boldfin
-
Posts
17 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by boldfin
-
-
Brave seems to be working as is should now. No longer do I have countless ads and popups on every web page I visit. That is fantastic.
However, I am still getting tons of Threat detections by Defender - all of which it cannot remediate. I just got another one moments ago:
-
I've updated/uninstalled all the programs.
I have also updated my version of Win10 to the latest version.
-
Yes, I am still using a Brother AIO printer from 2012.
I'll follow the rest of your instructions unless that info somehow adds an additional step to be taken.
-
-
Thank you very much for your reply. I am a little surprised though to hear that you don't see signs of an infection. MalwareBytes isn't finding any threats, but both Defender and ESET are. But I could certainly be confusing detections with infections. I guess they could be two different things.
At any rate, I do know that Brave is definitely being affected by something. I use that Browser on all my PC's and its built-in ad blocker (Shields) has worked flawlessly until a couple of days ago, which corresponds to when these threats were initially detected. Now every website I visit is riddled with ads. Images on the sites load ads instead of the intended images. Many pages simply won't load at all. That's got to be a sign of some sort of adware infestation.
All of this continues to happen despite having cleared cookies, and all site data. Last night I completely uninstalled Brave and reinstalled it. The same symptoms have resumed after the UI/RI of Brave. It's made web-browsing on this PC basically unusable for me and my kids.
At this point, I am open to any suggestions you might have. If you think a running a generic cleanup script might help, I say let's do it.
Let me know if I can provide any other logs or details to assist you, and again - I appreciate your help!
-
Windows Defender and other AV tools have detected a few threats, some of which were left "unremediated". MBAW is now actively blocking numerous incoming port scans and compromised sites, and my Browser has clearly become infected with Adware.
ESET Scan Log.txt Malwarebytes Scan Report 2024-08-15 172858.txt FRST.txt Addition.txt
-
It appears to be working normally. I rescanned with MBAW and MS Security Essentials, and no threats were found. I understand that there is no guarantee that the system is truly "clean", but please tell me if I should consider nuke/pave at this point.
-
I just completed an automatic scan with the AVPTool, per your instructions. It took six hours to run the scan of my main drive. No threats were detected, so there is no Detected Threats report to post in this reply.
Just to make sure, I ran another MBAW Quick Scan:
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
Database version: v2012.07.14.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Rob :: BOLDFIN420 [administrator]
Protection: Enabled
7/14/2012 10:45:03 PM
mbam-log-2012-07-14 (22-45-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285703
Time elapsed: 9 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
What do you recommend at this point?
-
I am back in town. I ran scans with MS Security Essentials znd MBAW, both came back with one threat each. MSSE reported a Win32 worm, which I quarantined, MBAW log is posted below. What next steps do you recommend?
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
Database version: v2012.07.14.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Rob :: BOLDFIN420 [administrator]
Protection: Enabled
7/14/2012 12:56:05 PM
mbam-log-2012-07-14 (12-56-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280845
Time elapsed: 7 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Rob\AppData\Roaming\jullli_2012 (Stolen.Data) -> Quarantined and deleted successfully.
(end)
-
FYI - I am going to be travelling for a few days, and unable to continue th ecleaning process on this computer until I return. I appreciate your help so far, and will contact you when I return.
-
Just ran the scan again. Log below:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
-
I ran the scan with ESET's online tool. It took several hours. There were a few quarantined programs, most of which I recognized as being installed by me:
Uniblue Registry Booster, etc.
The log.txt doesn't see to say much...
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
Is this normal?
-
In your previous instructions, you asked me to uninstall the Ask.com Toolbar. This program was not listed under installed programs. There was a folder for it, however, in C:/program files - which I deleted. This was done yesterday.
ComboFix 12-07-05.02 - Rob 07/05/2012 19:50:26.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.1784 [GMT -7:00]
Running from: c:\users\Rob\Desktop\ComboFix.exe
Command switches used :: c:\users\Rob\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 03:00 . 2012-07-06 03:00 -------- d-----w- c:\users\Mcx3-BOLDFIN420\AppData\Local\temp
2012-07-06 03:00 . 2012-07-06 03:00 -------- d-----w- c:\users\Mcx2-BOLDFIN420\AppData\Local\temp
2012-07-06 03:00 . 2012-07-06 03:00 -------- d-----w- c:\users\Jennifer\AppData\Local\temp
2012-07-06 03:00 . 2012-07-06 03:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 03:00 . 2012-07-06 03:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-05 15:12 . 2012-07-06 03:00 -------- d-----w- c:\users\Rob\AppData\Local\temp
2012-07-04 22:58 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8AE3E55-479C-4BE7-A1E7-E0043E77E064}\mpengine.dll
2012-07-03 14:57 . 2012-02-10 10:28 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D91BEC-DBDE-4167-9C7A-165D901E6BFD}\gapaengine.dll
2012-07-03 14:56 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\programdata\ATI
2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\program files\AMD AVT
2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\program files\AMD APP
2012-06-23 07:44 . 2012-06-23 07:44 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-23 07:09 . 2012-06-30 20:36 -------- d-----w- c:\users\Rob\AppData\Local\QuickPar
2012-06-23 07:08 . 2012-06-23 07:08 -------- d-----w- c:\program files\QuickPar
2012-06-23 06:59 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 06:59 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 06:59 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 06:59 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 06:59 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 06:59 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 06:59 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 06:59 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 06:59 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\Newsbin
2012-06-13 22:14 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 22:14 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:14 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 22:14 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:14 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 22:14 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 03:06 . 2012-06-13 03:06 -------- d-----w- c:\program files\EaseUS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2028-06-08 23:38 . 2011-08-11 04:48 158720 ----a-w- c:\windows\system32\VPMSDU32.DLL
2012-06-23 07:44 . 2012-04-03 01:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 07:44 . 2011-06-06 15:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-27 01:22 . 2012-04-27 01:22 413696 ----a-r- c:\users\Rob\AppData\Roaming\Microsoft\Installer\{4229F016-3A60-439E-B626-DE4BD457469F}\ARPPRODUCTICON.exe
2011-03-18 17:53 . 2011-04-10 23:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-05-09 06:39 1011344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-05-09 06:39 1011344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-05-09 06:39 1011344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-10 2756608]
"My Movies Tray"="c:\program files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-12-15 477392]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-11-20 128296]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-05-09 1061520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2011-2-7 603504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Rob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-06-08 01:48 362488 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2012-04-27 16:12 6065784 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2011-09-20 21:53 1493288 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-06-08 01:47 2605424 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/02/28 18:50];c:\program files\CyberLink\PowerDVD DX\000.fcl [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [x]
S2 DkTahsp;OCUR SDV Service;c:\windows\system32\dktahsp.exe [x]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [x]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 msta;Tuning Adapter Service;c:\windows\system32\Drivers\msta.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:44]
.
2012-07-06 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-04-11 18:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sn123w.snt123.mail.live.com/default.aspx?wa=wsignin1.0
Trusted Zone: highland.com\office
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
FF - ProfilePath - c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\mz85hv77.default\
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-408190252-3311634441-3888657169-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-408190252-3311634441-3888657169-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-05 20:02:53
ComboFix-quarantined-files.txt 2012-07-06 03:02
ComboFix2.txt 2012-07-05 15:33
.
Pre-Run: 388,650,045,440 bytes free
Post-Run: 388,093,710,336 bytes free
.
- - End Of File - - 1AF48684F65612D6250FD1803BF15C11
-
Ran ComboFix:
ComboFix 12-07-05.02 - Rob 07/05/2012 8:04.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.1858 [GMT -7:00]
Running from: c:\users\Rob\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Rob\AppData\Roaming\8D5595
c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Rob\AppData\Roaming\UseNetServ.exe
c:\users\Rob\AppData\Roaming\UseServe.exe
c:\users\Rob\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
.
.
2012-07-05 15:12 . 2012-07-05 15:30 -------- d-----w- c:\users\Rob\AppData\Local\temp
2012-07-05 15:12 . 2012-07-05 15:12 -------- d-----w- c:\users\Mcx3-BOLDFIN420\AppData\Local\temp
2012-07-05 15:12 . 2012-07-05 15:12 -------- d-----w- c:\users\Mcx2-BOLDFIN420\AppData\Local\temp
2012-07-05 15:12 . 2012-07-05 15:12 -------- d-----w- c:\users\Jennifer\AppData\Local\temp
2012-07-05 15:12 . 2012-07-05 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 14:59 . 2012-07-05 14:59 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8AE3E55-479C-4BE7-A1E7-E0043E77E064}\MpKsl405aafcf.sys
2012-07-04 22:58 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8AE3E55-479C-4BE7-A1E7-E0043E77E064}\mpengine.dll
2012-07-03 14:57 . 2012-02-10 10:28 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9D91BEC-DBDE-4167-9C7A-165D901E6BFD}\gapaengine.dll
2012-07-03 14:56 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\programdata\ATI
2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\program files\AMD AVT
2012-06-28 04:16 . 2012-06-28 04:16 -------- d-----w- c:\program files\AMD APP
2012-06-23 07:44 . 2012-06-23 07:44 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-23 07:09 . 2012-06-30 20:36 -------- d-----w- c:\users\Rob\AppData\Local\QuickPar
2012-06-23 07:08 . 2012-06-23 07:08 -------- d-----w- c:\program files\QuickPar
2012-06-23 06:59 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 06:59 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 06:59 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 06:59 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 06:59 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 06:59 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 06:59 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 06:59 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 06:59 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 03:33 . 2012-06-17 03:33 -------- d-----w- c:\program files\Newsbin
2012-06-13 22:14 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 22:14 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:14 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 22:14 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:14 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 22:14 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 03:06 . 2012-06-13 03:06 -------- d-----w- c:\program files\EaseUS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2028-06-08 23:38 . 2011-08-11 04:48 158720 ----a-w- c:\windows\system32\VPMSDU32.DLL
2012-06-23 07:44 . 2012-04-03 01:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 07:44 . 2011-06-06 15:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-27 01:22 . 2012-04-27 01:22 413696 ----a-r- c:\users\Rob\AppData\Roaming\Microsoft\Installer\{4229F016-3A60-439E-B626-DE4BD457469F}\ARPPRODUCTICON.exe
2011-03-18 17:53 . 2011-04-10 23:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-05-09 06:39 1011344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-05-09 06:39 1011344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-05-09 06:39 1011344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-10 2756608]
"My Movies Tray"="c:\program files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-12-15 477392]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-11-20 128296]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-05-09 1061520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2011-2-7 603504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Rob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-06-08 01:48 362488 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2012-04-27 16:12 6065784 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2011-09-20 21:53 1493288 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-06-08 01:47 2605424 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 MpKsl405aafcf;MpKsl405aafcf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8AE3E55-479C-4BE7-A1E7-E0043E77E064}\MpKsl405aafcf.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/02/28 18:50];c:\program files\CyberLink\PowerDVD DX\000.fcl [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [x]
S2 DkTahsp;OCUR SDV Service;c:\windows\system32\dktahsp.exe [x]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [x]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 msta;Tuning Adapter Service;c:\windows\system32\Drivers\msta.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:44]
.
2012-07-05 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-04-11 18:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sn123w.snt123.mail.live.com/default.aspx?wa=wsignin1.0
Trusted Zone: highland.com\office
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
FF - ProfilePath - c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\mz85hv77.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-UsenetServices - c:\users\Rob\AppData\Roaming\UseServe.exe
HKLM-Run-Conime - c:\windows\system32\conime.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-408190252-3311634441-3888657169-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-408190252-3311634441-3888657169-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4696)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Home Server\WHSTrayApp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-07-05 08:33:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-05 15:33
.
Pre-Run: 387,760,070,656 bytes free
Post-Run: 388,317,569,024 bytes free
.
- - End Of File - - 948414ACFBE9E3BC2A4C82A5850773C5
-
I have read everything you suggested. Let's give cleaning a try first.
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
Database version: v2012.07.04.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Rob :: BOLDFIN420 [administrator]
Protection: Enabled
7/4/2012 3:47:12 PM
mbam-log-2012-07-04 (15-47-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 289410
Time elapsed: 11 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Rob\AppData\Roaming\UseNetServ.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
(end)
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 16:04:35
-----------------------------
16:04:35.100 OS Version: Windows 6.1.7601 Service Pack 1
16:04:35.100 Number of processors: 4 586 0x1707
16:04:35.100 ComputerName: BOLDFIN420 UserName: Rob
16:05:02.384 Initialize success
16:06:19.530 AVAST engine defs: 12070401
16:06:24.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
16:06:24.023 Disk 0 Vendor: WDC_WD10 07.0 Size: 953869MB BusType: 8
16:06:24.039 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
16:06:24.039 Disk 1 Vendor: WDC_WD20 05.0 Size: 1907729MB BusType: 8
16:06:24.039 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-4
16:06:24.039 Disk 2 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 8
16:06:24.054 Disk 0 MBR read successfully
16:06:24.054 Disk 0 MBR scan
16:06:24.070 Disk 0 Windows 7 default MBR code
16:06:24.070 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:06:24.132 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
16:06:24.164 Disk 0 scanning sectors +1953521664
16:06:24.288 Disk 0 scanning C:\Windows\system32\drivers
16:06:44.335 Service scanning
16:06:59.903 Service MpKslcd571702 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8AE3E55-479C-4BE7-A1E7-E0043E77E064}\MpKslcd571702.sys **LOCKED** 32
16:07:17.063 Modules scanning
16:07:28.483 Disk 0 trace - called modules:
16:07:28.514 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:07:28.529 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88821200]
16:07:28.529 3 CLASSPNP.SYS[8c79159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8688a028]
16:07:30.838 AVAST engine scan C:\Windows
16:07:35.113 AVAST engine scan C:\Windows\system32
16:12:18.853 AVAST engine scan C:\Windows\system32\drivers
16:12:41.769 AVAST engine scan C:\Users\Rob
16:13:40.067 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
16:13:40.067 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 16:04:35
-----------------------------
16:04:35.100 OS Version: Windows 6.1.7601 Service Pack 1
16:04:35.100 Number of processors: 4 586 0x1707
16:04:35.100 ComputerName: BOLDFIN420 UserName: Rob
16:05:02.384 Initialize success
16:06:19.530 AVAST engine defs: 12070401
16:06:24.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
16:06:24.023 Disk 0 Vendor: WDC_WD10 07.0 Size: 953869MB BusType: 8
16:06:24.039 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
16:06:24.039 Disk 1 Vendor: WDC_WD20 05.0 Size: 1907729MB BusType: 8
16:06:24.039 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-4
16:06:24.039 Disk 2 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 8
16:06:24.054 Disk 0 MBR read successfully
16:06:24.054 Disk 0 MBR scan
16:06:24.070 Disk 0 Windows 7 default MBR code
16:06:24.070 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:06:24.132 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
16:06:24.164 Disk 0 scanning sectors +1953521664
16:06:24.288 Disk 0 scanning C:\Windows\system32\drivers
16:06:44.335 Service scanning
16:06:59.903 Service MpKslcd571702 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8AE3E55-479C-4BE7-A1E7-E0043E77E064}\MpKslcd571702.sys **LOCKED** 32
16:07:17.063 Modules scanning
16:07:28.483 Disk 0 trace - called modules:
16:07:28.514 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:07:28.529 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88821200]
16:07:28.529 3 CLASSPNP.SYS[8c79159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8688a028]
16:07:30.838 AVAST engine scan C:\Windows
16:07:35.113 AVAST engine scan C:\Windows\system32
16:12:18.853 AVAST engine scan C:\Windows\system32\drivers
16:12:41.769 AVAST engine scan C:\Users\Rob
16:13:40.067 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
16:13:40.067 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
17:14:35.316 File: C:\Users\Rob\AppData\Roaming\UseServe.exe **INFECTED** MSIL:Agent-OG [Trj]
18:49:30.840 AVAST engine scan C:\ProgramData
19:02:53.445 Scan finished successfully
19:38:04.940 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
19:38:05.034 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Rob at 19:38:25 on 2012-07-04
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.1302 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\dktahsp.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
C:\Program Files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\reg.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\ehome\ehmsas.exe
C:\Users\Rob\Desktop\aswMBR.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sn123w.snt123.mail.live.com/default.aspx?wa=wsignin1.0
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
uRun: [usenetServices] c:\users\rob\appdata\roaming\UseServe.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKAIO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
mRun: [My Movies Tray] "c:\program files\binnerup consult\my movies for windows media center\My Movies Tray.exe"
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
Trusted Zone: highland.com\office
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1295333121964
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{84461330-3775-4679-86C3-253BB5E78260} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rob\appdata\roaming\mozilla\firefox\profiles\mz85hv77.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2011-10-9 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2011-10-9 12464]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-6-29 66776]
R1 MpKslcd571702;MpKslcd571702;c:\programdata\microsoft\microsoft antimalware\definition updates\{e8ae3e55-479c-4be7-a1e7-e0043e77e064}\MpKslcd571702.sys [2012-7-4 29904]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/02/28 18:50:22];c:\program files\cyberlink\powerdvd dx\000.fcl [2012-2-28 87536]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]
R2 DkTahsp;OCUR SDV Service;c:\windows\system32\dktahsp.exe [2009-8-17 65536]
R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-2-14 13336]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-11 654408]
R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-9-23 641832]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-5 9334784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-30 22344]
R3 msta;Tuning Adapter Service;c:\windows\system32\drivers\msta.sys [2009-8-17 18432]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-4-13 67456]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-4-13 161024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2009-4-20 44784]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-26 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-26 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-14 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-04 23:05:00 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e8ae3e55-479c-4be7-a1e7-e0043e77e064}\MpKslcd571702.sys
2012-07-04 22:58:20 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e8ae3e55-479c-4be7-a1e7-e0043e77e064}\mpengine.dll
2012-07-04 22:46:16 -------- d-----w- c:\users\rob\appdata\local\{EEE81CE0-B1E0-452E-BFED-7380F6FE215B}
2012-07-04 22:46:01 -------- d-----w- c:\users\rob\appdata\local\{63149514-E8E0-42B9-839A-D52DBCCF9FDA}
2012-07-04 04:06:31 -------- d-----w- c:\users\rob\appdata\local\{E75E4197-088E-41E5-BDC4-929886D137D0}
2012-07-04 04:06:09 -------- d-----w- c:\users\rob\appdata\local\{1BE09295-1082-4EB3-B994-EE4CB973903C}
2012-07-03 14:57:41 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f9d91bec-dbde-4167-9c7a-165d901e6bfd}\gapaengine.dll
2012-07-03 14:56:34 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-03 14:26:22 738816 ----a-w- c:\users\rob\appdata\roaming\UseServe.exe
2012-07-03 03:45:33 -------- d-----w- c:\users\rob\appdata\local\{673679B3-2ED5-43F4-B44D-3FA869861853}
2012-07-03 03:45:13 -------- d-----w- c:\users\rob\appdata\local\{DC4BB9D4-7DF1-4BE4-97BF-E2CCF1A089B8}
2012-07-02 06:17:12 -------- d-----w- c:\users\rob\appdata\local\{5B03CC29-CA14-4A1A-B695-6F66706A8455}
2012-07-02 06:16:50 -------- d-----w- c:\users\rob\appdata\local\{D9ECD697-F21B-467C-ACB3-9308503CA9B6}
2012-07-01 18:16:24 -------- d-----w- c:\users\rob\appdata\local\{88C328BD-8223-4751-B6D3-58B72EA81991}
2012-07-01 18:16:13 -------- d-----w- c:\users\rob\appdata\local\{73E73947-0C3F-4B32-9FAF-6A48F9C50E64}
2012-06-30 22:41:29 -------- d-----w- c:\users\rob\appdata\local\{DA374AFF-D844-4BBA-8283-468D075CC41D}
2012-06-30 22:41:06 -------- d-----w- c:\users\rob\appdata\local\{2C70DB14-8EC2-45B7-9A5A-465DED71C1E8}
2012-06-30 10:40:53 -------- d-----w- c:\users\rob\appdata\local\{9F989FCF-7AAA-431B-B3D2-36166535FB45}
2012-06-30 10:40:31 -------- d-----w- c:\users\rob\appdata\local\{D857CF61-6EDC-4E37-BB61-5A31F5790A6B}
2012-06-29 22:40:07 -------- d-----w- c:\users\rob\appdata\local\{E420D828-83DD-4ED0-850B-1B52AC1DC39E}
2012-06-29 22:39:51 -------- d-----w- c:\users\rob\appdata\local\{2913235F-2873-4437-90AC-D5E175F35126}
2012-06-29 02:27:53 -------- d-----w- c:\users\rob\appdata\local\{0F1E3C4A-7046-4D81-B77B-97A77A6A7661}
2012-06-29 02:27:30 -------- d-----w- c:\users\rob\appdata\local\{B9CA9430-65F0-4461-88FD-758BFEEF863C}
2012-06-28 14:27:02 -------- d-----w- c:\users\rob\appdata\local\{5CD50142-56CB-41BF-9BE1-43A1EAA610D2}
2012-06-28 14:26:35 -------- d-----w- c:\users\rob\appdata\local\{775B5D9F-67F2-471D-A7AB-C74BED0AF8F1}
2012-06-28 04:16:21 -------- d-----w- c:\program files\AMD AVT
2012-06-28 04:16:15 -------- d-----w- c:\program files\AMD APP
2012-06-28 02:25:58 -------- d-----w- c:\users\rob\appdata\local\{DA541912-BA1B-4F02-B48F-30EE051F0133}
2012-06-28 02:25:46 -------- d-----w- c:\users\rob\appdata\local\{3E1F0DE1-9B36-4579-A916-FD5DC8A847D8}
2012-06-27 01:56:53 -------- d-----w- c:\users\rob\appdata\local\{8949294A-41A7-4018-AC36-AAF6514D53CB}
2012-06-27 01:56:30 -------- d-----w- c:\users\rob\appdata\local\{1322A18B-20AF-41A2-84CB-7A27D5DE5DB1}
2012-06-26 13:56:05 -------- d-----w- c:\users\rob\appdata\local\{ABA88789-DC7C-484A-A869-6D1E06416E5C}
2012-06-26 13:55:55 -------- d-----w- c:\users\rob\appdata\local\{73A8572F-FDD9-449D-BF87-8DB539610914}
2012-06-25 19:41:56 -------- d-----w- c:\users\rob\appdata\local\{D8CA4377-132C-4896-81E0-FBB8CCEA8368}
2012-06-25 19:41:38 -------- d-----w- c:\users\rob\appdata\local\{0B465C3E-3FF1-4ABD-94AA-183CA03FF00F}
2012-06-24 18:37:38 -------- d-----w- c:\users\rob\appdata\local\{10D4E33E-99F9-4B4F-970E-1421168ABE99}
2012-06-24 18:37:16 -------- d-----w- c:\users\rob\appdata\local\{701F56A9-AE71-45B7-A595-7BAB7864C0A7}
2012-06-24 06:36:51 -------- d-----w- c:\users\rob\appdata\local\{4AF9F52D-9771-40B6-A5B5-59ADC781C6B8}
2012-06-24 06:36:29 -------- d-----w- c:\users\rob\appdata\local\{BE8A43CC-9E61-44E2-A5E6-4FF55CB4E967}
2012-06-23 18:36:02 -------- d-----w- c:\users\rob\appdata\local\{E3BE6626-C19A-4E7F-AC77-28A047461D29}
2012-06-23 18:35:34 -------- d-----w- c:\users\rob\appdata\local\{C96E272F-24DB-4027-A560-A7C49EF57BCB}
2012-06-23 07:44:08 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-23 07:09:08 -------- d-----w- c:\users\rob\appdata\local\QuickPar
2012-06-23 07:08:17 -------- d-----w- c:\program files\QuickPar
2012-06-23 06:59:57 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 06:59:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 06:59:29 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 06:59:28 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 19:34:52 -------- d-----w- c:\users\rob\appdata\local\{EB660433-C800-4336-A874-7A021BF0E69A}
2012-06-19 19:34:42 -------- d-----w- c:\users\rob\appdata\local\{EF3570D2-59B2-4EE5-A7C9-FA7CCA0DDBCD}
2012-06-19 03:32:13 -------- d-----w- c:\users\rob\appdata\local\{20948427-56EE-4592-AB9F-F4116B856952}
2012-06-19 03:32:00 -------- d-----w- c:\users\rob\appdata\local\{B903EA9E-B1B7-4BF0-851B-7AC78436E9C6}
2012-06-18 14:18:27 -------- d-----w- c:\users\rob\appdata\local\{2A0EE2BA-4382-4DBE-B507-89775BD5BCA8}
2012-06-17 16:37:56 -------- d-----w- c:\users\rob\appdata\local\{643CFEAC-70DE-475C-A577-B27A5DBB92F0}
2012-06-17 04:37:17 -------- d-----w- c:\users\rob\appdata\local\{9B9079A8-E7E0-4CB6-9613-38489D9CAD71}
2012-06-17 03:33:32 -------- d-----w- c:\program files\Newsbin
2012-06-16 16:36:42 -------- d-----w- c:\users\rob\appdata\local\{8E194AD9-C608-4625-9F62-6E7263977E57}
2012-06-16 04:36:06 -------- d-----w- c:\users\rob\appdata\local\{BB873C56-CF7D-42BC-81B3-CF64C1863657}
2012-06-15 16:35:42 -------- d-----w- c:\users\rob\appdata\local\{35ECFE2E-1B7D-4C9F-8331-92D4FD34ED37}
2012-06-15 01:00:38 -------- d-----w- c:\users\rob\appdata\local\{5C282AC3-DD4E-43FD-9087-814E8FA70948}
2012-06-14 04:27:58 -------- d-----w- c:\users\rob\appdata\local\{F45F549B-CCE0-47D0-9038-1F2CB1AB8B6E}
2012-06-14 04:27:35 -------- d-----w- c:\users\rob\appdata\local\{09D1776A-3EAB-4C5F-8BBB-ADEFA6F7AC4D}
2012-06-13 22:14:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 22:14:34 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:14:33 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 22:14:33 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:14:32 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:14:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 16:27:10 -------- d-----w- c:\users\rob\appdata\local\{861A400D-7CD8-42DE-853A-3DB27DEB184C}
2012-06-13 16:26:47 -------- d-----w- c:\users\rob\appdata\local\{CA70C550-6D76-4219-A23D-7958FE2F7AFB}
2012-06-13 04:26:23 -------- d-----w- c:\users\rob\appdata\local\{385B490C-A126-4108-ACEE-C77A1EA2898C}
2012-06-13 04:26:00 -------- d-----w- c:\users\rob\appdata\local\{AC156247-F531-473E-9079-D0FECAA0E738}
2012-06-13 03:06:16 -------- d-----w- c:\program files\EaseUS
2012-06-12 16:25:35 -------- d-----w- c:\users\rob\appdata\local\{C2E95D2B-7721-4505-B08C-1966E5898564}
2012-06-12 16:25:12 -------- d-----w- c:\users\rob\appdata\local\{181D1A4C-46FF-4962-BB01-A77EB01D8B96}
2012-06-12 01:07:35 -------- d-----w- c:\users\rob\appdata\local\{6ED357B3-33E5-4859-9FF1-DA564C449B69}
2012-06-12 01:07:24 -------- d-----w- c:\users\rob\appdata\local\{15774BF5-0610-417D-9F9B-35D03761176C}
2012-06-10 17:22:45 -------- d-----w- c:\users\rob\appdata\local\{A48E0282-737E-4920-AF1B-DCF5682C331B}
2012-06-10 17:22:22 -------- d-----w- c:\users\rob\appdata\local\{DA1B1F4C-0E1B-415E-9C0F-C4F0EF57648D}
2012-06-10 05:21:57 -------- d-----w- c:\users\rob\appdata\local\{58FFE684-572D-4A98-B818-0658896BB2AF}
2012-06-10 05:21:33 -------- d-----w- c:\users\rob\appdata\local\{11E5D463-7DB5-46FB-9F47-F3959C5EAD22}
2012-06-09 17:21:08 -------- d-----w- c:\users\rob\appdata\local\{FAF2F2B2-F051-43A5-9189-A3F2565AA1DF}
2012-06-09 17:20:57 -------- d-----w- c:\users\rob\appdata\local\{BC024C30-58A2-4BE6-8730-308C3165EC74}
2012-06-08 16:38:57 -------- d-----w- c:\users\rob\appdata\local\{420807A6-7650-4C0F-B5D4-985B61928989}
2012-06-08 16:38:34 -------- d-----w- c:\users\rob\appdata\local\{734236D2-FE82-4F53-8575-8B4440C6E858}
2012-06-08 04:38:10 -------- d-----w- c:\users\rob\appdata\local\{38C62A23-672B-49A3-B7B1-3A51D5E8A1FE}
2012-06-08 04:37:59 -------- d-----w- c:\users\rob\appdata\local\{5449B5A3-4638-42B0-8505-9942446F8AB7}
2012-06-07 14:58:16 -------- d-----w- c:\users\rob\appdata\local\{A9E8027E-682C-4B98-951A-DADD942ADD3E}
2012-06-07 14:57:54 -------- d-----w- c:\users\rob\appdata\local\{AC2D9747-5876-43E3-9C18-EEEC3C4E03AF}
2012-06-07 02:57:29 -------- d-----w- c:\users\rob\appdata\local\{9FCF7E48-2CC0-47F0-B86F-9CB6A3764B55}
2012-06-07 02:57:07 -------- d-----w- c:\users\rob\appdata\local\{81A3771D-203C-4A63-A087-CFC2ACCD0499}
2012-06-06 14:56:55 -------- d-----w- c:\users\rob\appdata\local\{66773C6D-6DDF-43CA-9CB2-C63140EAA3B4}
2012-06-06 14:56:32 -------- d-----w- c:\users\rob\appdata\local\{21135FCB-EC2A-4B6F-B9C2-F241DD394424}
2012-06-06 02:56:07 -------- d-----w- c:\users\rob\appdata\local\{CB68B574-5EE6-4592-BBD5-8BA1CD7D989F}
2012-06-06 02:55:45 -------- d-----w- c:\users\rob\appdata\local\{C8196FEA-D15F-488B-92BF-2A822E48DEA6}
2012-06-05 13:03:34 -------- d-----w- c:\users\rob\appdata\local\{7FF60068-1869-48EF-8F77-5A6A79F0C150}
2012-06-05 13:03:12 -------- d-----w- c:\users\rob\appdata\local\{B446392F-71CC-4FA6-A03F-988B455540FA}
.
==================== Find3M ====================
.
2028-06-08 23:38:06 158720 ----a-w- c:\windows\system32\VPMSDU32.DLL
2012-06-23 07:44:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 07:44:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-06 05:34:22 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34:04 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-04-06 05:33:52 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-04-06 05:32:56 13007872 ----a-w- c:\windows\system32\amdocl.dll
2012-04-06 05:21:10 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
.
============= FINISH: 19:39:05.97 ===============
-
Quick Scan with MBAM Pro shows two threats:
Backdoor.Agent File C\Users\Rob\AppData\Roaming\UseNetServ.exe
Malware.Trace Registry Key HKCU\Software\VB and VBA Program Settings\SrvID
DDS.txt below
I am a paying customer.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Rob at 21:07:54 on 2012-07-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.1389 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\dktahsp.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
C:\Program Files\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\reg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Newsbin\newsbinpro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sn123w.snt123.mail.live.com/default.aspx?wa=wsignin1.0
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [usenetServices] c:\users\rob\appdata\roaming\UseServe.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKAIO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
mRun: [My Movies Tray] "c:\program files\binnerup consult\my movies for windows media center\My Movies Tray.exe"
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
Trusted Zone: highland.com\office
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1295333121964
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: Interfaces\{84461330-3775-4679-86C3-253BB5E78260} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9AC50678-6F29-42C0-B92C-22B32EE56D11} : NameServer = 8.8.8.8 8.8.4.4
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rob\appdata\roaming\mozilla\firefox\profiles\mz85hv77.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2011-10-9 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2011-10-9 12464]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-6-29 66776]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2012/02/28 18:50:22];c:\program files\cyberlink\powerdvd dx\000.fcl [2012-2-28 87536]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]
R2 DkTahsp;OCUR SDV Service;c:\windows\system32\dktahsp.exe [2009-8-17 65536]
R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-2-14 13336]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-11 654408]
R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-9-23 641832]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-5 9334784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-30 22344]
R3 msta;Tuning Adapter Service;c:\windows\system32\drivers\msta.sys [2009-8-17 18432]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-4-13 67456]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-4-13 161024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2009-4-20 44784]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-26 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-26 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-14 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-04 04:06:31 -------- d-----w- c:\users\rob\appdata\local\{E75E4197-088E-41E5-BDC4-929886D137D0}
2012-07-04 04:06:09 -------- d-----w- c:\users\rob\appdata\local\{1BE09295-1082-4EB3-B994-EE4CB973903C}
2012-07-03 14:57:41 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f9d91bec-dbde-4167-9c7a-165d901e6bfd}\gapaengine.dll
2012-07-03 14:56:34 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4b2e0a84-8288-43db-83af-1479e75132a1}\mpengine.dll
2012-07-03 14:26:22 738816 ----a-w- c:\users\rob\appdata\roaming\UseServe.exe
2012-07-03 03:45:33 -------- d-----w- c:\users\rob\appdata\local\{673679B3-2ED5-43F4-B44D-3FA869861853}
2012-07-03 03:45:13 -------- d-----w- c:\users\rob\appdata\local\{DC4BB9D4-7DF1-4BE4-97BF-E2CCF1A089B8}
2012-07-02 14:41:21 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-02 06:17:12 -------- d-----w- c:\users\rob\appdata\local\{5B03CC29-CA14-4A1A-B695-6F66706A8455}
2012-07-02 06:16:50 -------- d-----w- c:\users\rob\appdata\local\{D9ECD697-F21B-467C-ACB3-9308503CA9B6}
2012-07-01 18:16:24 -------- d-----w- c:\users\rob\appdata\local\{88C328BD-8223-4751-B6D3-58B72EA81991}
2012-07-01 18:16:13 -------- d-----w- c:\users\rob\appdata\local\{73E73947-0C3F-4B32-9FAF-6A48F9C50E64}
2012-06-30 22:41:29 -------- d-----w- c:\users\rob\appdata\local\{DA374AFF-D844-4BBA-8283-468D075CC41D}
2012-06-30 22:41:06 -------- d-----w- c:\users\rob\appdata\local\{2C70DB14-8EC2-45B7-9A5A-465DED71C1E8}
2012-06-30 10:40:53 -------- d-----w- c:\users\rob\appdata\local\{9F989FCF-7AAA-431B-B3D2-36166535FB45}
2012-06-30 10:40:31 -------- d-----w- c:\users\rob\appdata\local\{D857CF61-6EDC-4E37-BB61-5A31F5790A6B}
2012-06-29 22:40:07 -------- d-----w- c:\users\rob\appdata\local\{E420D828-83DD-4ED0-850B-1B52AC1DC39E}
2012-06-29 22:39:51 -------- d-----w- c:\users\rob\appdata\local\{2913235F-2873-4437-90AC-D5E175F35126}
2012-06-29 02:27:53 -------- d-----w- c:\users\rob\appdata\local\{0F1E3C4A-7046-4D81-B77B-97A77A6A7661}
2012-06-29 02:27:30 -------- d-----w- c:\users\rob\appdata\local\{B9CA9430-65F0-4461-88FD-758BFEEF863C}
2012-06-28 14:27:02 -------- d-----w- c:\users\rob\appdata\local\{5CD50142-56CB-41BF-9BE1-43A1EAA610D2}
2012-06-28 14:26:35 -------- d-----w- c:\users\rob\appdata\local\{775B5D9F-67F2-471D-A7AB-C74BED0AF8F1}
2012-06-28 04:16:21 -------- d-----w- c:\program files\AMD AVT
2012-06-28 04:16:15 -------- d-----w- c:\program files\AMD APP
2012-06-28 02:25:58 -------- d-----w- c:\users\rob\appdata\local\{DA541912-BA1B-4F02-B48F-30EE051F0133}
2012-06-28 02:25:46 -------- d-----w- c:\users\rob\appdata\local\{3E1F0DE1-9B36-4579-A916-FD5DC8A847D8}
2012-06-27 01:56:53 -------- d-----w- c:\users\rob\appdata\local\{8949294A-41A7-4018-AC36-AAF6514D53CB}
2012-06-27 01:56:30 -------- d-----w- c:\users\rob\appdata\local\{1322A18B-20AF-41A2-84CB-7A27D5DE5DB1}
2012-06-26 13:56:05 -------- d-----w- c:\users\rob\appdata\local\{ABA88789-DC7C-484A-A869-6D1E06416E5C}
2012-06-26 13:55:55 -------- d-----w- c:\users\rob\appdata\local\{73A8572F-FDD9-449D-BF87-8DB539610914}
2012-06-25 19:41:56 -------- d-----w- c:\users\rob\appdata\local\{D8CA4377-132C-4896-81E0-FBB8CCEA8368}
2012-06-25 19:41:38 -------- d-----w- c:\users\rob\appdata\local\{0B465C3E-3FF1-4ABD-94AA-183CA03FF00F}
2012-06-24 18:37:38 -------- d-----w- c:\users\rob\appdata\local\{10D4E33E-99F9-4B4F-970E-1421168ABE99}
2012-06-24 18:37:16 -------- d-----w- c:\users\rob\appdata\local\{701F56A9-AE71-45B7-A595-7BAB7864C0A7}
2012-06-24 06:36:51 -------- d-----w- c:\users\rob\appdata\local\{4AF9F52D-9771-40B6-A5B5-59ADC781C6B8}
2012-06-24 06:36:29 -------- d-----w- c:\users\rob\appdata\local\{BE8A43CC-9E61-44E2-A5E6-4FF55CB4E967}
2012-06-23 18:36:02 -------- d-----w- c:\users\rob\appdata\local\{E3BE6626-C19A-4E7F-AC77-28A047461D29}
2012-06-23 18:35:34 -------- d-----w- c:\users\rob\appdata\local\{C96E272F-24DB-4027-A560-A7C49EF57BCB}
2012-06-23 07:44:08 9815752 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-23 07:09:08 -------- d-----w- c:\users\rob\appdata\local\QuickPar
2012-06-23 07:08:17 -------- d-----w- c:\program files\QuickPar
2012-06-23 06:59:57 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 06:59:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 06:59:29 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 06:59:28 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 19:34:52 -------- d-----w- c:\users\rob\appdata\local\{EB660433-C800-4336-A874-7A021BF0E69A}
2012-06-19 19:34:42 -------- d-----w- c:\users\rob\appdata\local\{EF3570D2-59B2-4EE5-A7C9-FA7CCA0DDBCD}
2012-06-19 03:32:13 -------- d-----w- c:\users\rob\appdata\local\{20948427-56EE-4592-AB9F-F4116B856952}
2012-06-19 03:32:00 -------- d-----w- c:\users\rob\appdata\local\{B903EA9E-B1B7-4BF0-851B-7AC78436E9C6}
2012-06-18 14:18:27 -------- d-----w- c:\users\rob\appdata\local\{2A0EE2BA-4382-4DBE-B507-89775BD5BCA8}
2012-06-17 16:37:56 -------- d-----w- c:\users\rob\appdata\local\{643CFEAC-70DE-475C-A577-B27A5DBB92F0}
2012-06-17 04:37:17 -------- d-----w- c:\users\rob\appdata\local\{9B9079A8-E7E0-4CB6-9613-38489D9CAD71}
2012-06-17 03:33:32 -------- d-----w- c:\program files\Newsbin
2012-06-16 16:36:42 -------- d-----w- c:\users\rob\appdata\local\{8E194AD9-C608-4625-9F62-6E7263977E57}
2012-06-16 04:36:06 -------- d-----w- c:\users\rob\appdata\local\{BB873C56-CF7D-42BC-81B3-CF64C1863657}
2012-06-15 16:35:42 -------- d-----w- c:\users\rob\appdata\local\{35ECFE2E-1B7D-4C9F-8331-92D4FD34ED37}
2012-06-15 01:00:38 -------- d-----w- c:\users\rob\appdata\local\{5C282AC3-DD4E-43FD-9087-814E8FA70948}
2012-06-14 04:27:58 -------- d-----w- c:\users\rob\appdata\local\{F45F549B-CCE0-47D0-9038-1F2CB1AB8B6E}
2012-06-14 04:27:35 -------- d-----w- c:\users\rob\appdata\local\{09D1776A-3EAB-4C5F-8BBB-ADEFA6F7AC4D}
2012-06-13 22:14:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 22:14:34 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:14:33 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 22:14:33 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:14:32 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:14:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 16:27:10 -------- d-----w- c:\users\rob\appdata\local\{861A400D-7CD8-42DE-853A-3DB27DEB184C}
2012-06-13 16:26:47 -------- d-----w- c:\users\rob\appdata\local\{CA70C550-6D76-4219-A23D-7958FE2F7AFB}
2012-06-13 04:26:23 -------- d-----w- c:\users\rob\appdata\local\{385B490C-A126-4108-ACEE-C77A1EA2898C}
2012-06-13 04:26:00 -------- d-----w- c:\users\rob\appdata\local\{AC156247-F531-473E-9079-D0FECAA0E738}
2012-06-13 03:06:16 -------- d-----w- c:\program files\EaseUS
2012-06-12 16:25:35 -------- d-----w- c:\users\rob\appdata\local\{C2E95D2B-7721-4505-B08C-1966E5898564}
2012-06-12 16:25:12 -------- d-----w- c:\users\rob\appdata\local\{181D1A4C-46FF-4962-BB01-A77EB01D8B96}
2012-06-12 01:07:35 -------- d-----w- c:\users\rob\appdata\local\{6ED357B3-33E5-4859-9FF1-DA564C449B69}
2012-06-12 01:07:24 -------- d-----w- c:\users\rob\appdata\local\{15774BF5-0610-417D-9F9B-35D03761176C}
2012-06-10 17:22:45 -------- d-----w- c:\users\rob\appdata\local\{A48E0282-737E-4920-AF1B-DCF5682C331B}
2012-06-10 17:22:22 -------- d-----w- c:\users\rob\appdata\local\{DA1B1F4C-0E1B-415E-9C0F-C4F0EF57648D}
2012-06-10 05:21:57 -------- d-----w- c:\users\rob\appdata\local\{58FFE684-572D-4A98-B818-0658896BB2AF}
2012-06-10 05:21:33 -------- d-----w- c:\users\rob\appdata\local\{11E5D463-7DB5-46FB-9F47-F3959C5EAD22}
2012-06-09 17:21:08 -------- d-----w- c:\users\rob\appdata\local\{FAF2F2B2-F051-43A5-9189-A3F2565AA1DF}
2012-06-09 17:20:57 -------- d-----w- c:\users\rob\appdata\local\{BC024C30-58A2-4BE6-8730-308C3165EC74}
2012-06-08 16:38:57 -------- d-----w- c:\users\rob\appdata\local\{420807A6-7650-4C0F-B5D4-985B61928989}
2012-06-08 16:38:34 -------- d-----w- c:\users\rob\appdata\local\{734236D2-FE82-4F53-8575-8B4440C6E858}
2012-06-08 04:38:10 -------- d-----w- c:\users\rob\appdata\local\{38C62A23-672B-49A3-B7B1-3A51D5E8A1FE}
2012-06-08 04:37:59 -------- d-----w- c:\users\rob\appdata\local\{5449B5A3-4638-42B0-8505-9942446F8AB7}
2012-06-07 14:58:16 -------- d-----w- c:\users\rob\appdata\local\{A9E8027E-682C-4B98-951A-DADD942ADD3E}
2012-06-07 14:57:54 -------- d-----w- c:\users\rob\appdata\local\{AC2D9747-5876-43E3-9C18-EEEC3C4E03AF}
2012-06-07 02:57:29 -------- d-----w- c:\users\rob\appdata\local\{9FCF7E48-2CC0-47F0-B86F-9CB6A3764B55}
2012-06-07 02:57:07 -------- d-----w- c:\users\rob\appdata\local\{81A3771D-203C-4A63-A087-CFC2ACCD0499}
2012-06-06 14:56:55 -------- d-----w- c:\users\rob\appdata\local\{66773C6D-6DDF-43CA-9CB2-C63140EAA3B4}
2012-06-06 14:56:32 -------- d-----w- c:\users\rob\appdata\local\{21135FCB-EC2A-4B6F-B9C2-F241DD394424}
2012-06-06 02:56:07 -------- d-----w- c:\users\rob\appdata\local\{CB68B574-5EE6-4592-BBD5-8BA1CD7D989F}
2012-06-06 02:55:45 -------- d-----w- c:\users\rob\appdata\local\{C8196FEA-D15F-488B-92BF-2A822E48DEA6}
2012-06-05 13:03:34 -------- d-----w- c:\users\rob\appdata\local\{7FF60068-1869-48EF-8F77-5A6A79F0C150}
2012-06-05 13:03:12 -------- d-----w- c:\users\rob\appdata\local\{B446392F-71CC-4FA6-A03F-988B455540FA}
2012-06-05 01:02:48 -------- d-----w- c:\users\rob\appdata\local\{00AA0DC1-B39A-4644-A299-9B2DB54970D3}
2012-06-05 01:02:32 -------- d-----w- c:\users\rob\appdata\local\{3F25FACE-89CB-4A45-865C-AE656B3FD1B8}
.
==================== Find3M ====================
.
2028-06-08 23:38:06 158720 ----a-w- c:\windows\system32\VPMSDU32.DLL
2012-06-23 07:44:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 07:44:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-06 05:34:22 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 05:34:04 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-04-06 05:33:52 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-04-06 05:32:56 13007872 ----a-w- c:\windows\system32\amdocl.dll
2012-04-06 05:21:10 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22:00 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:16:52 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16:24 451072 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:15:50 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14:36 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-04-06 02:14:28 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- c:\windows\system32\atidxx32.dll
2012-04-06 02:00:08 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:50:56 19753984 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 01:34:50 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:34:04 6203392 ----a-w- c:\windows\system32\atiumdag.dll
2012-04-06 01:30:14 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-04-06 01:30:06 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-04-06 01:25:30 13764096 ----a-w- c:\windows\system32\aticaldd.dll
2012-04-06 01:22:54 4795904 ----a-w- c:\windows\system32\atiumdva.dll
2012-04-06 01:11:18 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11:04 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10:52 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10:22 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09:48 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09:34 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06:04 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- c:\windows\system32\amdpcom32.dll
.
============= FINISH: 21:08:52.25 ===============
Threats detected, MBAW blocking incoming port scans, Adware in Browser
in Resolved Malware Removal Logs
Posted
Yes, that did resolve the issue.
Thanks again.