Jump to content

mlww2usa

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

 Content Type 

Everything posted by mlww2usa

  1. mlww2usa
    Maniac, The system is running much better then it was last weekend. I have confirmed that Malewarebytes no longer can find the trojan and I have also installed MS security essentials for additional AV help. It looks like everything is cleared up as the Firewall is now back and I can configure as needed. I think we are good to go if you agree.......
  2. mlww2usa
    Maniac, I took your text values and added to notepad and dropped the txt file onto Combofix. Here is the latest Combofix log as requested..... ComboFix 12-06-05.03 - Matt 06/07/2012 20:25:49.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4095.2818 [GMT -4:00] Running from: c:\users\Matt\Desktop\Maleware fix\ComboFix.exe Command switches used :: c:\users\Matt\Desktop\Maleware fix\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys --> c:\windows\System32\drivers\afd.sys c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys --> c:\windows\System32\drivers\tcpip.sys . ((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 ))))))))))))))))))))))))))))))) . . 2012-06-08 00:33 . 2012-06-08 00:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-08 00:25 . 2011-12-28 03:59 498688 ----a-w- c:\windows\SysWow64\drivers\afd.sys 2012-06-08 00:25 . 2009-07-14 01:45 1898576 ----a-w- c:\windows\SysWow64\drivers\tcpip.sys 2012-06-07 14:56 . 2012-05-08 14:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF415FE9-174C-4BCF-AB87-540B85CC26D2}\mpengine.dll 2012-06-06 00:20 . 2012-05-08 14:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-03 03:01 . 2012-06-03 03:01 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11016DAD-196D-4DC1-B2DD-B6B4D4499279}\gapaengine.dll 2012-06-03 02:56 . 2012-06-03 02:56 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-06-03 02:56 . 2012-06-03 02:56 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-03 02:56 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys 2012-06-02 16:40 . 2012-06-02 16:40 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-02 16:40 . 2012-06-02 16:40 -------- d-----w- c:\windows\system32\Macromed 2012-06-01 18:05 . 2012-06-01 19:51 -------- d-----w- c:\users\Matt\AppData\Roaming\wargaming.net 2012-06-01 18:05 . 2012-06-01 18:05 -------- d--h--w- c:\windows\msdownld.tmp 2012-06-01 18:05 . 2012-06-01 18:05 -------- d-----w- C:\Games 2012-05-30 00:49 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACA6B8E3-B2BB-48CF-9857-F089CFDB2ECE}\mpengine.dll 2012-05-25 20:27 . 2012-05-28 18:07 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-05-25 20:24 . 2012-05-25 20:24 -------- d-----w- c:\users\Matt\AppData\Local\PunkBuster 2012-05-25 20:24 . 2012-05-25 20:24 -------- d-----w- c:\users\Matt\AppData\Local\CrashRpt 2012-05-25 20:23 . 2012-05-25 20:23 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls 2012-05-19 22:58 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-19 22:58 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-19 22:58 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-19 22:58 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys 2012-05-19 22:58 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-19 22:58 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-19 22:58 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-19 22:58 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-19 22:58 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-19 22:58 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-14 02:24 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll 2012-05-14 02:24 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-14 02:24 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-14 02:24 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-14 02:24 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-14 02:24 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-05-14 02:24 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-14 02:24 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-05-14 02:24 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-05-14 02:24 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-05-11 01:26 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-02 16:40 . 2011-06-19 20:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-28 18:07 . 2012-02-20 19:39 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-05-28 01:49 . 2012-02-20 19:39 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-05-27 19:18 . 2012-02-20 19:39 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-04-04 19:56 . 2010-03-08 23:17 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-05_23.15.17 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-27 02:31 . 2012-06-08 00:37 40448 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-08 00:37 29392 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-02-27 02:11 . 2012-06-08 00:37 18902 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2622963059-1466397820-2052336788-1000_UserData.bin - 2010-02-26 20:59 . 2012-06-05 16:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-26 20:59 . 2012-06-06 20:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-02-26 20:59 . 2012-06-05 16:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-02-26 20:59 . 2012-06-06 20:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-06 20:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-05 16:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-06-06 00:20 72456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2010-02-27 03:47 . 2012-06-04 02:41 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2010-02-27 03:47 . 2012-06-07 00:44 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2010-02-27 03:47 . 2012-06-04 02:41 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2010-02-27 03:47 . 2012-06-07 00:44 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2010-02-27 03:47 . 2012-06-07 00:44 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2010-02-27 03:47 . 2012-06-04 02:41 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2012-06-08 00:35 . 2012-06-08 00:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-05 23:14 . 2012-06-05 23:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-05 23:14 . 2012-06-05 23:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-06-08 00:35 . 2012-06-08 00:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-06-03 03:06 626340 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-08 00:31 626340 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-08 00:31 110352 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-06-03 03:06 110352 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-06-05 23:14 388316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-08 00:34 388316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-02-27 03:47 . 2012-06-04 02:41 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2010-02-27 03:47 . 2012-06-07 00:44 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2010-02-27 03:47 . 2012-06-07 00:44 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2010-02-27 03:47 . 2012-06-04 02:41 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2010-02-27 03:47 . 2012-06-04 02:41 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2010-02-27 03:47 . 2012-06-07 00:44 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2010-02-27 03:47 . 2012-06-07 00:44 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2010-02-27 03:47 . 2012-06-04 02:41 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2010-02-27 03:47 . 2012-06-07 00:44 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2010-02-27 03:47 . 2012-06-04 02:41 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2010-02-27 03:47 . 2012-06-04 02:41 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2010-02-27 03:47 . 2012-06-07 00:44 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2010-02-27 03:47 . 2012-06-07 00:44 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2010-02-27 03:47 . 2012-06-04 02:41 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2012-04-30 18:38 . 2012-04-30 18:38 5011456 c:\windows\Installer\2e768b.msp - 2010-02-27 03:47 . 2012-06-04 02:41 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2010-02-27 03:47 . 2012-06-07 00:44 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2010-02-27 03:47 . 2012-06-04 02:41 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2010-02-27 03:47 . 2012-06-07 00:44 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2009-07-14 02:34 . 2012-06-08 00:21 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34 . 2012-06-05 23:10 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat + 2011-04-10 22:47 . 2012-06-08 00:34 33764040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2622963059-1466397820-2052336788-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-25 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-29 32768] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ hp psc 2000 Series.lnk - c:\program files (x86)\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2004-6-16 323646] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.swagbucks.com/?cmd=home mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.0.1 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2622963059-1466397820-2052336788-1000\Software\SecuROM\License information*] "datasecu"=hex:5c,2c,9e,39,d6,ed,17,10,56,ab,bb,cb,73,ae,20,54,9b,55,64,fa,02, e5,e9,ee,98,a2,dd,88,7e,4d,99,7a,87,6e,8d,1b,8f,52,90,62,72,59,40,9f,68,6d,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\SysWOW64\IoctlSvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe . ************************************************************************** . Completion time: 2012-06-07 20:42:17 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-08 00:42 . Pre-Run: 371,687,411,712 bytes free Post-Run: 371,520,974,848 bytes free . - - End Of File - - 9A2CEBFC8526BBD0A14A64EC78AFADE2
  3. mlww2usa
    Maniac, Just to let you know after I ran Combofix, the Windows Firewall became active again and I can now turn it on or off accordingly. Its on currently.
  4. mlww2usa
    Maniac, Here are the additional FARBAR logs.... Farbar Service Scanner Version: 05-06-2012 Ran by Matt (administrator) on 06-06-2012 at 19:59:54 Microsoft Windows 7 Ultimate (X64) ************************************************ ======== Search: "afd.sys" ========= C:\Windows\System32\drivers\afd.sys [2012-02-14 16:07] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys [2012-02-14 16:07] - [2011-12-28 00:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011-06-18 19:55] - [2011-04-24 23:09] - 0499200 ____A (Microsoft Corporation) F4AD06143EAC303F55D0E86C40802976 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys [2012-02-14 16:07] - [2011-12-27 23:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011-06-18 19:55] - [2011-04-24 22:34] - 0499200 ____A (Microsoft Corporation) D5B031C308A409A0A576BFF4CF083D30 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys [2012-02-14 16:07] - [2011-12-28 00:01] - 0499200 ____A (Microsoft Corporation) CCA39961E76B491DDF44B1E90FC8971D C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys [2011-06-18 19:55] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) FBFF8B7C9D116229E9208A0D1CAEB49B C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys [2012-02-14 16:07] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2011-06-18 19:55] - [2011-04-24 22:44] - 0499712 ____A (Microsoft Corporation) 6EF20DDF3172E97D69F596FB90602F29 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2009-07-13 19:21] - [2009-07-13 19:21] - 0500224 ____A (Microsoft Corporation) B9384E03479D2506BC924C16A3DB87BC ====== End Of Search ====== Farbar Service Scanner Version: 05-06-2012 Ran by Matt (administrator) on 06-06-2012 at 20:06:26 Microsoft Windows 7 Ultimate (X64) ************************************************ ======== Search: "mpssvc.dll" ========= C:\Windows\System32\MPSSVC.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 ====== End Of Search ====== Farbar Service Scanner Version: 05-06-2012 Ran by Matt (administrator) on 06-06-2012 at 20:07:08 Microsoft Windows 7 Ultimate (X64) ************************************************ ======== Search: "SDRSVC.dll" ========= C:\Windows\System32\sdrsvc.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 ====== End Of Search ====== Farbar Service Scanner Version: 05-06-2012 Ran by Matt (administrator) on 06-06-2012 at 20:05:10 Microsoft Windows 7 Ultimate (X64) ************************************************ ======== Search: "tcpip.sys" ========= C:\Windows\System32\drivers\tcpip.sys [2012-05-19 18:58] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys [2012-05-19 18:58] - [2012-03-30 06:26] - 1901424 ____A (Microsoft Corporation) 885B202006EE17AE99B9FBCEC9AF88C9 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys [2011-11-16 23:07] - [2011-09-29 13:41] - 1912176 ____A (Microsoft Corporation) 3810F06A4D74A7D62641EE73D6B3C660 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys [2011-08-09 19:20] - [2011-06-21 02:20] - 1914752 ____A (Microsoft Corporation) A0EB71E0DC047C7CC95CD6AB4036296E C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys [2011-06-18 19:55] - [2011-04-25 02:16] - 1927552 ____A (Microsoft Corporation) B77977AEB2FF159D01DB08A309989C5F C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys [2012-05-19 18:58] - [2012-03-30 07:35] - 1918320 ____A (Microsoft Corporation) ACB82BDA8F46C84F465C1AFA517DC4B9 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys [2011-11-16 23:07] - [2011-09-29 12:29] - 1923952 ____A (Microsoft Corporation) FC62769E7BFF2896035AEED399108162 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys [2011-08-09 19:20] - [2011-06-21 02:34] - 1923968 ____A (Microsoft Corporation) F0E98C00A09FDF791525829A1D14240F C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys [2011-06-18 19:55] - [2011-04-25 01:33] - 1923968 ____A (Microsoft Corporation) 92CE29D95AC9DD2D0EE9061D551BA250 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys [2012-05-19 18:58] - [2012-03-30 06:19] - 1877872 ____A (Microsoft Corporation) 5EFD096DEF47F8B88EF591DA92143440 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys [2011-11-16 23:07] - [2011-09-29 12:17] - 1886064 ____A (Microsoft Corporation) AC3E29880DB5659532A1AA3439304A43 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys [2011-08-09 19:20] - [2011-06-21 02:16] - 1888128 ____A (Microsoft Corporation) 5279D4DD69C7C71524B8E7A5746D15CC C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys [2011-06-18 19:55] - [2011-04-25 01:28] - 1893248 ____A (Microsoft Corporation) 1F748D5439B65E0BEBD92F65048F030D C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys [2010-08-15 20:55] - [2010-06-14 02:39] - 1889152 ____A (Microsoft Corporation) 542C6767C68C9D6AAACA59436B0D15C2 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys [2012-06-02 22:56] - [2010-04-09 03:56] - 1892232 ____A (Microsoft Corporation) A9C0F786AC1F736891D05CE0A1D29DEB C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20496_none_0f92d122993c1caf\tcpip.sys [2009-08-20 19:20] - [2009-08-20 19:20] - 1898584 ____A (Microsoft Corporation) 6DECEB05E65970699E24F0E6BB9D6DD8 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys [2012-05-19 18:58] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys [2011-11-16 23:07] - [2011-09-29 12:24] - 1897328 ____A (Microsoft Corporation) F18F56EFC0BFB9C87BA01C37B27F4DA5 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys [2011-08-09 19:20] - [2011-06-21 02:27] - 1896832 ____A (Microsoft Corporation) B9D87C7707F058AC652A398CD28DE14B C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys [2011-06-18 19:55] - [2011-04-25 01:32] - 1896832 ____A (Microsoft Corporation) 61DC720BB065D607D5823F13D2A64321 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys [2010-08-15 20:55] - [2010-06-14 02:37] - 1896832 ____A (Microsoft Corporation) 90A2D722CF64D911879D6C4A4F802A4D C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys [2012-06-02 22:56] - [2010-04-09 07:06] - 1898376 ____A (Microsoft Corporation) 7FC877A25796D8ADF539E64703FCA7E1 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16400_none_0f6483cd7fdae689\tcpip.sys [2009-08-20 19:20] - [2009-08-20 19:20] - 1898568 ____A (Microsoft Corporation) BDD634B4C9CE26884812E29DDC5AF5B8 C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys [2009-07-13 19:25] - [2009-07-13 21:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1 C:\Windows\ERDNT\cache64\tcpip.sys [2012-06-05 19:20] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 ====== End Of Search ====== Farbar Service Scanner Version: 05-06-2012 Ran by Matt (administrator) on 06-06-2012 at 20:07:52 Microsoft Windows 7 Ultimate (X64) ************************************************ ======== Search: "wuaueng.dll" ========= C:\Windows\System32\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 ====== End Of Search ======
  5. mlww2usa
    Maniac, I was able to run both programs without issue logs provided below...... ComboFix 12-06-05.03 - Matt 06/05/2012 19:06:32.1.4 - x64 Running from: c:\users\Matt\Desktop\Maleware fix\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk c:\users\Matt\AppData\Roaming\inst.exe c:\windows\SysWow64\avisynth.dll c:\windows\SysWow64\devil.dll . . ((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 ))))))))))))))))))))))))))))))) . . 2012-06-05 23:13 . 2012-06-05 23:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-05 00:08 . 2012-05-08 14:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{999A393D-51C6-4F3A-87B1-217E0C4CE940}\mpengine.dll 2012-06-03 16:19 . 2012-05-08 14:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-03 03:01 . 2012-06-03 03:01 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11016DAD-196D-4DC1-B2DD-B6B4D4499279}\gapaengine.dll 2012-06-03 02:56 . 2012-06-03 02:56 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-06-03 02:56 . 2012-06-03 02:56 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-03 02:56 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys 2012-06-02 16:40 . 2012-06-02 16:40 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-02 16:40 . 2012-06-02 16:40 -------- d-----w- c:\windows\system32\Macromed 2012-06-01 18:05 . 2012-06-01 19:51 -------- d-----w- c:\users\Matt\AppData\Roaming\wargaming.net 2012-06-01 18:05 . 2012-06-01 18:05 -------- d--h--w- c:\windows\msdownld.tmp 2012-06-01 18:05 . 2012-06-01 18:05 -------- d-----w- C:\Games 2012-05-30 00:49 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACA6B8E3-B2BB-48CF-9857-F089CFDB2ECE}\mpengine.dll 2012-05-25 20:27 . 2012-05-28 18:07 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-05-25 20:24 . 2012-05-25 20:24 -------- d-----w- c:\users\Matt\AppData\Local\PunkBuster 2012-05-25 20:24 . 2012-05-25 20:24 -------- d-----w- c:\users\Matt\AppData\Local\CrashRpt 2012-05-25 20:23 . 2012-05-25 20:23 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls 2012-05-19 22:58 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-19 22:58 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-19 22:58 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-19 22:58 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys 2012-05-19 22:58 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-19 22:58 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-19 22:58 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-19 22:58 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-19 22:58 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-19 22:58 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-14 02:24 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll 2012-05-14 02:24 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-14 02:24 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-14 02:24 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-14 02:24 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-14 02:24 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-05-14 02:24 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-14 02:24 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-05-14 02:24 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-05-14 02:24 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-05-11 01:26 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-02 16:40 . 2011-06-19 20:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-28 18:07 . 2012-02-20 19:39 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-05-28 01:49 . 2012-02-20 19:39 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-05-27 19:18 . 2012-02-20 19:39 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-04-04 19:56 . 2010-03-08 23:17 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-25 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-29 32768] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ hp psc 2000 Series.lnk - c:\program files (x86)\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2004-6-16 323646] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - IPNAT *NewlyCreated* - NISDRV *NewlyCreated* - WS2IFSL . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.swagbucks.com/?cmd=home mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.0.1 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2622963059-1466397820-2052336788-1000\Software\SecuROM\License information*] "datasecu"=hex:5c,2c,9e,39,d6,ed,17,10,56,ab,bb,cb,73,ae,20,54,9b,55,64,fa,02, e5,e9,ee,98,a2,dd,88,7e,4d,99,7a,87,6e,8d,1b,8f,52,90,62,72,59,40,9f,68,6d,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\SysWOW64\IoctlSvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe . ************************************************************************** . Completion time: 2012-06-05 19:21:39 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-05 23:21 . Pre-Run: 370,953,732,096 bytes free Post-Run: 370,838,028,288 bytes free . - - End Of File - - 617797EB13A2DA9C23B21B9733794A2E Farbar Service Scanner Version: 05-06-2012 Ran by Matt (administrator) on 05-06-2012 at 19:26:25 Running from "C:\Users\Matt\Desktop\Maleware fix" Windows 7 Ultimate (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-02-14 16:07] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-05-19 18:58] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  6. mlww2usa
    HI Maniac, Thank you for taking the time to help! I havew noticed the latest MalewareBytes report shows the file is no longer listed in the report. Not sure if you can see any other issues in the logs but my Firewall still does not seem to be working. I have uploaded all the logs you requested below..... Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.04.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Matt :: MATT-PC [administrator] Protection: Enabled 6/4/2012 8:12:30 PM mbam-log-2012-06-04 (20-12-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213695 Time elapsed: 3 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-04 20:19:07 ----------------------------- 20:19:07.340 OS Version: Windows x64 6.1.7600 20:19:07.340 Number of processors: 4 586 0x1707 20:19:07.340 ComputerName: MATT-PC UserName: Matt 20:19:08.885 Initialize success 20:19:22.925 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:19:22.941 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 610480MB BusType: 8 20:19:22.941 Disk 0 MBR read successfully 20:19:22.956 Disk 0 MBR scan 20:19:22.956 Disk 0 Windows 7 default MBR code 20:19:22.956 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 597032 MB offset 63 20:19:22.972 Disk 0 scanning C:\Windows\system32\drivers 20:19:27.683 Service scanning 20:19:37.480 Modules scanning 20:19:37.480 Disk 0 trace - called modules: 20:19:37.496 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 20:19:37.496 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800530d060] 20:19:37.496 3 CLASSPNP.SYS[fffff88000dbb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ca9050] 20:19:37.496 Scan finished successfully 20:19:52.409 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\Maleware fix\MBR.dat" 20:19:52.409 The log file has been saved successfully to "C:\Users\Matt\Desktop\Maleware fix\aswMBR.txt" FARBAR Farbar Service Scanner Version: 05-06-2012 Ran by Matt (administrator) on 04-06-2012 at 20:21:03 Running from "C:\Users\Matt\Desktop\Maleware fix" Windows 7 Ultimate (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-02-14 16:07] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-05-19 18:58] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** DDS LOG . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Matt at 20:22:27 on 2012-06-04 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.swagbucks.com/?cmd=home uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPPSC2~1.LNK - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPODDT~1.LNK - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{014E09BE-D95D-44E9-B97C-5D5C861EDB87} : DhcpNameServer = 10.0.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-06-05 00:08:43 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{999A393D-51C6-4F3A-87B1-217E0C4CE940}\mpengine.dll 2012-06-03 16:19:25 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-03 03:01:48 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{11016DAD-196D-4DC1-B2DD-B6B4D4499279}\gapaengine.dll 2012-06-03 02:56:23 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-06-03 02:56:18 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-06-03 02:56:00 374664 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-06-02 16:40:38 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-01 18:05:40 -------- d-----w- C:\Users\Matt\AppData\Roaming\wargaming.net 2012-06-01 18:05:28 -------- d--h--w- C:\Windows\msdownld.tmp 2012-06-01 18:05:28 -------- d-----w- C:\Windows\SysWow64\directx 2012-06-01 18:05:27 -------- d-----w- C:\Games 2012-05-30 00:49:09 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ACA6B8E3-B2BB-48CF-9857-F089CFDB2ECE}\mpengine.dll 2012-05-25 20:27:08 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-05-25 20:24:37 -------- d-----w- C:\Users\Matt\AppData\Local\PunkBuster 2012-05-25 20:24:37 -------- d-----w- C:\Users\Matt\AppData\Local\CrashRpt 2012-05-25 20:23:41 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls 2012-05-19 22:58:37 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-19 22:58:36 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-19 22:58:36 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-19 22:58:35 3143680 ----a-w- C:\Windows\System32\win32k.sys 2012-05-19 22:58:34 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-19 22:58:34 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-19 22:58:34 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-19 22:58:34 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-19 22:58:34 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-19 22:58:33 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-14 02:24:46 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-05-14 02:24:46 1541120 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-14 02:24:45 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-05-14 02:24:45 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-05-14 02:24:45 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-05-14 02:24:45 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-05-14 02:24:45 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-05-14 02:24:45 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-05-14 02:24:45 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-05-14 02:24:45 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-11 01:26:36 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys . ==================== Find3M ==================== . 2012-06-02 16:40:38 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-28 18:07:54 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-05-28 01:49:43 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-05-27 19:18:20 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys . ============= FINISH: 20:23:15.38 =============== Attach.zip
  7. mlww2usa
    Hello, I was a recent reciepient of this wonderful little bugger. I have tried to wipe out with Malewarebytes and used Microsoft AV no luck. I have noticed that after this hit I no longer have control of MS Firewall or Windows Defender. Looks like it damaged or removed the services. Appreciate any help!!! I have attached the logs below for DDS and Malewarebytes...... Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.02.06 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Matt :: MATT-PC [administrator] 6/2/2012 8:39:10 PM mbam-log-2012-06-02 (20-39-10).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 548326 Time elapsed: 1 hour(s), 5 minute(s), 27 second(s) Memory Processes Detected: 1 C:\Users\Matt\AppData\Local\hlqxfs.exe (Trojan.Agent) -> 3064 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Users\Matt\AppData\Local\hlqxfs.exe (Trojan.Agent) -> Delete on reboot. C:\Program Files (x86)\Bethesda Softworks\Star Trek Legacy\BatchFilesUU.exe (Adware.Onlinegames) -> Quarantined and deleted successfully. C:\Program Files (x86)\FREEzeFlip\bin\1.0.4.0\LaunchHelp.dll (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Windows\Installer\{24c91c19-2c95-4982-c16d-d1be8ce9f70a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end) DDS.TXT . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Matt at 11:45:33 on 2012-06-03 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.swagbucks.com/?cmd=home uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPPSC2~1.LNK - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPODDT~1.LNK - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{014E09BE-D95D-44E9-B97C-5D5C861EDB87} : DhcpNameServer = 10.0.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-06-03 03:01:48 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{11016DAD-196D-4DC1-B2DD-B6B4D4499279}\gapaengine.dll 2012-06-03 03:01:45 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{48B45165-E834-4CBC-BBC0-0D675C8E0CC5}\mpengine.dll 2012-06-03 02:56:23 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-06-03 02:56:18 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-06-03 02:56:00 374664 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-06-02 16:40:38 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-01 18:05:40 -------- d-----w- C:\Users\Matt\AppData\Roaming\wargaming.net 2012-06-01 18:05:28 -------- d--h--w- C:\Windows\msdownld.tmp 2012-06-01 18:05:28 -------- d-----w- C:\Windows\SysWow64\directx 2012-06-01 18:05:27 -------- d-----w- C:\Games 2012-05-30 00:49:09 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ACA6B8E3-B2BB-48CF-9857-F089CFDB2ECE}\mpengine.dll 2012-05-25 20:27:08 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-05-25 20:24:37 -------- d-----w- C:\Users\Matt\AppData\Local\PunkBuster 2012-05-25 20:24:37 -------- d-----w- C:\Users\Matt\AppData\Local\CrashRpt 2012-05-25 20:23:41 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls 2012-05-19 22:58:37 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-19 22:58:36 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-19 22:58:36 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-19 22:58:35 3143680 ----a-w- C:\Windows\System32\win32k.sys 2012-05-19 22:58:34 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-19 22:58:34 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-19 22:58:34 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-19 22:58:34 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-19 22:58:34 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-19 22:58:33 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-14 02:24:46 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-05-14 02:24:46 1541120 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-14 02:24:45 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-05-14 02:24:45 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-05-14 02:24:45 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-05-14 02:24:45 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-05-14 02:24:45 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-05-14 02:24:45 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-05-14 02:24:45 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-05-14 02:24:45 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-11 01:26:36 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys . ==================== Find3M ==================== . 2012-06-02 16:40:38 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-28 18:07:54 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-05-28 01:49:43 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-05-27 19:18:20 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys . ============= FINISH: 11:46:08.37 =============== Attach.TXT . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 1ClickDownload Activision® Adobe Flash Player 10 Plugin Adobe Reader 9.5.1 Agricultural Simulator 2011 Amazon MP3 Downloader 1.0.10 Apple Application Support Apple Software Update ARMA 2: Free AviSynth 2.5 CCleaner Coupon Printer for Windows DivX Setup DVDFab 6.0.7.0 (18/09/2009) Empire: Total War Enigma: Rising Tide International GOLD Edition Hearts of Iron 2 HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp psc 2170 series hp psc 2170 series ImgBurn IsoBuster 2.8.5 Java Auto Updater Java 6 Update 29 John Tiller's Campaign Series Malwarebytes Anti-Malware version 1.61.0.1400 Medieval II: Total War Medieval II: Total War Kingdoms Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MKVtoolnix 5.0.1 Mount & Blade: With Fire and Sword MSVC80_x86 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Napoleon: Total War Naval War: Arctic Circle Demo Nero 8 neroxml NVIDIA 3D Vision Controller Driver NVIDIA PhysX NVIDIA Stereoscopic 3D Driver PC Connectivity Solution PowerDirector Express PowerDVD PowerProducer PT Boats: Knights of The Sea PunkBuster Services QuickPar 0.9 QuickTime Realtek High Definition Audio Driver Red Orchestra 2: Heroes of Stalingrad Roblox Rome: Total War - Alexander Rome: Total War Gold Edition Safari Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Sniper Elite V2 Demo SpeedFan (remove only) SPORE™ Star Trek Legacy Star Trek Online Steam The Operational Art of War: Century of Warfare Tom Clancy's Splinter Cell Total War: SHOGUN 2 Transformers - War for Cybertron Universal Extractor 1.6 VC80CRTRedist - 8.0.50727.6195 VCRedistSetup Veetle TV 0.9.18 Videora Xbox 360 Converter 6 VLC media player 1.0.1 Wargame: European Escalation Win7codecs Wolfenstein World of Warplanes Xvid 1.1.3 final uninstall YouTube Downloader App 3.00 . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.