Jump to content

freakstyle

Honorary Members
 View Profile  See their activity

  • Posts

    58

  • Joined

  • Last visited

 Content Type 

Everything posted by freakstyle

  1. freakstyle
    maniac. it seems to stop mostly at 30% when scanning. :|
  2. freakstyle
    ComboFix 12-07-04.04 - MJ 07/05/2012 11:12:38.2.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6055.4220 [GMT 8:00] Running from: c:\users\MJ\Desktop\ComboFix.exe Command switches used :: c:\users\MJ\Desktop\CFScript.txt AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\ToolKitService c:\program files (x86)\ToolKitService\etkremove.exe c:\program files (x86)\ToolKitService\tkshext.dll c:\program files\Web Assistant c:\program files\Web Assistant\Extension64.dll c:\program files\Web Assistant\ExtensionUpdaterService.exe c:\program files\Web Assistant\Firefox\chrome.manifest c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js c:\program files\Web Assistant\Firefox\chrome\content\main.js c:\program files\Web Assistant\Firefox\chrome\content\main.xul c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js c:\program files\Web Assistant\Firefox\install.rdf c:\program files\Web Assistant\InstallerHelper.dll c:\program files\Web Assistant\libraries\DataExchangeScript.js c:\program files\Web Assistant\resources\localscript.js c:\program files\Web Assistant\source.crx c:\program files\Web Assistant\unins000.dat c:\program files\Web Assistant\unins000.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Web Assistant Updater -------\Service_Web Assistant Updater . . ((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 ))))))))))))))))))))))))))))))) . . 2012-07-05 03:19 . 2012-07-05 03:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-05 03:19 . 2012-07-05 03:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-04 16:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6BD4EB6-6152-48F6-AA27-6EB896036E06}\mpengine.dll 2012-07-04 14:44 . 2012-07-04 14:44 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-04 14:44 . 2012-07-04 14:44 -------- d-----w- c:\program files (x86)\Oracle 2012-07-04 14:43 . 2012-05-04 11:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-04 10:14 . 2012-04-19 10:42 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{598D5999-0A53-4384-8193-F69EC7677FD4}\gapaengine.dll 2012-07-01 01:07 . 2009-03-18 09:35 33856 ---ha-w- c:\windows\system32\hamachi.sys 2012-07-01 01:07 . 2012-07-01 01:07 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-06-24 09:07 . 2012-06-24 09:09 -------- d-----w- c:\program files (x86)\Battle Realms 2012-06-23 15:46 . 2012-06-23 15:46 -------- d-----w- c:\users\MJ\AppData\Roaming\Media Player Classic 2012-06-23 15:46 . 2012-06-09 17:21 178688 ----a-w- c:\windows\SysWow64\unrar.dll 2012-06-23 15:46 . 2012-06-23 15:46 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack 2012-06-22 08:18 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 08:18 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 08:18 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 08:18 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 08:18 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-22 08:18 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 08:18 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 08:18 . 2012-06-02 07:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 08:18 . 2012-06-02 07:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 08:49 . 2012-06-21 08:51 -------- d-----w- c:\users\MJ\AppData\Roaming\.minecraft 2012-06-21 03:32 . 2012-07-05 03:05 -------- d-----w- c:\users\MJ\AppData\Local\LogMeIn Hamachi 2012-06-19 12:40 . 2012-07-05 03:06 -------- d-----w- c:\users\MJ\AppData\Local\Diagnostics 2012-06-15 13:27 . 2012-06-21 04:26 -------- d-----w- c:\users\MJ\AppData\Roaming\Tunngle 2012-06-15 13:27 . 2012-06-21 03:22 -------- d-----w- c:\programdata\Tunngle 2012-06-15 13:27 . 2009-09-16 00:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys 2012-06-15 13:27 . 2012-06-15 13:28 -------- d-----w- c:\program files (x86)\Tunngle 2012-06-13 10:42 . 2012-04-19 10:42 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-06 15:27 . 2012-06-06 15:27 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-06-05 07:35 . 2012-06-05 07:35 -------- d-----w- c:\users\MJ\AppData\Roaming\Malwarebytes 2012-06-05 07:35 . 2012-06-05 07:35 -------- d-----w- c:\programdata\Malwarebytes 2012-06-05 07:35 . 2012-06-05 07:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-05 07:35 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-05 03:20 . 2012-04-19 09:18 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-06-23 14:05 . 2012-04-21 16:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-23 14:05 . 2012-04-21 16:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-19 14:27 . 2012-04-30 10:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-06-19 14:26 . 2012-04-30 10:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-06-19 14:26 . 2012-04-30 10:33 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-12 13:27 . 2012-05-15 12:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-06-12 13:27 . 2012-05-15 12:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-06-12 13:26 . 2012-05-15 12:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-06-12 13:26 . 2012-05-15 12:34 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-05-31 04:04 . 2012-04-20 10:56 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-17 03:24 . 2012-04-30 10:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-05-04 11:29 . 2012-04-19 09:54 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-25 11:08 . 2012-04-25 11:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-04-25 11:08 . 2012-04-25 11:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-04-25 11:08 . 2012-04-25 11:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-04-25 11:08 . 2012-04-25 11:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-04-25 11:08 . 2012-04-25 11:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-04-25 11:08 . 2012-04-25 11:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-04-25 11:08 . 2012-04-25 11:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-04-25 11:08 . 2012-04-25 11:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-04-25 11:08 . 2012-04-25 11:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-04-25 11:08 . 2012-04-25 11:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-04-25 11:08 . 2012-04-25 11:08 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-04-25 11:08 . 2012-04-25 11:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-04-25 11:08 . 2012-04-25 11:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-04-25 11:08 . 2012-04-25 11:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-04-25 11:08 . 2012-04-25 11:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-04-25 11:08 . 2012-04-25 11:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-04-25 11:08 . 2012-04-25 11:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-04-25 11:08 . 2012-04-25 11:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-04-25 11:08 . 2012-04-25 11:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-04-25 11:08 . 2012-04-25 11:08 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-04-25 11:08 . 2012-04-25 11:08 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-04-25 11:08 . 2012-04-25 11:08 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-04-25 11:08 . 2012-04-25 11:08 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-04-25 11:08 . 2012-04-25 11:08 448512 ----a-w- c:\windows\system32\html.iec 2012-04-25 11:08 . 2012-04-25 11:08 222208 ----a-w- c:\windows\system32\msls31.dll 2012-04-25 11:08 . 2012-04-25 11:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-04-25 11:08 . 2012-04-25 11:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-04-25 11:08 . 2012-04-25 11:08 12288 ----a-w- c:\windows\system32\mshta.exe 2012-04-25 11:08 . 2012-04-25 11:08 114176 ----a-w- c:\windows\system32\admparse.dll 2012-04-25 11:08 . 2012-04-25 11:08 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-04-25 11:08 . 2012-04-25 11:08 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-04-25 11:08 . 2012-04-25 11:08 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-04-25 11:08 . 2012-04-25 11:08 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-04-25 11:08 . 2012-04-25 11:08 160256 ----a-w- c:\windows\system32\wextract.exe 2012-04-19 11:54 . 2012-04-19 11:54 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-19 09:09 . 2012-04-19 09:09 80512 ----a-w- c:\windows\ASUS K3 Series ScreenSaver Uninstaller.exe 2012-04-19 09:09 . 2012-04-19 09:09 3058304 ----a-w- c:\windows\AsScrPro.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-07-04_16.17.52 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-07-05 02:59 39770 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-05 02:59 32552 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-04-19 08:31 . 2012-07-05 02:59 6338 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-9987305-2436438632-174203971-1000_UserData.bin - 2012-04-19 08:31 . 2012-07-04 10:04 6338 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-9987305-2436438632-174203971-1000_UserData.bin + 2012-04-19 09:03 . 2012-07-05 03:19 1816 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2012-04-19 09:03 . 2012-07-03 14:45 1816 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat - 2012-07-04 10:02 . 2012-07-04 10:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-05 03:20 . 2012-07-05 03:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-04 10:02 . 2012-07-04 10:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-05 03:20 . 2012-07-05 03:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-04-19 09:21 . 2012-07-03 14:45 815072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-04-19 09:21 . 2012-07-05 03:19 815072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2012-07-03 14:45 385436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-05 03:19 385436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-04-19 10:11 . 2012-07-05 03:19 15364240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-9987305-2436438632-174203971-1000-8192.dat - 2012-04-19 10:11 . 2012-07-03 14:45 15364240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-9987305-2436438632-174203971-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}] c:\program files (x86)\ToolKitService\splash.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files (x86)\ToolKitService\toolbar.dll" [bU] . [HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}] [HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1] [HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}] [HKEY_CLASSES_ROOT\ToolBand.ToolBandObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-19 1242448] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2012-4-19 12862] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "midi2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-06-06 33096] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 ToolkitDisk;ToolkitDisk;c:\windows\system32\Drivers\toolkitdisk.sys [2011-09-12 62552] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-06-01 736104] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-19 1255736] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-18 67664] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232] S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-18 241488] . . Contents of the 'Scheduled Tasks' folder . 2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 14:05] . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-9987305-2436438632-174203971-1000Core.job - c:\users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 09:38] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-9987305-2436438632-174203971-1000UA.job - c:\users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 09:38] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [bU] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-09 1123664] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-13 192520] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-18 322384] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "combofix"="c:\combofix\CF14228.3XE" [2010-11-21 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\4ybhqm3v.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe . ************************************************************************** . Completion time: 2012-07-05 11:24:21 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-05 03:24 ComboFix2.txt 2012-07-04 16:20 . Pre-Run: 138,137,317,376 bytes free Post-Run: 137,892,933,632 bytes free . - - End Of File - - 7E4A774BE09242712AAD0E379AC98F22
  3. freakstyle
    also successfully removed utorrent and the utorrent control2 toolbar
  4. freakstyle
    ComboFix 12-07-04.03 - MJ 07/05/2012 0:08.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6055.4003 [GMT 8:00] Running from: c:\users\MJ\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Web Assistant\ExTEnsion32.dll . . ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 ))))))))))))))))))))))))))))))) . . 2012-07-04 16:17 . 2012-07-04 16:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-04 16:17 . 2012-07-04 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-04 14:44 . 2012-07-04 14:44 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-04 14:44 . 2012-07-04 14:44 -------- d-----w- c:\program files (x86)\Oracle 2012-07-04 14:43 . 2012-05-04 11:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-04 10:14 . 2012-04-19 10:42 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{598D5999-0A53-4384-8193-F69EC7677FD4}\gapaengine.dll 2012-07-04 10:14 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EE231A1-B8D7-4F87-BB12-99EF3D24564D}\mpengine.dll 2012-07-01 01:07 . 2009-03-18 09:35 33856 ---ha-w- c:\windows\system32\hamachi.sys 2012-07-01 01:07 . 2012-07-01 01:07 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-06-24 09:07 . 2012-06-24 09:09 -------- d-----w- c:\program files (x86)\Battle Realms 2012-06-23 15:46 . 2012-06-23 15:46 -------- d-----w- c:\users\MJ\AppData\Roaming\Media Player Classic 2012-06-23 15:46 . 2012-06-09 17:21 178688 ----a-w- c:\windows\SysWow64\unrar.dll 2012-06-23 15:46 . 2012-06-23 15:46 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack 2012-06-22 08:18 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 08:18 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 08:18 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 08:18 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 08:18 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-22 08:18 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 08:18 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 08:18 . 2012-06-02 07:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 08:18 . 2012-06-02 07:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 08:49 . 2012-06-21 08:51 -------- d-----w- c:\users\MJ\AppData\Roaming\.minecraft 2012-06-21 03:32 . 2012-07-04 10:15 -------- d-----w- c:\users\MJ\AppData\Local\LogMeIn Hamachi 2012-06-19 12:40 . 2012-06-19 12:40 -------- d-----w- c:\users\MJ\AppData\Local\Diagnostics 2012-06-15 13:27 . 2012-06-21 04:26 -------- d-----w- c:\users\MJ\AppData\Roaming\Tunngle 2012-06-15 13:27 . 2012-06-21 03:22 -------- d-----w- c:\programdata\Tunngle 2012-06-15 13:27 . 2009-09-16 00:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys 2012-06-15 13:27 . 2012-06-15 13:28 -------- d-----w- c:\program files (x86)\Tunngle 2012-06-13 10:42 . 2012-04-19 10:42 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-13 10:42 . 2012-04-19 10:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{974AC2D7-8721-4331-B79D-C79F1E9C7998}\gapaengine.dll 2012-06-06 15:27 . 2012-06-06 15:27 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-06-05 07:35 . 2012-06-05 07:35 -------- d-----w- c:\users\MJ\AppData\Roaming\Malwarebytes 2012-06-05 07:35 . 2012-06-05 07:35 -------- d-----w- c:\programdata\Malwarebytes 2012-06-05 07:35 . 2012-06-05 07:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-05 07:35 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-04 10:03 . 2012-04-19 09:18 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-06-23 14:05 . 2012-04-21 16:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-23 14:05 . 2012-04-21 16:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-19 14:27 . 2012-04-30 10:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-06-19 14:26 . 2012-04-30 10:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-06-19 14:26 . 2012-04-30 10:33 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-12 13:27 . 2012-05-15 12:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-06-12 13:27 . 2012-05-15 12:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-06-12 13:26 . 2012-05-15 12:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-06-12 13:26 . 2012-05-15 12:34 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-05-31 04:04 . 2012-04-20 10:56 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-17 03:24 . 2012-04-30 10:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-05-04 11:29 . 2012-04-19 09:54 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-25 11:08 . 2012-04-25 11:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-04-25 11:08 . 2012-04-25 11:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-04-25 11:08 . 2012-04-25 11:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-04-25 11:08 . 2012-04-25 11:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-04-25 11:08 . 2012-04-25 11:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-04-25 11:08 . 2012-04-25 11:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-04-25 11:08 . 2012-04-25 11:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-04-25 11:08 . 2012-04-25 11:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-04-25 11:08 . 2012-04-25 11:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-04-25 11:08 . 2012-04-25 11:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-04-25 11:08 . 2012-04-25 11:08 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-04-25 11:08 . 2012-04-25 11:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-04-25 11:08 . 2012-04-25 11:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-04-25 11:08 . 2012-04-25 11:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-04-25 11:08 . 2012-04-25 11:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-04-25 11:08 . 2012-04-25 11:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-04-25 11:08 . 2012-04-25 11:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-04-25 11:08 . 2012-04-25 11:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-04-25 11:08 . 2012-04-25 11:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-04-25 11:08 . 2012-04-25 11:08 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-04-25 11:08 . 2012-04-25 11:08 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-04-25 11:08 . 2012-04-25 11:08 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-04-25 11:08 . 2012-04-25 11:08 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-04-25 11:08 . 2012-04-25 11:08 448512 ----a-w- c:\windows\system32\html.iec 2012-04-25 11:08 . 2012-04-25 11:08 222208 ----a-w- c:\windows\system32\msls31.dll 2012-04-25 11:08 . 2012-04-25 11:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-04-25 11:08 . 2012-04-25 11:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-04-25 11:08 . 2012-04-25 11:08 12288 ----a-w- c:\windows\system32\mshta.exe 2012-04-25 11:08 . 2012-04-25 11:08 114176 ----a-w- c:\windows\system32\admparse.dll 2012-04-25 11:08 . 2012-04-25 11:08 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-04-25 11:08 . 2012-04-25 11:08 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-04-25 11:08 . 2012-04-25 11:08 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-04-25 11:08 . 2012-04-25 11:08 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-04-25 11:08 . 2012-04-25 11:08 160256 ----a-w- c:\windows\system32\wextract.exe 2012-04-19 11:54 . 2012-04-19 11:54 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-19 09:09 . 2012-04-19 09:09 80512 ----a-w- c:\windows\ASUS K3 Series ScreenSaver Uninstaller.exe 2012-04-19 09:09 . 2012-04-19 09:09 3058304 ----a-w- c:\windows\AsScrPro.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-19 1242448] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-22 6591800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2012-4-19 12862] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "midi2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856] R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-06-06 33096] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 ToolkitDisk;ToolkitDisk;c:\windows\system32\Drivers\toolkitdisk.sys [2011-09-12 62552] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-06-01 736104] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-19 1255736] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-18 67664] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232] S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-18 241488] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR . Contents of the 'Scheduled Tasks' folder . 2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 14:05] . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-9987305-2436438632-174203971-1000Core.job - c:\users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 09:38] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-9987305-2436438632-174203971-1000UA.job - c:\users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 09:38] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] 2012-05-08 07:13 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-09 1123664] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-13 192520] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-18 322384] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://mystart.incredibar.com/mb143?a=6PQyvOs8Gw&i=26 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\4ybhqm3v.default\ FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - hxxp://Mystart.incredibar.com/mb124 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q= FF - user.js: extensions.BabylonToolbar_i.id - f27bfa55000000000000742f68a05421 FF - user.js: extensions.BabylonToolbar_i.hardId - f27bfa55000000000000742f68a05421 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15449 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:05 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQyvOs8Gw&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - f27bfa55000000000000742f68a05421 FF - user.js: extensions.incredibar_i.instlDay - 15486 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1410:26 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQyvOs8Gw FF - user.js: extensions.incredibar_i.upn2n - 92542948975584844 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) BHO-{70EA269E-56DF-49C2-86B2-1A1924ED88B4} - c:\program files (x86)\ToolKitService\splash.dll Toolbar-{D3B22A92-87A2-47b6-B3E6-A64877B5C242} - c:\program files (x86)\ToolKitService\toolbar.dll Wow6432Node-HKCU-Run-tktray - c:\program files (x86)\ToolKitService\tktray.exe Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-05 00:20:03 ComboFix-quarantined-files.txt 2012-07-04 16:20 . Pre-Run: 138,208,239,616 bytes free Post-Run: 138,179,346,432 bytes free . - - End Of File - - 7FC6CA84235EF93AA7A462F2A10CA7A2
  5. freakstyle
    aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-04 23:19:13 ----------------------------- 23:19:13.709 OS Version: Windows x64 6.1.7601 Service Pack 1 23:19:13.709 Number of processors: 8 586 0x2A07 23:19:13.710 ComputerName: K53SI7 UserName: MJ 23:19:14.667 Initialize success 23:27:26.843 AVAST engine defs: 12070400 23:28:26.042 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 23:28:26.045 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3 23:28:26.054 Disk 0 MBR read successfully 23:28:26.057 Disk 0 MBR scan 23:28:26.116 Disk 0 Windows 7 default MBR code 23:28:26.119 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 23:28:26.150 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249899 MB offset 206848 23:28:26.184 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 250000 MB offset 512000000 23:28:26.218 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 215403 MB offset 1024000000 23:28:26.283 Disk 0 scanning C:\Windows\system32\drivers 23:28:39.352 Service scanning 23:29:10.690 Modules scanning 23:29:10.699 Disk 0 trace - called modules: 23:29:10.717 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 23:29:10.720 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006904790] 23:29:10.724 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8006324970] 23:29:10.727 5 ACPI.sys[fffff88000f0f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800664b050] 23:29:11.854 AVAST engine scan C:\Windows 23:29:14.586 AVAST engine scan C:\Windows\system32 23:32:54.022 AVAST engine scan C:\Windows\system32\drivers 23:33:08.211 AVAST engine scan C:\Users\MJ 23:39:31.795 AVAST engine scan C:\ProgramData 23:40:06.845 Scan finished successfully 23:40:21.912 Disk 0 MBR has been saved successfully to "C:\Users\MJ\Desktop\MBR.dat" 23:40:21.962 The log file has been saved successfully to "C:\Users\MJ\Desktop\aswMBR.txt"
  6. freakstyle
    Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MJ :: K53SI7 [administrator] Protection: Enabled 7/4/2012 11:14:56 PM mbam-log-2012-07-04 (23-14-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231007 Time elapsed: 1 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. freakstyle
    . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by MJ at 22:48:21 on 2012-07-04 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6055.3464 [GMT 8:00] . AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files\P4G\BatteryLife.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files\Web Assistant\ExtensionUpdaterService.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Trend Micro\Titanium\TiMiniService.exe C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe C:\Windows\system32\conhost.exe C:\Windows\AsScrPro.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\msiexec.exe C:\Windows\System32\svchost.exe -k swprv C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MJ\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mystart.incredibar.com/mb143?a=6PQyvOs8Gw&i=26 uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO: ToolKit IE Helper: {70ea269e-56df-49c2-86b2-1a1924ed88b4} - C:\Program Files (x86)\ToolKitService\splash.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - C:\Program Files (x86)\ToolKitService\toolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Google Update] "C:\Users\MJ\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [tktray] C:\Program Files (x86)\ToolKitService\tktray.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet uRunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f uRunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f uRunOnce: [blekkotb_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Anti-phishing Domain Advisor" /s /q uRunOnce: [blekkotb_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\MJ\AppData\Local\blekkotb" /s /q mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: Interfaces\{538F4406-7704-49CD-80CF-D0F76323D532} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{538F4406-7704-49CD-80CF-D0F76323D532}\C696E6B6379737 : DhcpNameServer = 124.106.5.2 124.106.4.2 TCP: Interfaces\{96137A0D-01AC-4750-8742-FDDAF4D5DECA} : DhcpNameServer = 124.106.6.2 124.106.5.2 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll BHO-X64: Web Assistant Helper - No File BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO-X64: uTorrentControl2 - No File BHO-X64: ToolKit IE Helper: {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll BHO-X64: ToolKit IE Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO-X64: IESpeakDoc - No File BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll BHO-X64: TmBpIeBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB-X64: eToolKit Toolbar: {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll mRun-x64: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\4ybhqm3v.default\ FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - hxxp://Mystart.incredibar.com/mb124 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q= FF - plugin: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\Program Files\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Users\MJ\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\4ybhqm3v.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.id - f27bfa55000000000000742f68a05421 FF - user.js: extensions.BabylonToolbar_i.hardId - f27bfa55000000000000742f68a05421 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15449 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:05:37 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQyvOs8Gw&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - f27bfa55000000000000742f68a05421 FF - user.js: extensions.incredibar_i.instlDay - 15486 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1410:26:06 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQyvOs8Gw FF - user.js: extensions.incredibar_i.upn2n - 92542948975584844 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 . ============= SERVICES / DRIVERS =============== . R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-5 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-4-19 2009704] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136] R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928] R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-5-26 185856] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?] R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?] R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?] R3 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-9-18 241488] S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-22 250056] S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-4-19 267480] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?] S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?] S3 ToolkitDisk;ToolkitDisk;\??\C:\Windows\system32\Drivers\toolkitdisk.sys --> C:\Windows\system32\Drivers\toolkitdisk.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?] S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-6-15 736104] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-04 14:44:05 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-04 14:43:48 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-04 10:14:20 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{598D5999-0A53-4384-8193-F69EC7677FD4}\gapaengine.dll 2012-07-04 10:14:12 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3EE231A1-B8D7-4F87-BB12-99EF3D24564D}\mpengine.dll 2012-07-01 01:07:24 33856 ---ha-w- C:\Windows\System32\hamachi.sys 2012-07-01 01:07:21 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-06-24 09:07:42 -------- d-----w- C:\Program Files (x86)\Battle Realms 2012-06-23 15:46:20 178688 ----a-w- C:\Windows\SysWow64\unrar.dll 2012-06-23 15:46:14 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack 2012-06-22 08:18:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-22 08:18:22 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-22 08:18:01 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-22 08:18:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-21 08:49:41 -------- d-----w- C:\Users\MJ\AppData\Roaming\.minecraft 2012-06-21 03:32:32 -------- d-----w- C:\Users\MJ\AppData\Local\LogMeIn Hamachi 2012-06-19 12:40:46 -------- d-----w- C:\Users\MJ\AppData\Local\Diagnostics 2012-06-15 13:27:39 -------- d-----w- C:\Users\MJ\AppData\Roaming\Tunngle 2012-06-15 13:27:39 -------- d-----w- C:\ProgramData\Tunngle 2012-06-15 13:27:34 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys 2012-06-15 13:27:31 -------- d-----w- C:\Program Files (x86)\Tunngle 2012-06-13 10:42:27 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-13 10:42:25 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{974AC2D7-8721-4331-B79D-C79F1E9C7998}\gapaengine.dll 2012-06-06 15:27:37 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2012-06-05 07:35:31 -------- d-----w- C:\Users\MJ\AppData\Roaming\Malwarebytes 2012-06-05 07:35:22 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-05 07:35:21 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-05 07:35:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-04 16:02:16 -------- d-----w- C:\Users\MJ\jagexcache3 . ==================== Find3M ==================== . 2012-07-04 10:03:04 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-06-23 14:05:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-23 14:05:36 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-04 11:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-04-19 11:54:11 525544 ----a-w- C:\Windows\System32\deployJava1.dll 2012-04-19 09:09:18 80512 ----a-w- C:\Windows\ASUS K3 Series ScreenSaver Uninstaller.exe 2012-04-19 09:09:02 3058304 ----a-w- C:\Windows\AsScrPro.exe . ============= FINISH: 22:49:02.46 ===============
  8. freakstyle
    i seem to have a same problem with raddy in this thread http://forums.malwarebytes.org/index.php?showtopic=107520&hl=&fromsearch=1 i also followed the steps in this thread. alr attached the txt file. and im gonna post the DDS.txt file Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.