64\images\toolbar\export_over.gif c:\windows\SysWow64\images\toolbar\exportd.gif c:\windows\SysWow64\images\toolbar\First.gif c:\windows\SysWow64\images\toolbar\first_over.gif c:\windows\SysWow64\images\toolbar\Firstd.gif c:\windows\SysWow64\images\toolbar\gotopage.gif c:\windows\SysWow64\images\toolbar\gotopage_over.gif c:\windows\SysWow64\images\toolbar\gotopaged.gif c:\windows\SysWow64\images\toolbar\grouptree.gif c:\windows\SysWow64\images\toolbar\grouptree_over.gif c:\windows\SysWow64\images\toolbar\grouptreed.gif c:\windows\SysWow64\images\toolbar\grouptreepressed.gif c:\windows\SysWow64\images\toolbar\Last.gif c:\windows\SysWow64\images\toolbar\last_over.gif c:\windows\SysWow64\images\toolbar\Lastd.gif c:\windows\SysWow64\images\toolbar\Next.gif c:\windows\SysWow64\images\toolbar\next_over.gif c:\windows\SysWow64\images\toolbar\Nextd.gif c:\windows\SysWow64\images\toolbar\Prev.gif c:\windows\SysWow64\images\toolbar\prev_over.gif c:\windows\SysWow64\images\toolbar\Prevd.gif c:\windows\SysWow64\images\toolbar\print.gif c:\windows\SysWow64\images\toolbar\print_over.gif c:\windows\SysWow64\images\toolbar\printd.gif c:\windows\SysWow64\images\toolbar\Refresh.gif c:\windows\SysWow64\images\toolbar\refresh_over.gif c:\windows\SysWow64\images\toolbar\refreshd.gif c:\windows\SysWow64\images\toolbar\Search.gif c:\windows\SysWow64\images\toolbar\search_over.gif c:\windows\SysWow64\images\toolbar\searchd.gif c:\windows\SysWow64\images\toolbar\up.gif c:\windows\SysWow64\images\toolbar\up_over.gif c:\windows\SysWow64\images\toolbar\upd.gif c:\windows\SysWow64\images\tree\begindots.gif c:\windows\SysWow64\images\tree\beginminus.gif c:\windows\SysWow64\images\tree\beginplus.gif c:\windows\SysWow64\images\tree\blank.gif c:\windows\SysWow64\images\tree\blankdots.gif c:\windows\SysWow64\images\tree\dots.gif c:\windows\SysWow64\images\tree\lastdots.gif c:\windows\SysWow64\images\tree\lastminus.gif c:\windows\SysWow64\images\tree\lastplus.gif c:\windows\SysWow64\images\tree\Magnify.gif c:\windows\SysWow64\images\tree\minus.gif c:\windows\SysWow64\images\tree\minusbox.gif c:\windows\SysWow64\images\tree\plus.gif c:\windows\SysWow64\images\tree\plusbox.gif c:\windows\SysWow64\images\tree\singleminus.gif c:\windows\SysWow64\images\tree\singleplus.gif D:\Autorun.inf D:\setup.exe . . ((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 ))))))))))))))))))))))))))))))) . . 2012-02-22 17:17 . 2012-02-22 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-22 04:59 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1930FF54-564C-4C13-A066-7FFAF3966169}\mpengine.dll 2012-02-22 02:45 . 2012-02-22 02:45 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-22 01:24 . 2012-02-22 02:23 -------- d-----w- c:\program files (x86)\RegZooka 2012-02-22 00:47 . 2012-02-22 00:47 -------- d-----w- c:\windows\SysWow64\ca-ES 2012-02-22 00:47 . 2012-02-22 00:47 -------- d-----w- c:\windows\SysWow64\eu-ES 2012-02-22 00:47 . 2012-02-22 00:47 -------- d-----w- c:\windows\SysWow64\vi-VN 2012-02-22 00:47 . 2012-02-22 00:47 -------- d-----w- c:\windows\system32\ca-ES 2012-02-22 00:47 . 2012-02-22 00:47 -------- d-----w- c:\windows\system32\eu-ES 2012-02-22 00:47 . 2012-02-22 00:47 -------- d-----w- c:\windows\system32\vi-VN 2012-02-21 04:32 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-20 01:16 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-19 01:07 . 2012-02-09 19:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-19 01:07 . 2012-02-09 19:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4299BE0-E446-4848-9AB9-9C9504A0F938}\gapaengine.dll 2012-02-19 00:41 . 2012-02-19 00:41 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-02-19 00:40 . 2012-02-19 00:41 -------- d-----w- c:\program files\Microsoft Security Client 2012-02-19 00:39 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys 2012-02-18 03:34 . 2012-01-06 05:15 8602168 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9172ECCE-7906-4C17-B9A0-62A8D58A6C4E}\mpengine.dll 2012-01-31 15:28 . 2012-01-31 15:28 -------- d-----w- c:\program files\iPod 2012-01-31 15:28 . 2012-01-31 15:29 -------- d-----w- c:\program files\iTunes 2012-01-31 15:28 . 2012-01-31 15:29 -------- d-----w- c:\program files (x86)\iTunes 2012-01-27 15:22 . 2012-01-27 15:22 -------- d-----w- c:\users\Krazyed\AppData\Roaming\JasonRobitaille 2012-01-27 15:22 . 2012-01-27 15:22 -------- d-----w- c:\program files\DIFX 2012-01-27 15:22 . 2012-01-27 15:23 -------- d-----w- c:\program files\Palm, Inc . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-22 02:33 . 2009-08-19 21:37 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-01-31 12:44 . 2009-10-03 16:37 279656 ------w- c:\windows\system32\MpSigStub.exe 2011-12-03 02:33 . 2011-08-10 03:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2009-11-24 21:56 . 2009-11-24 21:55 16508584 ----a-w- c:\program files\x-video-converter-platinum-cnet.exe 2009-09-23 19:16 . 2009-09-23 19:15 1521893 ----a-w- c:\program files\winrar-x64-390.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-03-09 26100520] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-03 1242448] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-03 3077528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ScreenPrint32"="c:\program files (x86)\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-07-17 33136] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-07-17 47672] "ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240] "ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2008-10-01 1126400] "VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304] "CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096] "MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-01 23:52 159744 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1_64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-06 1833504] "RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2006-11-02 46592] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-06 7751712] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 82464] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 15961632] "Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-10-25 60264] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = %SystemRoot%\system32\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll TCP: DhcpNameServer = 192.168.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}] @Denied: (A 2) (Everyone) @="FlashProp Class" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . Completion time: 2012-02-22 11:27:11 ComboFix-quarantined-files.txt 2012-02-22 17:27 . Pre-Run: 33,742,716,928 bytes free Post-Run: 33,098,969,088 bytes free . - - End Of File - - 11BFABB2EE4B285E66403C251B73ECA1
  7. I had already run windows security esentials and TDSSkiller to get rig of the reirect ug but MBAM keeps finding this trojan.agent in scvhost.exe. Here's my DDS.txt log. Any help would be appreciated. Thanks! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18 Run by Krazyed at 20:59:25 on 2012-02-21 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2200 [GMT -6:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\rundll32.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\System32\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\SysWOW64\vmnat.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\ScreenPrint32 v3\ScreenPrint32.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Windows\ASScrPro.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe C:\Program Files (x86)\VMware\VMware Player\hqtray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe D:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe D:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe mRun: [screenPrint32] "C:\Program Files (x86)\ScreenPrint32 v3\ScreenPrint32.exe" -startup mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe mRun: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe mRun: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "D:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F70E25AF-7BD4-42A4-8C65-F3CD83711133} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB-X64: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File mRun-x64: [screenPrint32] "C:\Program Files (x86)\ScreenPrint32 v3\ScreenPrint32.exe" -startup mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun-x64: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe mRun-x64: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe mRun-x64: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe mRun-x64: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun-x64: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "D:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys --> C:\Windows\system32\DRIVERS\VBoxDrv.sys [?] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys --> C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [?] R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-7-17 14904] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-25 189736] R2 MBAMService;MBAMService;D:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-20 652360] R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168] R2 vmci;VMware vmci;\??\C:\Windows\system32\drivers\vmci.sys --> C:\Windows\system32\drivers\vmci.sys [?] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys --> C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [?] R3 VBoxNetFlt;VBoxNetFlt Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys --> C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-7-17 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-7-17 79360] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-9-4 89920] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688] . =============== Created Last 30 ================ . 2012-02-22 02:45:29 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-22 01:24:36 -------- d-----w- C:\Program Files (x86)\RegZooka 2012-02-22 00:47:06 -------- d-----w- C:\Windows\SysWow64\vi-VN 2012-02-22 00:47:06 -------- d-----w- C:\Windows\SysWow64\eu-ES 2012-02-22 00:47:06 -------- d-----w- C:\Windows\SysWow64\ca-ES 2012-02-22 00:47:06 -------- d-----w- C:\Windows\System32\vi-VN 2012-02-22 00:47:06 -------- d-----w- C:\Windows\System32\eu-ES 2012-02-22 00:47:06 -------- d-----w- C:\Windows\System32\ca-ES 2012-02-21 04:36:00 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9336D4A8-EB7C-4275-AD91-7BDB1081D460}\mpengine.dll 2012-02-21 04:32:48 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-02-20 01:16:49 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-19 01:07:41 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-19 01:07:40 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F4299BE0-E446-4848-9AB9-9C9504A0F938}\gapaengine.dll 2012-02-19 00:41:29 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-02-19 00:40:36 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-02-19 00:39:49 345984 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-02-18 03:34:55 8602168 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9172ECCE-7906-4C17-B9A0-62A8D58A6C4E}\mpengine.dll 2012-01-31 15:28:12 -------- d-----w- C:\Program Files\iPod 2012-01-31 15:28:03 -------- d-----w- C:\Program Files\iTunes 2012-01-31 15:28:03 -------- d-----w- C:\Program Files (x86)\iTunes 2012-01-27 15:22:35 -------- d-----w- C:\Users\Krazyed\AppData\Roaming\JasonRobitaille 2012-01-27 15:22:19 -------- d-----w- C:\Program Files\Palm, Inc . ==================== Find3M ==================== . 2012-02-22 02:33:27 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe 2011-12-03 02:33:24 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2009-11-24 21:56:36 16508584 ----a-w- C:\Program Files\x-video-converter-platinum-cnet.exe 2009-09-23 19:16:27 1521893 ----a-w- C:\Program Files\winrar-x64-390.exe . ============= FINISH: 21:01:33.66 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.