funkycam

pm-ed

here it is: ComboFix 12-06-19.03 - Cam 06/19/2012 15:51:53.4.4 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3318.1924 [GMT -7:00] Running from: c:\users\Cam\Downloads\ComboFix.exe Command switches used :: c:\users\Cam\Downloads\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Cam\czw1tgmahe.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))))) . . 2012-06-19 23:00 . 2012-06-19 23:01 -------- d-----w- c:\users\Cam\AppData\Local\temp 2012-06-19 23:00 . 2012-06-19 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-19 22:46 . 2012-06-19 22:46 -------- d-----w- c:\users\Cam\AppData\Local\Wave Systems Corp 2012-06-19 01:04 . 2012-06-19 01:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-18 23:47 . 2012-06-19 01:04 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-06-18 18:51 . 2012-06-19 01:23 -------- d-----w- c:\users\Cam\AppData\Roaming\Skype 2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----w- c:\program files\Common Files\Skype 2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----r- c:\program files\Skype 2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----w- c:\programdata\Skype 2012-06-18 13:04 . 2012-06-18 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-18 13:04 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-17 22:04 . 2012-06-17 22:04 -------- d-----w- c:\users\Cam\AppData\Roaming\Malwarebytes 2012-06-17 22:04 . 2012-06-17 22:04 -------- d-----w- c:\programdata\Malwarebytes 2012-06-17 07:23 . 2012-06-17 07:23 -------- d-----w- c:\program files\ESET 2012-06-16 23:01 . 2012-06-17 07:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-16 23:01 . 2012-06-16 23:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-06-16 17:39 . 2012-06-16 17:39 -------- d-----w- c:\users\Cam\AppData\Roaming\TuneUp Software 2012-06-16 17:38 . 2012-06-16 17:40 -------- d-----w- c:\programdata\TuneUp Software 2012-06-16 17:38 . 2012-06-16 17:38 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-06-16 17:38 . 2012-06-16 17:38 -------- d--h--w- c:\programdata\Common Files 2012-06-16 17:35 . 2012-06-16 17:35 -------- d-----w- c:\program files\iPod 2012-06-16 17:33 . 2012-06-16 17:33 -------- d-----w- c:\program files\Bonjour 2012-06-16 17:08 . 2012-06-16 17:08 -------- d-----w- c:\program files\Apple Software Update 2012-06-15 23:50 . 2012-06-15 23:50 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-06-15 21:49 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ABC293-0507-4704-A92D-546A51BCE0DA}\mpengine.dll 2012-06-14 20:29 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-13 13:33 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 13:33 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 13:33 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 13:33 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 13:33 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 13:33 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 13:33 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 13:33 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 13:33 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 13:33 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 05:05 . 2012-02-11 01:36 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C90A9F6-57E5-4D49-A4D3-D046BE466F16}\gapaengine.dll 2012-06-09 00:47 . 2012-06-09 00:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-01 14:06 . 2012-06-01 14:06 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin 2012-05-31 18:45 . 2012-05-31 18:45 -------- d-----w- c:\users\Cam\AppData\Local\webkit 2012-05-31 01:14 . 2012-05-31 01:14 -------- d-----w- c:\users\Cam\AppData\Local\fontconfig 2012-05-31 01:14 . 2012-05-31 19:38 -------- d-----w- c:\users\Cam\.gimp-2.8 2012-05-31 01:14 . 2012-05-31 01:14 -------- d-----w- c:\users\Cam\AppData\Local\gegl-0.2 2012-05-31 01:06 . 2012-05-31 01:07 -------- d-----w- c:\program files\GIMP 2 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-19 22:05 . 2011-03-14 21:34 0 ----a-w- c:\users\Cam\AppData\Local\WavXMapDrive.bat 2012-06-09 00:47 . 2011-05-18 19:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-31 04:39 . 2012-05-10 03:41 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-10 03:41 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 10:23 . 2012-05-10 03:41 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-05-11 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840] "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-26 495708] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440] "DellBtrEvent"="d:\program files\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-04 147456] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-08 293992] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Cam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 828704] Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp Authentication Packages REG_MULTI_SZ msv1_0 wvauth . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Users^Cam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gnotify.exe - Shortcut.lnk] path=c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gnotify.exe - Shortcut.lnk backup=c:\windows\pss\gnotify.exe - Shortcut.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-06-08 02:17 17425072 ----a-r- c:\program files\Skype\Phone\Skype.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 243712] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6016] R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] S1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.1\dvmio.sys [2010-05-04 18320] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-26 81920] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 948736] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 102672] S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448] S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040] S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464] S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-09-19 87368] S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-01-11 274472] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576] S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-10-30 33832] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2011-07-20 268968] . . --- Other Services/Drivers In Memory --- . *Deregistered* - TmFilter *Deregistered* - VSApiNt . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:46] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = 192.168.*.*;*.local TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-czw1tgmahe - c:\users\Cam\czw1tgmahe.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(672) c:\windows\system32\wvauth.DLL c:\program files\Wave Systems Corp\Common\CryptoManager.dll c:\windows\system32\tcg15.dll c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll c:\windows\system32\wclient14.dll c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll . Completion time: 2012-06-19 16:02:31 ComboFix-quarantined-files.txt 2012-06-19 23:02 ComboFix2.txt 2012-06-19 22:15 . Pre-Run: 68,937,404,416 bytes free Post-Run: 68,749,496,320 bytes free . - - End Of File - - 5806640F5C64F54726FB37F398FF9391

combofix kept freezing about 2/3rds of the way into installing. Eventually I left it for hours & it installed, restarted & then took around 4 hours to run & finish. here is the log ComboFix 12-06-19.03 - Cam 06/19/2012 12:28:42.3.4 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3318.2568 [GMT -7:00] Running from: c:\users\Cam\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\fd17601b57783611.sys . Infected copy of c:\windows\system32\Drivers\Volsnap.sys was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy3_!Windows!System32!drivers!volsnap.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_fd17601b57783611 -------\Service_fd17601b57783611 . . ((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))))) . . 2012-06-19 20:26 . 2012-06-19 22:06 -------- d-----w- c:\users\Cam\AppData\Local\temp 2012-06-19 20:26 . 2012-06-19 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-19 01:04 . 2012-06-19 01:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-18 23:47 . 2012-06-19 01:04 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-06-18 18:51 . 2012-06-19 01:23 -------- d-----w- c:\users\Cam\AppData\Roaming\Skype 2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----w- c:\program files\Common Files\Skype 2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----r- c:\program files\Skype 2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----w- c:\programdata\Skype 2012-06-18 13:04 . 2012-06-18 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-18 13:04 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-17 22:04 . 2012-06-17 22:04 -------- d-----w- c:\users\Cam\AppData\Roaming\Malwarebytes 2012-06-17 22:04 . 2012-06-17 22:04 -------- d-----w- c:\programdata\Malwarebytes 2012-06-17 07:23 . 2012-06-17 07:23 -------- d-----w- c:\program files\ESET 2012-06-16 23:01 . 2012-06-17 07:14 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-16 23:01 . 2012-06-16 23:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-06-16 17:39 . 2012-06-16 17:39 -------- d-----w- c:\users\Cam\AppData\Roaming\TuneUp Software 2012-06-16 17:38 . 2012-06-16 17:40 -------- d-----w- c:\programdata\TuneUp Software 2012-06-16 17:38 . 2012-06-16 17:38 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-06-16 17:38 . 2012-06-16 17:38 -------- d--h--w- c:\programdata\Common Files 2012-06-16 17:35 . 2012-06-16 17:35 -------- d-----w- c:\program files\iPod 2012-06-16 17:33 . 2012-06-16 17:33 -------- d-----w- c:\program files\Bonjour 2012-06-16 17:08 . 2012-06-16 17:08 -------- d-----w- c:\program files\Apple Software Update 2012-06-15 23:50 . 2012-06-15 23:50 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-06-15 23:40 . 2012-06-15 23:40 34304 ----a-w- c:\users\Cam\czw1tgmahe.exe 2012-06-15 21:49 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ABC293-0507-4704-A92D-546A51BCE0DA}\mpengine.dll 2012-06-14 20:29 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-13 13:33 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 13:33 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 13:33 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 13:33 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 13:33 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 05:05 . 2012-02-11 01:36 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C90A9F6-57E5-4D49-A4D3-D046BE466F16}\gapaengine.dll 2012-06-09 00:47 . 2012-06-09 00:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-01 14:06 . 2012-06-01 14:06 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin 2012-05-31 18:45 . 2012-05-31 18:45 -------- d-----w- c:\users\Cam\AppData\Local\webkit 2012-05-31 01:14 . 2012-05-31 01:14 -------- d-----w- c:\users\Cam\AppData\Local\fontconfig 2012-05-31 01:14 . 2012-05-31 19:38 -------- d-----w- c:\users\Cam\.gimp-2.8 2012-05-31 01:14 . 2012-05-31 01:14 -------- d-----w- c:\users\Cam\AppData\Local\gegl-0.2 2012-05-31 01:06 . 2012-05-31 01:07 -------- d-----w- c:\program files\GIMP 2 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-19 22:05 . 2011-03-14 21:34 0 ----a-w- c:\users\Cam\AppData\Local\WavXMapDrive.bat 2012-06-09 00:47 . 2011-05-18 19:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-17 22:35 . 2012-06-14 10:02 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 01:05 . 2012-06-13 13:33 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-05-01 04:44 . 2012-06-13 13:33 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-04-26 04:45 . 2012-06-13 13:33 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 04:45 . 2012-06-13 13:33 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 04:41 . 2012-06-13 13:33 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-31 04:39 . 2012-05-10 03:41 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-10 03:41 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 10:23 . 2012-05-10 03:41 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-05-11 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1099088] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840] "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-26 495708] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440] "DellBtrEvent"="d:\program files\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-04 147456] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-08 293992] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Cam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 828704] Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp Authentication Packages REG_MULTI_SZ msv1_0 wvauth . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Users^Cam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gnotify.exe - Shortcut.lnk] path=c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gnotify.exe - Shortcut.lnk backup=c:\windows\pss\gnotify.exe - Shortcut.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\czw1tgmahe] 2012-06-15 23:40 34304 ----a-w- c:\users\Cam\czw1tgmahe.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-06-08 02:17 17425072 ----a-r- c:\program files\Skype\Phone\Skype.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 243712] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6016] R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] S1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.1\dvmio.sys [2010-05-04 18320] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-26 81920] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 948736] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 102672] S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448] S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040] S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464] S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-09-19 87368] S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-01-11 274472] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576] S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-10-30 33832] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2011-07-20 268968] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - TMWFP . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:46] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = 192.168.*.*;*.local TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-MsMpSvc AddRemove-{1FE1972E-3748-4B05-9B22-26515DD5AE83}_is1 - c:\programdata\Valhalla DSP AddRemove-{2475C131-DF8D-4276-85B0-A41443C6071F}_is1 - c:\programdata\Valhalla DSP . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(672) c:\windows\system32\wvauth.DLL c:\program files\Wave Systems Corp\Common\CryptoManager.dll c:\windows\system32\tcg15.dll c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll c:\windows\system32\wclient14.dll c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll . - - - - - - - > 'Explorer.exe'(6832) c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\IDT\WDM\STacSV.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\conhost.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Flux\Services\FluxB.exe c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Motorola\MotoHelper\MotoHelperService.exe c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Flux\Services\FluxA.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe c:\windows\system32\conhost.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\DellTPad\ApMsgFwd.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\DellTPad\Apntex.exe c:\windows\system32\conhost.exe c:\program files\DellTPad\HidFind.exe c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe c:\windows\system32\conhost.exe c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files\Common Files\Java\Java Update\jusched.exe c:\windows\system32\DllHost.exe c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2012-06-19 15:15:01 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-19 22:14 . Pre-Run: 14,390,034,432 bytes free Post-Run: 68,863,291,392 bytes free . - - End Of File - - B7DB3964AD882114F89DDF1F731EA997

So it tried all of the Chameleon options. some loaded, some didn't, all of those that loaded froze when scanning the folder where czw1tgmahe.exe is located. Incidentally czw1tgmahe.exe's icon has changed to an open suitcase full of money & if it is mouse overed it says GreatRollPlayer toshiba, but I am still unable to delete it.

Thanks Maniac, i am a little confused though: your first link in the above post (http://forums.malwar...18)took me to a post that said to uninstall malaware bytes in safe mode & that's why i did it. The new link you just posted describes a workaround for installing malaware bytes, but i have it installed & it runs, it just freezes after about 4 minutes when it gets to that folder i mentioned, so it's not possible to get a log.

thanks for the suggestions security essentials will not work. it is red & says "security essentials isn't monitoring your pc because the program's service stopped. You should restart it now." So settings cannot be edited. It did work prior to this problem though because it says my last scan was 6 10 12. I unistalled malawarebytes in safe mode but when i reinstalled it froze the the same place: the C\User folder where that czw1tgmahe.exe is located. re chkdsk, Computer says "you do not have sufficient rights to check this drive" when i try to do it

also system restore is disabled

found something called czw1tgmahe.exe first noticed because of audio adverts running in the back ground. it is listed on virscan : http://f.virscan.org/czw1tgmahe.exe.html cannot remove it even though I am admin. malawarebytes freezes everytime it tries to scan the folder where czw1tgmahe is located (C:\Users\myname). combo fix won't install. tend micro host is missing so windows security won'tr load. task manager won't load (says pcwum is missing but it's there) for a while the computer said it was not an authorized windows machine, but it is. Usb ports stopped working. rkill wouldn't load, then when i tried the variants it didn't stop anything running. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Cam at 17:05:21 on 2012-06-17 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3318.1838 [GMT -7:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\IDT\WDM\aestsrv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe D:\Program Files\Dell\Reader 2.1\DVMExportService.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Flux\Services\FluxB.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conhost.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Spotify\Data\SpotifyWebHelper.exe C:\Users\Cam\czw1tgmahe.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe C:\Program Files\Flux\Services\FluxA.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe C:\Windows\system32\conhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe C:\Windows\system32\conhost.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Windows\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = Preserve uInternet Settings,ProxyOverride = 192.168.*.*;*.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe" uRun: [czw1tgmahe] c:\users\cam\czw1tgmahe.exe mRun: [<NO NAME>] mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe mRun: [DellBtrEvent] d:\program files\dell\reader 2.1\DellBtrEvent.exe mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2 mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\users\cam\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\cam\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\cam\appdata\roaming\micros~1\windows\startm~1\programs\startup\gnotif~1.lnk - c:\program files\google\gmail notifier\gnotify.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{142BA2D5-FDCA-4926-B863-6249A4A5D086} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{142BA2D5-FDCA-4926-B863-6249A4A5D086}\0554544535 : DhcpNameServer = 10.128.128.128 TCP: Interfaces\{142BA2D5-FDCA-4926-B863-6249A4A5D086}\343434C4942425142595 : DhcpNameServer = 10.36.80.14 10.36.80.13 TCP: Interfaces\{F8144255-E2AC-41E8-A449-27014E063D36} : DhcpNameServer = 4.2.2.2 8.8.8.8 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll LSA: Authentication Packages = msv1_0 wvauth . ============= SERVICES / DRIVERS =============== . R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-12-12 17072] R1 DVMIO;DVMIO;d:\program files\dell\reader 2.1\dvmio.sys [2010-5-4 18320] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-12-12 81920] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2011-8-31 948736] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2011-6-3 102672] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-23 812448] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-23 27040] R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 388464] R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-9-19 87368] R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.1\DVMExportService.exe [2010-5-4 327680] R2 FluxA;FluxA;c:\program files\flux\services\FluxA.exe [2012-1-14 5588992] R2 FluxB;FluxB;c:\program files\flux\services\FluxB.exe [2012-1-14 2903040] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-12-12 13592] R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-12-12 60928] R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2012-2-1 214896] R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-12-12 59904] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472] R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056] R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-12-12 42672] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-12-12 274472] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-12 33320] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-12 144576] R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-12-12 33832] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-1-6 268968] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-12-12 125696] R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-8-3 7517696] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-4-22 139368] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064] S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-14 136176] S2 PaceLicenseDServices;PACE License Services;c:\program files\common files\pace\services\licenseservices\LDSvc.exe [2011-9-8 2932224] S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-10 230928] S2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-10 36368] S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336] S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-12 134144] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-14 136176] S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [2010-11-3 21112] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-17 40776] S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-1-25 20864] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-1-25 23808] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-12-12 48640] S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-12-12 38912] S3 rspAux;rspAux;c:\windows\system32\drivers\rspAux32.sys [2011-4-20 19000] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008] S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-15 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-06-17 23:34:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-17 22:04:51 -------- d-----w- c:\users\cam\appdata\roaming\Malwarebytes 2012-06-17 22:04:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-17 22:04:48 -------- d-----w- c:\programdata\Malwarebytes 2012-06-17 22:04:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-17 07:23:00 -------- d-----w- c:\program files\ESET 2012-06-16 23:01:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-06-16 23:01:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-16 17:39:48 -------- d-----w- c:\users\cam\appdata\roaming\TuneUp Software 2012-06-16 17:38:59 -------- d-----w- c:\programdata\TuneUp Software 2012-06-16 17:38:27 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-06-16 17:38:27 -------- d--h--w- c:\programdata\Common Files 2012-06-16 17:35:53 -------- d-----w- c:\program files\iPod 2012-06-16 17:33:32 -------- d-----w- c:\program files\Bonjour 2012-06-15 23:50:07 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-06-15 21:49:01 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e4abc293-0507-4704-a92d-546a51bce0da}\mpengine.dll 2012-06-14 20:29:37 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-06-13 13:33:45 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 13:33:42 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 13:33:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 13:33:41 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 13:33:41 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 13:33:41 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 13:33:41 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 13:33:37 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 13:33:37 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 13:33:37 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 05:05:42 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8c90a9f6-57e5-4d49-a4d3-d046be466f16}\gapaengine.dll 2012-06-09 00:47:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-01 14:06:48 163048 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10141.bin 2012-05-31 18:45:00 -------- d-----w- c:\users\cam\appdata\local\webkit 2012-05-31 01:14:13 -------- d-----w- c:\users\cam\appdata\local\fontconfig 2012-05-31 01:14:12 -------- d-----w- c:\users\cam\appdata\local\gegl-0.2 2012-05-31 01:14:12 -------- d-----w- c:\users\cam\.gimp-2.8 2012-05-31 01:06:22 -------- d-----w- c:\program files\GIMP 2 . ==================== Find3M ==================== . 2012-06-09 00:47:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-09 21:36:10 1420 ----a-w- c:\windows\system32\privatedata.dll 2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-21 03:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys . ============= FINISH: 17:09:04.18 =============== thanks! Cam Attach.txt