Jump to content

boldfin

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. It appears to be working normally. I rescanned with MBAW and MS Security Essentials, and no threats were found. I understand that there is no guarantee that the system is truly "clean", but please tell me if I should consider nuke/pave at this point.
  2. I just completed an automatic scan with the AVPTool, per your instructions. It took six hours to run the scan of my main drive. No threats were detected, so there is no Detected Threats report to post in this reply. Just to make sure, I ran another MBAW Quick Scan: Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.14.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Rob :: BOLDFIN420 [administrator] Protection: Enabled 7/14/2012 10:45:03 PM mbam-log-2012-07-14 (22-45-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 285703 Time elapsed: 9 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) What do you recommend at this point?
  3. I am back in town. I ran scans with MS Security Essentials znd MBAW, both came back with one threat each. MSSE reported a Win32 worm, which I quarantined, MBAW log is posted below. What next steps do you recommend? Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.14.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Rob :: BOLDFIN420 [administrator] Protection: Enabled 7/14/2012 12:56:05 PM mbam-log-2012-07-14 (12-56-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 280845 Time elapsed: 7 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Rob\AppData\Roaming\jullli_2012 (Stolen.Data) -> Quarantined and deleted successfully. (end)
  4. FYI - I am going to be travelling for a few days, and unable to continue th ecleaning process on this computer until I return. I appreciate your help so far, and will contact you when I return.
  5. Just ran the scan again. Log below: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251
  6. I ran the scan with ESET's online tool. It took several hours. There were a few quarantined programs, most of which I recognized as being installed by me: Uniblue Registry Booster, etc. The log.txt doesn't see to say much... ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK Is this normal?
  7. In your previous instructions, you asked me to uninstall the Ask.com Toolbar. This program was not listed under installed programs. There was a folder for it, however, in C:/program files - which I deleted. This was done yesterday. ComboFix 12-07-05.02 - Rob 07/05/2012 19:50:26.2.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.1784 [GMT -7:00] Running from: c:\users\Rob\Desktop\ComboFix.exe Command switches used :: c:\users\Rob\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 ))))))))))))))))))))))))))))))) . . 2012-07-06 03:00 . 2012-07-06 03:00 -------- d-----w- c:\users\Mcx3-BOLDFIN420\AppData\Local\temp 2012-07-06 03:00 . 2012-07-06 03:00 -------- d-----w- c:\users\Mcx2-BOLDFIN420\AppData\Local\temp 2012-07-06 03:00 . 2012-07-06 03:00 -------- d-----w- c:\users\Jennifer\AppData\Local\temp 2012-07-06 03:00 . 2012-07-06 03:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-06 03:00 . 2012-07-06 03:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-07-05 15:12 . 2012-07-06 03:00 -------- d-----w- c:\users\Rob\AppData\Local\temp 2012-07-04 22:58 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8AE3E55-479C-4BE7-A1E7-E0043E77E064}\mpengine.dll 2012-07-03 14:57 . 2012-02-10 10:28 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D91BEC-DBDE-4167-9C7A-165D901E6BFD}\gapaengine.dll 2012-07-03 14:56 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\programdata\ATI 2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\program files\AMD AVT 2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\program files\AMD APP 2012-06-23 07:44 . 2012-06-23 07:44 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-06-23 07:09 . 2012-06-30 20:36 -------- d-----w- c:\users\Rob\AppData\Local\QuickPar 2012-06-23 07:08 . 2012-06-23 07:08 -------- d-----w- c:\program files\QuickPar 2012-06-23 06:59 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 06:59 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 06:59 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 06:59 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 06:59 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-23 06:59 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 06:59 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 06:59 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 06:59 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\Newsbin 2012-06-13 22:14 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-06-13 22:14 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 22:14 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 22:14 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 22:14 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 22:14 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 03:06 . 2012-06-13 03:06 -------- d-----w- c:\program files\EaseUS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2028-06-08 23:38 . 2011-08-11 04:48 158720 ----a-w- c:\windows\system32\VPMSDU32.DLL 2012-06-23 07:44 . 2012-04-03 01:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 07:44 . 2011-06-06 15:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-27 01:22 . 2012-04-27 01:22 413696 ----a-r- c:\users\Rob\AppData\Roaming\Microsoft\Installer\{4229F016-3A60-439E-B626-DE4BD457469F}\ARPPRODUCTICON.exe 2011-03-18 17:53 . 2011-04-10 23:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-05-09 06:39 1011344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-05-09 06:39 1011344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-05-09 06:39 1011344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-10 2756608] "My Movies Tray"="c:\program files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-12-15 477392] "NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-11-20 128296] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-12-22 362432] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200] "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-05-09 1061520] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2011-2-7 603504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Users^Rob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2010-06-08 01:48 362488 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2012-04-27 16:12 6065784 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4] 2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2011-09-20 21:53 1493288 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2010-06-08 01:47 2605424 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] 2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/02/28 18:50];c:\program files\CyberLink\PowerDVD DX\000.fcl [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [x] S2 DkTahsp;OCUR SDV Service;c:\windows\system32\dktahsp.exe [x] S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [x] S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [x] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 msta;Tuning Adapter Service;c:\windows\system32\Drivers\msta.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:44] . 2012-07-06 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-04-11 18:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://sn123w.snt123.mail.live.com/default.aspx?wa=wsignin1.0 Trusted Zone: highland.com\office DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab FF - ProfilePath - c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\mz85hv77.default\ FF - prefs.js: network.proxy.type - 0 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-408190252-3311634441-3888657169-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-408190252-3311634441-3888657169-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-05 20:02:53 ComboFix-quarantined-files.txt 2012-07-06 03:02 ComboFix2.txt 2012-07-05 15:33 . Pre-Run: 388,650,045,440 bytes free Post-Run: 388,093,710,336 bytes free . - - End Of File - - 1AF48684F65612D6250FD1803BF15C11
  8. Ran ComboFix: ComboFix 12-07-05.02 - Rob 07/05/2012 8:04.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.1858 [GMT -7:00] Running from: c:\users\Rob\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Rob\AppData\Roaming\8D5595 c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check c:\users\Rob\AppData\Roaming\UseNetServ.exe c:\users\Rob\AppData\Roaming\UseServe.exe c:\users\Rob\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 ))))))))))))))))))))))))))))))) . . 2012-07-05 15:12 . 2012-07-05 15:30 -------- d-----w- c:\users\Rob\AppData\Local\temp 2012-07-05 15:12 . 2012-07-05 15:12 -------- d-----w- c:\users\Mcx3-BOLDFIN420\AppData\Local\temp 2012-07-05 15:12 . 2012-07-05 15:12 -------- d-----w- c:\users\Mcx2-BOLDFIN420\AppData\Local\temp 2012-07-05 15:12 . 2012-07-05 15:12 -------- d-----w- c:\users\Jennifer\AppData\Local\temp 2012-07-05 15:12 . 2012-07-05 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-05 14:59 . 2012-07-05 14:59 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8AE3E55-479C-4BE7-A1E7-E0043E77E064}\MpKsl405aafcf.sys 2012-07-04 22:58 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8AE3E55-479C-4BE7-A1E7-E0043E77E064}\mpengine.dll 2012-07-03 14:57 . 2012-02-10 10:28 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D91BEC-DBDE-4167-9C7A-165D901E6BFD}\gapaengine.dll 2012-07-03 14:56 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\programdata\ATI 2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\program files\AMD AVT 2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\program files\AMD APP 2012-06-23 07:44 . 2012-06-23 07:44 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-06-23 07:09 . 2012-06-30 20:36 -------- d-----w- c:\users\Rob\AppData\Local\QuickPar 2012-06-23 07:08 . 2012-06-23 07:08 -------- d-----w- c:\program files\QuickPar 2012-06-23 06:59 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 06:59 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 06:59 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 06:59 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 06:59 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-23 06:59 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 06:59 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 06:59 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 06:59 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\Newsbin 2012-06-13 22:14 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-06-13 22:14 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 22:14 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 22:14 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 22:14 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 22:14 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 03:06 . 2012-06-13 03:06 -------- d-----w- c:\program files\EaseUS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2028-06-08 23:38 . 2011-08-11 04:48 158720 ----a-w- c:\windows\system32\VPMSDU32.DLL 2012-06-23 07:44 . 2012-04-03 01:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 07:44 . 2011-06-06 15:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-27 01:22 . 2012-04-27 01:22 413696 ----a-r- c:\users\Rob\AppData\Roaming\Microsoft\Installer\{4229F016-3A60-439E-B626-DE4BD457469F}\ARPPRODUCTICON.exe 2011-03-18 17:53 . 2011-04-10 23:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-05-09 06:39 1011344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-05-09 06:39 1011344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-05-09 06:39 1011344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-10 2756608] "My Movies Tray"="c:\program files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-12-15 477392] "NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-11-20 128296] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-12-22 362432] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200] "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-05-09 1061520] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2011-2-7 603504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^Users^Rob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2010-06-08 01:48 362488 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2012-04-27 16:12 6065784 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4] 2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2011-09-20 21:53 1493288 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2010-06-08 01:47 2605424 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] 2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] S1 MpKsl405aafcf;MpKsl405aafcf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8AE3E55-479C-4BE7-A1E7-E0043E77E064}\MpKsl405aafcf.sys [x] S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/02/28 18:50];c:\program files\CyberLink\PowerDVD DX\000.fcl [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [x] S2 DkTahsp;OCUR SDV Service;c:\windows\system32\dktahsp.exe [x] S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [x] S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [x] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 msta;Tuning Adapter Service;c:\windows\system32\Drivers\msta.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:44] . 2012-07-05 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-04-11 18:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://sn123w.snt123.mail.live.com/default.aspx?wa=wsignin1.0 Trusted Zone: highland.com\office DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab FF - ProfilePath - c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\mz85hv77.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll HKCU-Run-UsenetServices - c:\users\Rob\AppData\Roaming\UseServe.exe HKLM-Run-Conime - c:\windows\system32\conime.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-408190252-3311634441-3888657169-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-408190252-3311634441-3888657169-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(4696) c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\atieclxx.exe c:\windows\system32\WUDFHost.exe c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\windows\ehome\ehRecvr.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Windows Home Server\WHSTrayApp.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\taskhost.exe . ************************************************************************** . Completion time: 2012-07-05 08:33:34 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-05 15:33 . Pre-Run: 387,760,070,656 bytes free Post-Run: 388,317,569,024 bytes free . - - End Of File - - 948414ACFBE9E3BC2A4C82A5850773C5
  9. I have read everything you suggested. Let's give cleaning a try first. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.04.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Rob :: BOLDFIN420 [administrator] Protection: Enabled 7/4/2012 3:47:12 PM mbam-log-2012-07-04 (15-47-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 289410 Time elapsed: 11 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Rob\AppData\Roaming\UseNetServ.exe (Backdoor.Agent) -> Quarantined and deleted successfully. (end) aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-04 16:04:35 ----------------------------- 16:04:35.100 OS Version: Windows 6.1.7601 Service Pack 1 16:04:35.100 Number of processors: 4 586 0x1707 16:04:35.100 ComputerName: BOLDFIN420 UserName: Rob 16:05:02.384 Initialize success 16:06:19.530 AVAST engine defs: 12070401 16:06:24.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 16:06:24.023 Disk 0 Vendor: WDC_WD10 07.0 Size: 953869MB BusType: 8 16:06:24.039 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3 16:06:24.039 Disk 1 Vendor: WDC_WD20 05.0 Size: 1907729MB BusType: 8 16:06:24.039 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-4 16:06:24.039 Disk 2 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 8 16:06:24.054 Disk 0 MBR read successfully 16:06:24.054 Disk 0 MBR scan 16:06:24.070 Disk 0 Windows 7 default MBR code 16:06:24.070 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 16:06:24.132 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848 16:06:24.164 Disk 0 scanning sectors +1953521664 16:06:24.288 Disk 0 scanning C:\Windows\system32\drivers 16:06:44.335 Service scanning 16:06:59.903 Service MpKslcd571702 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8AE3E55-479C-4BE7-A1E7-E0043E77E064}\MpKslcd571702.sys **LOCKED** 32 16:07:17.063 Modules scanning 16:07:28.483 Disk 0 trace - called modules: 16:07:28.514 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 16:07:28.529 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88821200] 16:07:28.529 3 CLASSPNP.SYS[8c79159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8688a028] 16:07:30.838 AVAST engine scan C:\Windows 16:07:35.113 AVAST engine scan C:\Windows\system32 16:12:18.853 AVAST engine scan C:\Windows\system32\drivers 16:12:41.769 AVAST engine scan C:\Users\Rob 16:13:40.067 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat" 16:13:40.067 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-04 16:04:35 ----------------------------- 16:04:35.100 OS Version: Windows 6.1.7601 Service Pack 1 16:04:35.100 Number of processors: 4 586 0x1707 16:04:35.100 ComputerName: BOLDFIN420 UserName: Rob 16:05:02.384 Initialize success 16:06:19.530 AVAST engine defs: 12070401 16:06:24.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 16:06:24.023 Disk 0 Vendor: WDC_WD10 07.0 Size: 953869MB BusType: 8 16:06:24.039 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3 16:06:24.039 Disk 1 Vendor: WDC_WD20 05.0 Size: 1907729MB BusType: 8 16:06:24.039 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-4 16:06:24.039 Disk 2 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 8 16:06:24.054 Disk 0 MBR read successfully 16:06:24.054 Disk 0 MBR scan 16:06:24.070 Disk 0 Windows 7 default MBR code 16:06:24.070 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 16:06:24.132 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848 16:06:24.164 Disk 0 scanning sectors +1953521664 16:06:24.288 Disk 0 scanning C:\Windows\system32\drivers 16:06:44.335 Service scanning 16:06:59.903 Service MpKslcd571702 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8AE3E55-479C-4BE7-A1E7-E0043E77E064}\MpKslcd571702.sys **LOCKED** 32 16:07:17.063 Modules scanning 16:07:28.483 Disk 0 trace - called modules: 16:07:28.514 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 16:07:28.529 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88821200] 16:07:28.529 3 CLASSPNP.SYS[8c79159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8688a028] 16:07:30.838 AVAST engine scan C:\Windows 16:07:35.113 AVAST engine scan C:\Windows\system32 16:12:18.853 AVAST engine scan C:\Windows\system32\drivers 16:12:41.769 AVAST engine scan C:\Users\Rob 16:13:40.067 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat" 16:13:40.067 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt" 17:14:35.316 File: C:\Users\Rob\AppData\Roaming\UseServe.exe **INFECTED** MSIL:Agent-OG [Trj] 18:49:30.840 AVAST engine scan C:\ProgramData 19:02:53.445 Scan finished successfully 19:38:04.940 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat" 19:38:05.034 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt" . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Rob at 19:38:25 on 2012-07-04 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.1302 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Windows\system32\dktahsp.exe C:\Program Files\Windows Home Server\esClient.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Windows Home Server\WHSConnector.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe C:\Program Files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Windows Home Server\WHSTrayApp.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conhost.exe C:\Windows\system32\reg.exe C:\Windows\system32\taskhost.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\ehome\ehRecvr.exe C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\ehome\ehmsas.exe C:\Users\Rob\Desktop\aswMBR.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Nero\Update\NASvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://sn123w.snt123.mail.live.com/default.aspx?wa=wsignin1.0 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll uRun: [usenetServices] c:\users\rob\appdata\roaming\UseServe.exe mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Conime] %windir%\system32\conime.exe mRun: [EKAIO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe mRun: [My Movies Tray] "c:\program files\binnerup consult\my movies for windows media center\My Movies Tray.exe" mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) Trusted Zone: highland.com\office DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1295333121964 DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{84461330-3775-4679-86C3-253BB5E78260} : DhcpNameServer = 209.18.47.61 209.18.47.62 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\rob\appdata\roaming\mozilla\firefox\profiles\mz85hv77.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064] R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2011-10-9 56496] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2011-10-9 12464] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-6-29 66776] R1 MpKslcd571702;MpKslcd571702;c:\programdata\microsoft\microsoft antimalware\definition updates\{e8ae3e55-479c-4be7-a1e7-e0043e77e064}\MpKslcd571702.sys [2012-7-4 29904] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/02/28 18:50:22];c:\program files\cyberlink\powerdvd dx\000.fcl [2012-2-28 87536] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600] R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472] R2 DkTahsp;OCUR SDV Service;c:\windows\system32\dktahsp.exe [2009-8-17 65536] R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136] R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-2-14 13336] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-11 654408] R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-9-23 641832] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640] R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-5 9334784] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-30 22344] R3 msta;Tuning Adapter Service;c:\windows\system32\drivers\msta.sys [2009-8-17 18432] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-4-13 67456] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-4-13 161024] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2009-4-20 44784] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-26 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-26 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-14 1343400] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-07-04 23:05:00 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e8ae3e55-479c-4be7-a1e7-e0043e77e064}\MpKslcd571702.sys 2012-07-04 22:58:20 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e8ae3e55-479c-4be7-a1e7-e0043e77e064}\mpengine.dll 2012-07-04 22:46:16 -------- d-----w- c:\users\rob\appdata\local\{EEE81CE0-B1E0-452E-BFED-7380F6FE215B} 2012-07-04 22:46:01 -------- d-----w- c:\users\rob\appdata\local\{63149514-E8E0-42B9-839A-D52DBCCF9FDA} 2012-07-04 04:06:31 -------- d-----w- c:\users\rob\appdata\local\{E75E4197-088E-41E5-BDC4-929886D137D0} 2012-07-04 04:06:09 -------- d-----w- c:\users\rob\appdata\local\{1BE09295-1082-4EB3-B994-EE4CB973903C} 2012-07-03 14:57:41 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f9d91bec-dbde-4167-9c7a-165d901e6bfd}\gapaengine.dll 2012-07-03 14:56:34 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-07-03 14:26:22 738816 ----a-w- c:\users\rob\appdata\roaming\UseServe.exe 2012-07-03 03:45:33 -------- d-----w- c:\users\rob\appdata\local\{673679B3-2ED5-43F4-B44D-3FA869861853} 2012-07-03 03:45:13 -------- d-----w- c:\users\rob\appdata\local\{DC4BB9D4-7DF1-4BE4-97BF-E2CCF1A089B8} 2012-07-02 06:17:12 -------- d-----w- c:\users\rob\appdata\local\{5B03CC29-CA14-4A1A-B695-6F66706A8455} 2012-07-02 06:16:50 -------- d-----w- c:\users\rob\appdata\local\{D9ECD697-F21B-467C-ACB3-9308503CA9B6} 2012-07-01 18:16:24 -------- d-----w- c:\users\rob\appdata\local\{88C328BD-8223-4751-B6D3-58B72EA81991} 2012-07-01 18:16:13 -------- d-----w- c:\users\rob\appdata\local\{73E73947-0C3F-4B32-9FAF-6A48F9C50E64} 2012-06-30 22:41:29 -------- d-----w- c:\users\rob\appdata\local\{DA374AFF-D844-4BBA-8283-468D075CC41D} 2012-06-30 22:41:06 -------- d-----w- c:\users\rob\appdata\local\{2C70DB14-8EC2-45B7-9A5A-465DED71C1E8} 2012-06-30 10:40:53 -------- d-----w- c:\users\rob\appdata\local\{9F989FCF-7AAA-431B-B3D2-36166535FB45} 2012-06-30 10:40:31 -------- d-----w- c:\users\rob\appdata\local\{D857CF61-6EDC-4E37-BB61-5A31F5790A6B} 2012-06-29 22:40:07 -------- d-----w- c:\users\rob\appdata\local\{E420D828-83DD-4ED0-850B-1B52AC1DC39E} 2012-06-29 22:39:51 -------- d-----w- c:\users\rob\appdata\local\{2913235F-2873-4437-90AC-D5E175F35126} 2012-06-29 02:27:53 -------- d-----w- c:\users\rob\appdata\local\{0F1E3C4A-7046-4D81-B77B-97A77A6A7661} 2012-06-29 02:27:30 -------- d-----w- c:\users\rob\appdata\local\{B9CA9430-65F0-4461-88FD-758BFEEF863C} 2012-06-28 14:27:02 -------- d-----w- c:\users\rob\appdata\local\{5CD50142-56CB-41BF-9BE1-43A1EAA610D2} 2012-06-28 14:26:35 -------- d-----w- c:\users\rob\appdata\local\{775B5D9F-67F2-471D-A7AB-C74BED0AF8F1} 2012-06-28 04:16:21 -------- d-----w- c:\program files\AMD AVT 2012-06-28 04:16:15 -------- d-----w- c:\program files\AMD APP 2012-06-28 02:25:58 -------- d-----w- c:\users\rob\appdata\local\{DA541912-BA1B-4F02-B48F-30EE051F0133} 2012-06-28 02:25:46 -------- d-----w- c:\users\rob\appdata\local\{3E1F0DE1-9B36-4579-A916-FD5DC8A847D8} 2012-06-27 01:56:53 -------- d-----w- c:\users\rob\appdata\local\{8949294A-41A7-4018-AC36-AAF6514D53CB} 2012-06-27 01:56:30 -------- d-----w- c:\users\rob\appdata\local\{1322A18B-20AF-41A2-84CB-7A27D5DE5DB1} 2012-06-26 13:56:05 -------- d-----w- c:\users\rob\appdata\local\{ABA88789-DC7C-484A-A869-6D1E06416E5C} 2012-06-26 13:55:55 -------- d-----w- c:\users\rob\appdata\local\{73A8572F-FDD9-449D-BF87-8DB539610914} 2012-06-25 19:41:56 -------- d-----w- c:\users\rob\appdata\local\{D8CA4377-132C-4896-81E0-FBB8CCEA8368} 2012-06-25 19:41:38 -------- d-----w- c:\users\rob\appdata\local\{0B465C3E-3FF1-4ABD-94AA-183CA03FF00F} 2012-06-24 18:37:38 -------- d-----w- c:\users\rob\appdata\local\{10D4E33E-99F9-4B4F-970E-1421168ABE99} 2012-06-24 18:37:16 -------- d-----w- c:\users\rob\appdata\local\{701F56A9-AE71-45B7-A595-7BAB7864C0A7} 2012-06-24 06:36:51 -------- d-----w- c:\users\rob\appdata\local\{4AF9F52D-9771-40B6-A5B5-59ADC781C6B8} 2012-06-24 06:36:29 -------- d-----w- c:\users\rob\appdata\local\{BE8A43CC-9E61-44E2-A5E6-4FF55CB4E967} 2012-06-23 18:36:02 -------- d-----w- c:\users\rob\appdata\local\{E3BE6626-C19A-4E7F-AC77-28A047461D29} 2012-06-23 18:35:34 -------- d-----w- c:\users\rob\appdata\local\{C96E272F-24DB-4027-A560-A7C49EF57BCB} 2012-06-23 07:44:08 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-06-23 07:09:08 -------- d-----w- c:\users\rob\appdata\local\QuickPar 2012-06-23 07:08:17 -------- d-----w- c:\program files\QuickPar 2012-06-23 06:59:57 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 06:59:40 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 06:59:29 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 06:59:28 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 19:34:52 -------- d-----w- c:\users\rob\appdata\local\{EB660433-C800-4336-A874-7A021BF0E69A} 2012-06-19 19:34:42 -------- d-----w- c:\users\rob\appdata\local\{EF3570D2-59B2-4EE5-A7C9-FA7CCA0DDBCD} 2012-06-19 03:32:13 -------- d-----w- c:\users\rob\appdata\local\{20948427-56EE-4592-AB9F-F4116B856952} 2012-06-19 03:32:00 -------- d-----w- c:\users\rob\appdata\local\{B903EA9E-B1B7-4BF0-851B-7AC78436E9C6} 2012-06-18 14:18:27 -------- d-----w- c:\users\rob\appdata\local\{2A0EE2BA-4382-4DBE-B507-89775BD5BCA8} 2012-06-17 16:37:56 -------- d-----w- c:\users\rob\appdata\local\{643CFEAC-70DE-475C-A577-B27A5DBB92F0} 2012-06-17 04:37:17 -------- d-----w- c:\users\rob\appdata\local\{9B9079A8-E7E0-4CB6-9613-38489D9CAD71} 2012-06-17 03:33:32 -------- d-----w- c:\program files\Newsbin 2012-06-16 16:36:42 -------- d-----w- c:\users\rob\appdata\local\{8E194AD9-C608-4625-9F62-6E7263977E57} 2012-06-16 04:36:06 -------- d-----w- c:\users\rob\appdata\local\{BB873C56-CF7D-42BC-81B3-CF64C1863657} 2012-06-15 16:35:42 -------- d-----w- c:\users\rob\appdata\local\{35ECFE2E-1B7D-4C9F-8331-92D4FD34ED37} 2012-06-15 01:00:38 -------- d-----w- c:\users\rob\appdata\local\{5C282AC3-DD4E-43FD-9087-814E8FA70948} 2012-06-14 04:27:58 -------- d-----w- c:\users\rob\appdata\local\{F45F549B-CCE0-47D0-9038-1F2CB1AB8B6E} 2012-06-14 04:27:35 -------- d-----w- c:\users\rob\appdata\local\{09D1776A-3EAB-4C5F-8BBB-ADEFA6F7AC4D} 2012-06-13 22:14:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-06-13 22:14:34 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 22:14:33 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 22:14:33 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 22:14:32 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 22:14:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 16:27:10 -------- d-----w- c:\users\rob\appdata\local\{861A400D-7CD8-42DE-853A-3DB27DEB184C} 2012-06-13 16:26:47 -------- d-----w- c:\users\rob\appdata\local\{CA70C550-6D76-4219-A23D-7958FE2F7AFB} 2012-06-13 04:26:23 -------- d-----w- c:\users\rob\appdata\local\{385B490C-A126-4108-ACEE-C77A1EA2898C} 2012-06-13 04:26:00 -------- d-----w- c:\users\rob\appdata\local\{AC156247-F531-473E-9079-D0FECAA0E738} 2012-06-13 03:06:16 -------- d-----w- c:\program files\EaseUS 2012-06-12 16:25:35 -------- d-----w- c:\users\rob\appdata\local\{C2E95D2B-7721-4505-B08C-1966E5898564} 2012-06-12 16:25:12 -------- d-----w- c:\users\rob\appdata\local\{181D1A4C-46FF-4962-BB01-A77EB01D8B96} 2012-06-12 01:07:35 -------- d-----w- c:\users\rob\appdata\local\{6ED357B3-33E5-4859-9FF1-DA564C449B69} 2012-06-12 01:07:24 -------- d-----w- c:\users\rob\appdata\local\{15774BF5-0610-417D-9F9B-35D03761176C} 2012-06-10 17:22:45 -------- d-----w- c:\users\rob\appdata\local\{A48E0282-737E-4920-AF1B-DCF5682C331B} 2012-06-10 17:22:22 -------- d-----w- c:\users\rob\appdata\local\{DA1B1F4C-0E1B-415E-9C0F-C4F0EF57648D} 2012-06-10 05:21:57 -------- d-----w- c:\users\rob\appdata\local\{58FFE684-572D-4A98-B818-0658896BB2AF} 2012-06-10 05:21:33 -------- d-----w- c:\users\rob\appdata\local\{11E5D463-7DB5-46FB-9F47-F3959C5EAD22} 2012-06-09 17:21:08 -------- d-----w- c:\users\rob\appdata\local\{FAF2F2B2-F051-43A5-9189-A3F2565AA1DF} 2012-06-09 17:20:57 -------- d-----w- c:\users\rob\appdata\local\{BC024C30-58A2-4BE6-8730-308C3165EC74} 2012-06-08 16:38:57 -------- d-----w- c:\users\rob\appdata\local\{420807A6-7650-4C0F-B5D4-985B61928989} 2012-06-08 16:38:34 -------- d-----w- c:\users\rob\appdata\local\{734236D2-FE82-4F53-8575-8B4440C6E858} 2012-06-08 04:38:10 -------- d-----w- c:\users\rob\appdata\local\{38C62A23-672B-49A3-B7B1-3A51D5E8A1FE} 2012-06-08 04:37:59 -------- d-----w- c:\users\rob\appdata\local\{5449B5A3-4638-42B0-8505-9942446F8AB7} 2012-06-07 14:58:16 -------- d-----w- c:\users\rob\appdata\local\{A9E8027E-682C-4B98-951A-DADD942ADD3E} 2012-06-07 14:57:54 -------- d-----w- c:\users\rob\appdata\local\{AC2D9747-5876-43E3-9C18-EEEC3C4E03AF} 2012-06-07 02:57:29 -------- d-----w- c:\users\rob\appdata\local\{9FCF7E48-2CC0-47F0-B86F-9CB6A3764B55} 2012-06-07 02:57:07 -------- d-----w- c:\users\rob\appdata\local\{81A3771D-203C-4A63-A087-CFC2ACCD0499} 2012-06-06 14:56:55 -------- d-----w- c:\users\rob\appdata\local\{66773C6D-6DDF-43CA-9CB2-C63140EAA3B4} 2012-06-06 14:56:32 -------- d-----w- c:\users\rob\appdata\local\{21135FCB-EC2A-4B6F-B9C2-F241DD394424} 2012-06-06 02:56:07 -------- d-----w- c:\users\rob\appdata\local\{CB68B574-5EE6-4592-BBD5-8BA1CD7D989F} 2012-06-06 02:55:45 -------- d-----w- c:\users\rob\appdata\local\{C8196FEA-D15F-488B-92BF-2A822E48DEA6} 2012-06-05 13:03:34 -------- d-----w- c:\users\rob\appdata\local\{7FF60068-1869-48EF-8F77-5A6A79F0C150} 2012-06-05 13:03:12 -------- d-----w- c:\users\rob\appdata\local\{B446392F-71CC-4FA6-A03F-988B455540FA} . ==================== Find3M ==================== . 2028-06-08 23:38:06 158720 ----a-w- c:\windows\system32\VPMSDU32.DLL 2012-06-23 07:44:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-23 07:44:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-06 05:34:22 159232 ----a-w- c:\windows\system32\clinfo.exe 2012-04-06 05:34:04 64512 ----a-w- c:\windows\system32\OpenVideo.dll 2012-04-06 05:33:52 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-04-06 05:32:56 13007872 ----a-w- c:\windows\system32\amdocl.dll 2012-04-06 05:21:10 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys . ============= FINISH: 19:39:05.97 ===============
  10. Quick Scan with MBAM Pro shows two threats: Backdoor.Agent File C\Users\Rob\AppData\Roaming\UseNetServ.exe Malware.Trace Registry Key HKCU\Software\VB and VBA Program Settings\SrvID DDS.txt below I am a paying customer. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Rob at 21:07:54 on 2012-07-03 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.1389 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Windows\system32\dktahsp.exe C:\Program Files\Windows Home Server\esClient.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Windows Home Server\WHSConnector.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe C:\Program Files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Home Server\WHSTrayApp.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conhost.exe C:\Windows\system32\reg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskhost.exe C:\Windows\ehome\ehRecvr.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Nero\Update\NASvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Newsbin\newsbinpro.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://sn123w.snt123.mail.live.com/default.aspx?wa=wsignin1.0 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe uRun: [usenetServices] c:\users\rob\appdata\roaming\UseServe.exe mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Conime] %windir%\system32\conime.exe mRun: [EKAIO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe mRun: [My Movies Tray] "c:\program files\binnerup consult\my movies for windows media center\My Movies Tray.exe" mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) Trusted Zone: highland.com\office DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1295333121964 DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab TCP: Interfaces\{84461330-3775-4679-86C3-253BB5E78260} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{9AC50678-6F29-42C0-B92C-22B32EE56D11} : NameServer = 8.8.8.8 8.8.4.4 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\rob\appdata\roaming\mozilla\firefox\profiles\mz85hv77.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064] R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2011-10-9 56496] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2011-10-9 12464] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-6-29 66776] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/02/28 18:50:22];c:\program files\cyberlink\powerdvd dx\000.fcl [2012-2-28 87536] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600] R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472] R2 DkTahsp;OCUR SDV Service;c:\windows\system32\dktahsp.exe [2009-8-17 65536] R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136] R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-2-14 13336] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-11 654408] R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-9-23 641832] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640] R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-5 9334784] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-30 22344] R3 msta;Tuning Adapter Service;c:\windows\system32\drivers\msta.sys [2009-8-17 18432] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-4-13 67456] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-4-13 161024] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2009-4-20 44784] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-26 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-26 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-14 1343400] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-07-04 04:06:31 -------- d-----w- c:\users\rob\appdata\local\{E75E4197-088E-41E5-BDC4-929886D137D0} 2012-07-04 04:06:09 -------- d-----w- c:\users\rob\appdata\local\{1BE09295-1082-4EB3-B994-EE4CB973903C} 2012-07-03 14:57:41 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f9d91bec-dbde-4167-9c7a-165d901e6bfd}\gapaengine.dll 2012-07-03 14:56:34 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4b2e0a84-8288-43db-83af-1479e75132a1}\mpengine.dll 2012-07-03 14:26:22 738816 ----a-w- c:\users\rob\appdata\roaming\UseServe.exe 2012-07-03 03:45:33 -------- d-----w- c:\users\rob\appdata\local\{673679B3-2ED5-43F4-B44D-3FA869861853} 2012-07-03 03:45:13 -------- d-----w- c:\users\rob\appdata\local\{DC4BB9D4-7DF1-4BE4-97BF-E2CCF1A089B8} 2012-07-02 14:41:21 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-07-02 06:17:12 -------- d-----w- c:\users\rob\appdata\local\{5B03CC29-CA14-4A1A-B695-6F66706A8455} 2012-07-02 06:16:50 -------- d-----w- c:\users\rob\appdata\local\{D9ECD697-F21B-467C-ACB3-9308503CA9B6} 2012-07-01 18:16:24 -------- d-----w- c:\users\rob\appdata\local\{88C328BD-8223-4751-B6D3-58B72EA81991} 2012-07-01 18:16:13 -------- d-----w- c:\users\rob\appdata\local\{73E73947-0C3F-4B32-9FAF-6A48F9C50E64} 2012-06-30 22:41:29 -------- d-----w- c:\users\rob\appdata\local\{DA374AFF-D844-4BBA-8283-468D075CC41D} 2012-06-30 22:41:06 -------- d-----w- c:\users\rob\appdata\local\{2C70DB14-8EC2-45B7-9A5A-465DED71C1E8} 2012-06-30 10:40:53 -------- d-----w- c:\users\rob\appdata\local\{9F989FCF-7AAA-431B-B3D2-36166535FB45} 2012-06-30 10:40:31 -------- d-----w- c:\users\rob\appdata\local\{D857CF61-6EDC-4E37-BB61-5A31F5790A6B} 2012-06-29 22:40:07 -------- d-----w- c:\users\rob\appdata\local\{E420D828-83DD-4ED0-850B-1B52AC1DC39E} 2012-06-29 22:39:51 -------- d-----w- c:\users\rob\appdata\local\{2913235F-2873-4437-90AC-D5E175F35126} 2012-06-29 02:27:53 -------- d-----w- c:\users\rob\appdata\local\{0F1E3C4A-7046-4D81-B77B-97A77A6A7661} 2012-06-29 02:27:30 -------- d-----w- c:\users\rob\appdata\local\{B9CA9430-65F0-4461-88FD-758BFEEF863C} 2012-06-28 14:27:02 -------- d-----w- c:\users\rob\appdata\local\{5CD50142-56CB-41BF-9BE1-43A1EAA610D2} 2012-06-28 14:26:35 -------- d-----w- c:\users\rob\appdata\local\{775B5D9F-67F2-471D-A7AB-C74BED0AF8F1} 2012-06-28 04:16:21 -------- d-----w- c:\program files\AMD AVT 2012-06-28 04:16:15 -------- d-----w- c:\program files\AMD APP 2012-06-28 02:25:58 -------- d-----w- c:\users\rob\appdata\local\{DA541912-BA1B-4F02-B48F-30EE051F0133} 2012-06-28 02:25:46 -------- d-----w- c:\users\rob\appdata\local\{3E1F0DE1-9B36-4579-A916-FD5DC8A847D8} 2012-06-27 01:56:53 -------- d-----w- c:\users\rob\appdata\local\{8949294A-41A7-4018-AC36-AAF6514D53CB} 2012-06-27 01:56:30 -------- d-----w- c:\users\rob\appdata\local\{1322A18B-20AF-41A2-84CB-7A27D5DE5DB1} 2012-06-26 13:56:05 -------- d-----w- c:\users\rob\appdata\local\{ABA88789-DC7C-484A-A869-6D1E06416E5C} 2012-06-26 13:55:55 -------- d-----w- c:\users\rob\appdata\local\{73A8572F-FDD9-449D-BF87-8DB539610914} 2012-06-25 19:41:56 -------- d-----w- c:\users\rob\appdata\local\{D8CA4377-132C-4896-81E0-FBB8CCEA8368} 2012-06-25 19:41:38 -------- d-----w- c:\users\rob\appdata\local\{0B465C3E-3FF1-4ABD-94AA-183CA03FF00F} 2012-06-24 18:37:38 -------- d-----w- c:\users\rob\appdata\local\{10D4E33E-99F9-4B4F-970E-1421168ABE99} 2012-06-24 18:37:16 -------- d-----w- c:\users\rob\appdata\local\{701F56A9-AE71-45B7-A595-7BAB7864C0A7} 2012-06-24 06:36:51 -------- d-----w- c:\users\rob\appdata\local\{4AF9F52D-9771-40B6-A5B5-59ADC781C6B8} 2012-06-24 06:36:29 -------- d-----w- c:\users\rob\appdata\local\{BE8A43CC-9E61-44E2-A5E6-4FF55CB4E967} 2012-06-23 18:36:02 -------- d-----w- c:\users\rob\appdata\local\{E3BE6626-C19A-4E7F-AC77-28A047461D29} 2012-06-23 18:35:34 -------- d-----w- c:\users\rob\appdata\local\{C96E272F-24DB-4027-A560-A7C49EF57BCB} 2012-06-23 07:44:08 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-06-23 07:09:08 -------- d-----w- c:\users\rob\appdata\local\QuickPar 2012-06-23 07:08:17 -------- d-----w- c:\program files\QuickPar 2012-06-23 06:59:57 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 06:59:40 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 06:59:29 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 06:59:28 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 19:34:52 -------- d-----w- c:\users\rob\appdata\local\{EB660433-C800-4336-A874-7A021BF0E69A} 2012-06-19 19:34:42 -------- d-----w- c:\users\rob\appdata\local\{EF3570D2-59B2-4EE5-A7C9-FA7CCA0DDBCD} 2012-06-19 03:32:13 -------- d-----w- c:\users\rob\appdata\local\{20948427-56EE-4592-AB9F-F4116B856952} 2012-06-19 03:32:00 -------- d-----w- c:\users\rob\appdata\local\{B903EA9E-B1B7-4BF0-851B-7AC78436E9C6} 2012-06-18 14:18:27 -------- d-----w- c:\users\rob\appdata\local\{2A0EE2BA-4382-4DBE-B507-89775BD5BCA8} 2012-06-17 16:37:56 -------- d-----w- c:\users\rob\appdata\local\{643CFEAC-70DE-475C-A577-B27A5DBB92F0} 2012-06-17 04:37:17 -------- d-----w- c:\users\rob\appdata\local\{9B9079A8-E7E0-4CB6-9613-38489D9CAD71} 2012-06-17 03:33:32 -------- d-----w- c:\program files\Newsbin 2012-06-16 16:36:42 -------- d-----w- c:\users\rob\appdata\local\{8E194AD9-C608-4625-9F62-6E7263977E57} 2012-06-16 04:36:06 -------- d-----w- c:\users\rob\appdata\local\{BB873C56-CF7D-42BC-81B3-CF64C1863657} 2012-06-15 16:35:42 -------- d-----w- c:\users\rob\appdata\local\{35ECFE2E-1B7D-4C9F-8331-92D4FD34ED37} 2012-06-15 01:00:38 -------- d-----w- c:\users\rob\appdata\local\{5C282AC3-DD4E-43FD-9087-814E8FA70948} 2012-06-14 04:27:58 -------- d-----w- c:\users\rob\appdata\local\{F45F549B-CCE0-47D0-9038-1F2CB1AB8B6E} 2012-06-14 04:27:35 -------- d-----w- c:\users\rob\appdata\local\{09D1776A-3EAB-4C5F-8BBB-ADEFA6F7AC4D} 2012-06-13 22:14:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-06-13 22:14:34 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 22:14:33 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 22:14:33 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 22:14:32 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 22:14:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 16:27:10 -------- d-----w- c:\users\rob\appdata\local\{861A400D-7CD8-42DE-853A-3DB27DEB184C} 2012-06-13 16:26:47 -------- d-----w- c:\users\rob\appdata\local\{CA70C550-6D76-4219-A23D-7958FE2F7AFB} 2012-06-13 04:26:23 -------- d-----w- c:\users\rob\appdata\local\{385B490C-A126-4108-ACEE-C77A1EA2898C} 2012-06-13 04:26:00 -------- d-----w- c:\users\rob\appdata\local\{AC156247-F531-473E-9079-D0FECAA0E738} 2012-06-13 03:06:16 -------- d-----w- c:\program files\EaseUS 2012-06-12 16:25:35 -------- d-----w- c:\users\rob\appdata\local\{C2E95D2B-7721-4505-B08C-1966E5898564} 2012-06-12 16:25:12 -------- d-----w- c:\users\rob\appdata\local\{181D1A4C-46FF-4962-BB01-A77EB01D8B96} 2012-06-12 01:07:35 -------- d-----w- c:\users\rob\appdata\local\{6ED357B3-33E5-4859-9FF1-DA564C449B69} 2012-06-12 01:07:24 -------- d-----w- c:\users\rob\appdata\local\{15774BF5-0610-417D-9F9B-35D03761176C} 2012-06-10 17:22:45 -------- d-----w- c:\users\rob\appdata\local\{A48E0282-737E-4920-AF1B-DCF5682C331B} 2012-06-10 17:22:22 -------- d-----w- c:\users\rob\appdata\local\{DA1B1F4C-0E1B-415E-9C0F-C4F0EF57648D} 2012-06-10 05:21:57 -------- d-----w- c:\users\rob\appdata\local\{58FFE684-572D-4A98-B818-0658896BB2AF} 2012-06-10 05:21:33 -------- d-----w- c:\users\rob\appdata\local\{11E5D463-7DB5-46FB-9F47-F3959C5EAD22} 2012-06-09 17:21:08 -------- d-----w- c:\users\rob\appdata\local\{FAF2F2B2-F051-43A5-9189-A3F2565AA1DF} 2012-06-09 17:20:57 -------- d-----w- c:\users\rob\appdata\local\{BC024C30-58A2-4BE6-8730-308C3165EC74} 2012-06-08 16:38:57 -------- d-----w- c:\users\rob\appdata\local\{420807A6-7650-4C0F-B5D4-985B61928989} 2012-06-08 16:38:34 -------- d-----w- c:\users\rob\appdata\local\{734236D2-FE82-4F53-8575-8B4440C6E858} 2012-06-08 04:38:10 -------- d-----w- c:\users\rob\appdata\local\{38C62A23-672B-49A3-B7B1-3A51D5E8A1FE} 2012-06-08 04:37:59 -------- d-----w- c:\users\rob\appdata\local\{5449B5A3-4638-42B0-8505-9942446F8AB7} 2012-06-07 14:58:16 -------- d-----w- c:\users\rob\appdata\local\{A9E8027E-682C-4B98-951A-DADD942ADD3E} 2012-06-07 14:57:54 -------- d-----w- c:\users\rob\appdata\local\{AC2D9747-5876-43E3-9C18-EEEC3C4E03AF} 2012-06-07 02:57:29 -------- d-----w- c:\users\rob\appdata\local\{9FCF7E48-2CC0-47F0-B86F-9CB6A3764B55} 2012-06-07 02:57:07 -------- d-----w- c:\users\rob\appdata\local\{81A3771D-203C-4A63-A087-CFC2ACCD0499} 2012-06-06 14:56:55 -------- d-----w- c:\users\rob\appdata\local\{66773C6D-6DDF-43CA-9CB2-C63140EAA3B4} 2012-06-06 14:56:32 -------- d-----w- c:\users\rob\appdata\local\{21135FCB-EC2A-4B6F-B9C2-F241DD394424} 2012-06-06 02:56:07 -------- d-----w- c:\users\rob\appdata\local\{CB68B574-5EE6-4592-BBD5-8BA1CD7D989F} 2012-06-06 02:55:45 -------- d-----w- c:\users\rob\appdata\local\{C8196FEA-D15F-488B-92BF-2A822E48DEA6} 2012-06-05 13:03:34 -------- d-----w- c:\users\rob\appdata\local\{7FF60068-1869-48EF-8F77-5A6A79F0C150} 2012-06-05 13:03:12 -------- d-----w- c:\users\rob\appdata\local\{B446392F-71CC-4FA6-A03F-988B455540FA} 2012-06-05 01:02:48 -------- d-----w- c:\users\rob\appdata\local\{00AA0DC1-B39A-4644-A299-9B2DB54970D3} 2012-06-05 01:02:32 -------- d-----w- c:\users\rob\appdata\local\{3F25FACE-89CB-4A45-865C-AE656B3FD1B8} . ==================== Find3M ==================== . 2028-06-08 23:38:06 158720 ----a-w- c:\windows\system32\VPMSDU32.DLL 2012-06-23 07:44:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-23 07:44:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-06 05:34:22 159232 ----a-w- c:\windows\system32\clinfo.exe 2012-04-06 05:34:04 64512 ----a-w- c:\windows\system32\OpenVideo.dll 2012-04-06 05:33:52 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-04-06 05:32:56 13007872 ----a-w- c:\windows\system32\amdocl.dll 2012-04-06 05:21:10 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-04-06 02:22:00 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-04-06 02:21:52 909312 ----a-w- c:\windows\system32\aticfx32.dll 2012-04-06 02:16:52 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-04-06 02:16:24 451072 ----a-w- c:\windows\system32\atieclxx.exe 2012-04-06 02:15:50 217600 ----a-w- c:\windows\system32\atiesrxx.exe 2012-04-06 02:14:36 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2012-04-06 02:14:28 20992 ----a-w- c:\windows\system32\atimuixx.dll 2012-04-06 02:14:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2012-04-06 02:13:42 6800896 ----a-w- c:\windows\system32\atidxx32.dll 2012-04-06 02:00:08 52736 ----a-w- c:\windows\system32\coinst.dll 2012-04-06 01:50:56 19753984 ----a-w- c:\windows\system32\atioglxx.dll 2012-04-06 01:34:50 1831424 ----a-w- c:\windows\system32\atiumdmv.dll 2012-04-06 01:34:04 6203392 ----a-w- c:\windows\system32\atiumdag.dll 2012-04-06 01:30:14 46080 ----a-w- c:\windows\system32\aticalrt.dll 2012-04-06 01:30:06 44032 ----a-w- c:\windows\system32\aticalcl.dll 2012-04-06 01:25:30 13764096 ----a-w- c:\windows\system32\aticaldd.dll 2012-04-06 01:22:54 4795904 ----a-w- c:\windows\system32\atiumdva.dll 2012-04-06 01:11:18 360448 ----a-w- c:\windows\system32\atiadlxx.dll 2012-04-06 01:11:04 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-04-06 01:10:52 33280 ----a-w- c:\windows\system32\atigktxx.dll 2012-04-06 01:10:22 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-04-06 01:09:48 41984 ----a-w- c:\windows\system32\atiuxpag.dll 2012-04-06 01:09:34 32256 ----a-w- c:\windows\system32\atiu9pag.dll 2012-04-06 01:09:02 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-04-06 01:06:04 53760 ----a-w- c:\windows\system32\atimpc32.dll 2012-04-06 01:06:04 53760 ----a-w- c:\windows\system32\amdpcom32.dll . ============= FINISH: 21:08:52.25 =============== Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.