Jump to content

MoonSpoon

Honorary Members
 View Profile  See their activity

  • Posts

    25

  • Joined

  • Last visited

 Content Type 

Everything posted by MoonSpoon

  1. MoonSpoon
    Ok it seems to be better now. I went through a lot random google links and no redirects.
  2. MoonSpoon
    They started happening a few months ago. and I as far as I know it's just happening in firefox, but that's the only browser I use.
  3. MoonSpoon
    I'm still being redirected.
  4. MoonSpoon
    ESET SCAN C:\Backup\Chris\AppData\Local\Temp\ICReinstall\cnet2_python-3_2_2_msi.exe a variant of Win32/InstallCore.D application C:\Backup\Chris\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application C:\Backup\Chris\AppData\Local\Temp\Searchqu_DM\BrowserConnection.dll Win32/Toolbar.SearchSuite application C:\Backup\Chris\AppData\Local\Temp\Searchqu_DM\DataMngr.dll Win32/Toolbar.SearchSuite application C:\Backup\Chris\AppData\Local\Temp\Searchqu_DM\DataMngrUI.exe Win32/Toolbar.SearchSuite application C:\Backup\Chris\AppData\Local\Temp\Searchqu_DM\DnsBHO.dll Win32/Toolbar.SearchSuite application C:\Backup\Chris\AppData\Local\Temp\Searchqu_DM\IEBHO.dll Win32/Toolbar.SearchSuite application C:\FRST\Quarantine\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\00000004.@ Win64/Conedex.C trojan C:\FRST\Quarantine\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\80000000.@ Win64/Sirefef.AE trojan C:\FRST\Quarantine\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\80000064.@ Win64/Sirefef.AN trojan C:\FRST\Quarantine\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\00000004.@ Win64/Conedex.C trojan C:\Users\Chris\Desktop\Acer\Backup\Chris\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application C:\Users\Chris\Desktop\Acer\Backup\Chris\AppData\Local\Temp\Searchqu_DM\BrowserConnection.dll Win32/Toolbar.SearchSuite application C:\Users\Chris\Desktop\Acer\Backup\Chris\AppData\Local\Temp\Searchqu_DM\DataMngr.dll Win32/Toolbar.SearchSuite application C:\Users\Chris\Desktop\Acer\Backup\Chris\AppData\Local\Temp\Searchqu_DM\DataMngrUI.exe Win32/Toolbar.SearchSuite application C:\Users\Chris\Desktop\Acer\Backup\Chris\AppData\Local\Temp\Searchqu_DM\DnsBHO.dll Win32/Toolbar.SearchSuite application C:\Users\Chris\Desktop\Acer\Backup\Chris\AppData\Local\Temp\Searchqu_DM\IEBHO.dll Win32/Toolbar.SearchSuite application C:\Users\Chris\Downloads\cbsidlm-tr1_11-DVD_Audio_Extractor-ORG-10306846.exe Win32/DownloadAdmin.G application C:\Users\Chris\Downloads\cnet2_python-3_2_2_msi.exe a variant of Win32/InstallCore.D application C:\Users\Chris\Downloads\deckadance_install.exe Win32/OpenCandy application C:\Users\Chris\Downloads\Louie_S03E01_HDTV_x264-LOL.exe Win32/Adware.1ClickDownload.G application C:\Users\Chris\Downloads\SoftonicDownloader_for_slender-the-eight-pages.exe a variant of Win32/SoftonicDownloader.E application C:\Users\Chris\Downloads\UFC.146.Dos.Santos.vs.Mir.1080p.HDTV.x264-RUDOS.exe.part Win32/Adware.1ClickDownload.C application C:\Users\Chris\Downloads\VLC_968.exe a variant of Win32/InstallIQ application C:\Users\Chris\Downloads\Limbo\LIMBO TDE ENG.exe a variant of Win32/Kryptik.EIF trojan
  5. MoonSpoon
    oh and I didn't see or could find through search bar Java SE Development Kit 7 Update 10 (64-bit) or Java 7 Update 10 (64-bit) in the programs to remove list.
  6. MoonSpoon
    malewarebytes log: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.04.05.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Chris :: CHRIS-PC [administrator] 4/5/2013 12:30:19 AM mbam-log-2013-04-05 (00-30-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212081 Time elapsed: 3 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Highjack This log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:35:27 AM, on 4/5/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Chris\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com/?cid=&mid=6af8254db88e47d0a3226939b29ffd2d-a16b2531828befe1effc36a56e6e25b78bacef80〈=us&ds=AVG&pr=fr&d=&pid=safeguard&sg=&v=&sap=hp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8413 bytes Computer still seems to be running better.
  7. MoonSpoon
    ComboFix 13-04-04.01 - Chris 04/04/2013 22:56:32.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2474 [GMT -4:00] Running from: c:\users\Chris\Desktop\ComboFix.exe Command switches used :: c:\users\Chris\Desktop\CFScript.txt AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-05 to 2013-04-05 ))))))))))))))))))))))))))))))) . . 2013-04-05 03:03 . 2013-04-05 03:03 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-04-05 03:03 . 2013-04-05 03:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-04 21:14 . 2012-08-23 15:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe 2013-04-04 21:14 . 2012-08-23 15:31 26488 ----a-w- c:\windows\system32\authuitu.dll 2013-04-04 21:14 . 2012-08-23 15:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll 2013-04-04 21:13 . 2013-04-04 21:13 -------- d-----w- c:\users\Chris\AppData\Roaming\AVG 2013-04-04 21:12 . 2013-04-04 21:14 -------- d-----w- c:\programdata\AVG 2013-04-04 21:12 . 2013-04-04 21:12 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-03-25 03:38 . 2013-03-25 03:38 -------- d-----w- c:\program files (x86)\7-Zip 2013-03-20 03:27 . 2013-03-20 03:27 -------- d-----w- c:\program files (x86)\DVD Audio Extractor . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-12 20:42 . 2012-08-03 06:03 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 20:42 . 2012-08-03 06:03 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-27 03:40 . 2013-02-27 03:40 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-02-14 07:52 . 2013-02-14 07:52 239416 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2013-02-08 08:37 . 2013-02-08 08:37 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2013-02-08 08:37 . 2013-02-08 08:37 311096 ----a-w- c:\windows\system32\drivers\avgloga.sys 2013-02-08 08:37 . 2013-02-08 08:37 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2013-02-08 08:37 . 2013-02-08 08:37 206136 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2013-02-08 08:37 . 2013-02-08 08:37 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2013-01-13 17:33 . 2013-01-13 17:34 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-01-13 17:33 . 2013-01-13 17:34 959976 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-13 17:33 . 2013-01-13 17:34 308200 ----a-w- c:\windows\system32\javaws.exe 2013-01-13 17:33 . 2013-01-13 17:34 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-13 17:33 . 2013-01-13 17:34 188392 ----a-w- c:\windows\system32\javaw.exe 2013-01-13 17:33 . 2013-01-13 17:34 188392 ----a-w- c:\windows\system32\java.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-03-26 1631144] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-03-13 4394032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux9"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-02-28 4937264] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024] R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2011-10-05 53080] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-09 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-27 246072] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-14 239416] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-08-23 2148216] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880] . . Contents of the 'Scheduled Tasks' folder . 2013-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 20:42] . 2013-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-578811391-3092173820-844756546-1000Core.job - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-21 16:48] . 2013-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-578811391-3092173820-844756546-1000UA.job - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-21 16:48] . 2013-04-05 c:\windows\Tasks\WpsUpdateTask_Chris.job - c:\program files (x86)\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe [2011-11-03 16:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://mysearch.avg.com/?cid=&mid=6af8254db88e47d0a3226939b29ffd2d-a16b2531828befe1effc36a56e6e25b78bacef80〈=us&ds=AVG&pr=fr&d=&pid=safeguard&sg=&v=&sap=hp mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-04 23:05:46 ComboFix-quarantined-files.txt 2013-04-05 03:05 ComboFix2.txt 2013-04-05 01:54 . Pre-Run: 193,956,282,368 bytes free Post-Run: 193,909,305,344 bytes free . - - End Of File - - 40F2629B5DBC66D6293DFABCDF4606B4 Seems to be running faster, no redirections as of yet.
  8. MoonSpoon
    ComboFix 13-04-04.01 - Chris 04/04/2013 21:40:42.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2630 [GMT -4:00] Running from: c:\users\Chris\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\OOP c:\oop\apples.class c:\oop\Project0.java c:\users\Chris\AppData\Roaming\dvdae c:\users\Chris\AppData\Roaming\dvdae\dvdae.config c:\users\Chris\AppData\Roaming\dvdae\dvdae.lic c:\windows\es.exe . . ((((((((((((((((((((((((( Files Created from 2013-03-05 to 2013-04-05 ))))))))))))))))))))))))))))))) . . 2013-04-05 01:49 . 2013-04-05 01:49 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-04-05 01:49 . 2013-04-05 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-04 21:14 . 2012-08-23 15:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe 2013-04-04 21:14 . 2012-08-23 15:31 26488 ----a-w- c:\windows\system32\authuitu.dll 2013-04-04 21:14 . 2012-08-23 15:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll 2013-04-04 21:13 . 2013-04-04 21:13 -------- d-----w- c:\users\Chris\AppData\Roaming\AVG 2013-04-04 21:12 . 2013-04-04 21:14 -------- d-----w- c:\programdata\AVG 2013-04-04 21:12 . 2013-04-04 21:12 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2013-03-25 03:38 . 2013-03-25 03:38 -------- d-----w- c:\program files (x86)\7-Zip 2013-03-20 03:27 . 2013-03-20 03:27 -------- d-----w- c:\program files (x86)\DVD Audio Extractor . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-12 20:42 . 2012-08-03 06:03 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 20:42 . 2012-08-03 06:03 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-27 03:40 . 2013-02-27 03:40 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-02-14 07:52 . 2013-02-14 07:52 239416 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2013-02-08 08:37 . 2013-02-08 08:37 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2013-02-08 08:37 . 2013-02-08 08:37 311096 ----a-w- c:\windows\system32\drivers\avgloga.sys 2013-02-08 08:37 . 2013-02-08 08:37 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2013-02-08 08:37 . 2013-02-08 08:37 206136 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2013-02-08 08:37 . 2013-02-08 08:37 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2013-01-13 17:33 . 2013-01-13 17:34 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-01-13 17:33 . 2013-01-13 17:34 959976 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-13 17:33 . 2013-01-13 17:34 308200 ----a-w- c:\windows\system32\javaws.exe 2013-01-13 17:33 . 2013-01-13 17:34 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-13 17:33 . 2013-01-13 17:34 188392 ----a-w- c:\windows\system32\javaw.exe 2013-01-13 17:33 . 2013-01-13 17:34 188392 ----a-w- c:\windows\system32\java.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-03-26 1631144] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-03-13 4394032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux9"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-02-28 4937264] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024] R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2011-10-05 53080] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-09 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-27 246072] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-14 239416] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-08-23 2148216] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880] . . Contents of the 'Scheduled Tasks' folder . 2013-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 20:42] . 2013-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-578811391-3092173820-844756546-1000Core.job - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-21 16:48] . 2013-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-578811391-3092173820-844756546-1000UA.job - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-21 16:48] . 2013-04-05 c:\windows\Tasks\WpsUpdateTask_Chris.job - c:\program files (x86)\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe [2011-11-03 16:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://mysearch.avg.com/?cid=&mid=6af8254db88e47d0a3226939b29ffd2d-a16b2531828befe1effc36a56e6e25b78bacef80〈=us&ds=AVG&pr=fr&d=&pid=safeguard&sg=&v=&sap=hp mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-04 21:54:32 ComboFix-quarantined-files.txt 2013-04-05 01:54 . Pre-Run: 193,918,656,512 bytes free Post-Run: 193,906,057,216 bytes free . - - End Of File - - F627B219904BE9FD19B27BDC6B151C1F My computer seems to be running better for now, no redirects. But it doesn't always happen everytime so I can't be 100% sure right now.
  9. MoonSpoon
    Thanks Gringo, Here's what you asked for. checkup.txt AdwCleanerS1.txt RKreport1_S_04042013_02d1936.txt
  10. MoonSpoon
    I'm getting redirected every now and then to various websites, mainly the livesearch one. This happened to me last year a couple times, I guess it may have never went away? Any help would be appreciated. Thanks, Chris. dds.txt attach.txt
  11. MoonSpoon
    Thanks, I appreciate the help.
  12. MoonSpoon
    It says no malicious items were found. I have one more question though. How should I go about updating or reinstalling Adobe?
  13. MoonSpoon
    ComboFix 12-07-31.03 - Chris 08/02/2012 15:03:47.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2877 [GMT -4:00] Running from: c:\users\Chris\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 ))))))))))))))))))))))))))))))) . . 2012-08-02 19:09 . 2012-08-02 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-01 21:25 . 2012-08-01 21:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-01 21:25 . 2012-08-01 21:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-31 20:01 . 2012-07-31 20:01 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\41A0.tmp 2012-07-31 20:01 . 2012-07-31 20:01 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\417F.tmp 2012-07-29 22:27 . 2012-07-29 22:27 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\104.tmp 2012-07-29 22:27 . 2012-07-29 22:27 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\103.tmp 2012-07-21 13:14 . 2012-08-02 17:36 -------- d-----w- c:\users\Chris\AppData\Roaming\uTorrent 2012-07-17 04:45 . 2012-07-17 04:45 -------- d-----w- C:\FRST 2012-07-17 02:24 . 2012-07-17 02:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-17 02:24 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-16 20:15 . 2012-07-16 20:15 -------- d-----w- C:\Malware 2012-07-16 18:34 . 2012-07-16 18:35 -------- d-----w- c:\users\Chris\AppData\Roaming\Ad-Aware Antivirus 2012-07-15 19:59 . 2012-07-15 19:59 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Games 2012-07-12 14:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 16:33 . 2012-07-11 16:33 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes 2012-07-11 16:33 . 2012-07-11 16:33 -------- d-----w- c:\programdata\Malwarebytes 2012-07-11 05:14 . 2012-07-11 05:14 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 14:43 . 2012-04-09 02:30 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-16 21:34 . 2011-03-28 22:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-02 22:19 . 2012-06-08 23:09 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-08 23:09 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-08 23:09 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-08 23:09 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-08 23:09 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-08 23:09 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-08 23:09 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-08 23:09 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-08 23:09 36864 ----a-w- c:\windows\system32\wuapp.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-01 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux9"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 250056] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120] R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2011-10-05 53080] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-09 1255736] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928] . . Contents of the 'Scheduled Tasks' folder . 2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 21:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?affID=109035&babsrc=HP_ss&mntrId=bc53a9eb000000000000b870f47b14de mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . ************************************************************************** . Completion time: 2012-08-02 15:17:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-02 19:17 . Pre-Run: 277,863,661,568 bytes free Post-Run: 278,066,872,320 bytes free . - - End Of File - - 0970392826503B2D29A64C7400AE413F
  14. MoonSpoon
    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02 Ran by SYSTEM at 2012-08-02 14:44:08 Run:2 Running from G:\ ============================================== C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e} moved successfully. C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e} moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
  15. MoonSpoon
    FRST.txt Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02 Ran by SYSTEM at 02-08-2012 14:10:36 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [170264 2012-02-14] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [398616 2012-02-14] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [440600 2012-02-14] (Intel Corporation) HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2538280 2011-01-13] (Synaptics Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\Chris\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-30] (Valve Corporation) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112 ==================== Services (Whitelisted) ====== 2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) ========================== Drivers (Whitelisted) ============= 0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. ) 1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.) 1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.) 0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.) 1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [556120 2012-04-08] () 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 NvnUsbAudio; C:\Windows\System32\Drivers\NvnUsbAudio.sys [53080 2011-10-05] (Novation DMS Ltd.) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-02 09:27 - 2012-08-02 09:27 - 00607260 ____R (Swearware) C:\Users\Chris\Downloads\dds(1).com 2012-08-01 13:25 - 2012-08-02 09:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-01 13:25 - 2012-08-01 13:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-01 13:25 - 2012-08-01 13:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-01 11:11 - 2012-08-01 11:11 - 00000000 ____D C:\Users\Chris\Downloads\Fugazi - discography (7 sudio albums + 3 EP's) 2012-07-31 12:18 - 2012-07-31 12:18 - 00998720 ____A (Solid State Networks) C:\Users\Chris\Downloads\install_flashplayer11x32_mssd_aih(1).exe 2012-07-31 11:08 - 2010-08-30 09:13 - 00000000 ____D C:\Users\Chris\Desktop\dubstepbasssamples 2012-07-31 10:03 - 2012-07-31 22:30 - 00000544 ____A C:\Users\Chris\Documents\JuanAMA.txt 2012-07-29 14:15 - 2012-07-29 15:13 - 00000000 ____D C:\Users\Chris\Downloads\MellowHype BlackenedWhite 2012-07-25 15:20 - 2012-07-25 15:24 - 00000000 ____D C:\Users\Chris\Downloads\The Machinist (2004) 2012-07-24 13:21 - 2012-07-24 13:21 - 00114045 ___AT C:\Users\Chris\Downloads\Trailer Park Boys - The Water Bong Is So Smooth.mp3.asd 2012-07-24 07:51 - 2012-07-24 07:51 - 00383991 ___AT C:\Users\Chris\Downloads\31487__lonemonk__bar-crowd-logans-pub-feb-2007.wav.asd 2012-07-24 07:47 - 2012-07-24 07:51 - 61915320 ____A C:\Users\Chris\Downloads\31487__lonemonk__bar-crowd-logans-pub-feb-2007.wav 2012-07-23 09:51 - 2012-07-23 09:51 - 00000280 ____A C:\Users\Chris\Documents\guitar tab.txt 2012-07-22 09:03 - 2012-07-22 09:03 - 00000000 ____D C:\Users\Chris\Downloads\Louie S03E04 HDTV XviD-KWZ[ettv] 2012-07-21 05:14 - 2012-08-02 09:36 - 00000000 ____D C:\Users\Chris\AppData\Roaming\uTorrent 2012-07-20 11:17 - 2012-07-28 18:38 - 00000000 ____D C:\Users\Chris\Desktop\vocal samples 2012-07-19 13:43 - 2012-07-19 13:43 - 00000006 ____A C:\Users\Chris\Documents\SONGTITLE.txt 2012-07-16 20:45 - 2012-07-16 20:45 - 00000000 ____D C:\FRST 2012-07-16 18:24 - 2012-07-16 18:24 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-16 18:24 - 2012-07-16 18:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-16 18:24 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-16 18:21 - 2012-07-16 18:21 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Desktop\mbam-setup-1.62.0.1300.exe 2012-07-16 17:49 - 2012-08-02 05:17 - 00000000 ____D C:\Windows\System32\Drivers\AVG 2012-07-16 17:49 - 2012-07-16 17:49 - 00000969 ____A C:\Users\Public\Desktop\AVG 2012.lnk 2012-07-16 17:49 - 2012-07-16 17:49 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG 2012-07-16 17:44 - 2012-07-16 19:13 - 00000000 ____D C:\Windows\erdnt 2012-07-16 14:24 - 2012-07-16 14:24 - 00006327 ____A C:\Users\Chris\Documents\Attach.txt 2012-07-16 13:59 - 2012-07-16 13:59 - 00607260 ____R (Swearware) C:\Users\Chris\Downloads\dds.com 2012-07-16 12:15 - 2012-07-16 12:15 - 00000000 ____D C:\Malware 2012-07-16 12:12 - 2012-07-16 12:12 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\setup.exe 2012-07-16 12:09 - 2012-07-16 12:09 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.62.0.1300(1).exe 2012-07-16 10:34 - 2012-07-16 10:35 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Ad-Aware Antivirus 2012-07-15 21:22 - 2012-07-15 21:23 - 194600468 ____A C:\Users\Chris\Downloads\Louie.S03E03.HDTV.x264-LOL.mp4 2012-07-15 11:59 - 2012-07-15 11:59 - 00000000 ____D C:\Users\Chris\AppData\Local\Microsoft Games 2012-07-15 09:54 - 2012-07-15 09:54 - 00413363 ___AT C:\Users\Chris\Downloads\Skate park fight.mp3.asd 2012-07-14 17:07 - 2012-07-14 17:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.62.0.1300.exe 2012-07-12 06:46 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-12 06:40 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-12 06:40 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-12 06:40 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-12 06:40 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-12 06:40 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-12 06:40 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-12 06:40 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-12 06:40 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-12 06:40 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-12 06:40 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-12 06:40 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-12 06:40 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-12 06:40 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-12 06:40 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-12 06:40 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-12 06:40 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-12 06:40 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-12 06:40 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-12 06:40 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-12 06:40 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-12 06:40 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-12 06:40 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-12 06:40 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-12 06:40 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-12 06:40 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-12 06:40 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-12 06:40 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-12 06:40 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-11 08:33 - 2012-07-11 08:33 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Malwarebytes 2012-07-11 08:33 - 2012-07-11 08:33 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-07-11 08:32 - 2012-07-11 08:32 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.61.0.1400.exe 2012-07-11 08:31 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 08:31 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 08:31 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 08:31 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 08:31 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 08:31 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 08:31 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 08:31 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-11 08:31 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 08:31 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 08:31 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 08:31 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 08:31 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 08:31 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 08:31 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 08:31 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 08:31 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-11 08:31 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 08:31 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-10 21:14 - 2012-07-10 21:14 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-08 12:12 - 2012-07-08 12:15 - 159861084 ____A C:\Users\Chris\Downloads\Louie.S03E02.HDTV.x264-LOL.mp4 2012-07-08 12:11 - 2012-07-08 12:14 - 00000000 ____D C:\Users\Chris\Downloads\Louie S03E01 HDTV x264-LOL[ettv] 2012-07-07 21:32 - 2012-07-07 21:32 - 00000000 ____D C:\Users\Chris\Downloads\Shameless Season 2 2012-07-05 00:59 - 2012-07-05 00:59 - 07618700 ____A C:\Users\Chris\Downloads\My world acapella 174bpm.wav 2012-07-05 00:59 - 2012-07-05 00:59 - 00068555 ___AT C:\Users\Chris\Downloads\My world acapella 174bpm.wav.asd ============ 3 Months Modified Files ======================== 2012-08-02 10:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-02 10:08 - 2009-07-13 20:51 - 00065260 ____A C:\Windows\setupact.log 2012-08-02 10:07 - 2009-07-13 20:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-02 10:07 - 2009-07-13 20:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-02 10:06 - 2012-04-08 13:04 - 01217374 ____A C:\Windows\WindowsUpdate.log 2012-08-02 09:43 - 2009-07-13 21:13 - 00726142 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-02 09:41 - 2012-08-01 13:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-02 09:30 - 2012-08-02 09:30 - 00016718 ____A C:\Users\Chris\Documents\DDS.txt 2012-08-02 09:27 - 2012-08-02 09:27 - 00607260 ____R (Swearware) C:\Users\Chris\Downloads\dds(1).com 2012-08-02 08:37 - 2012-04-09 06:22 - 00025718 ____A C:\Windows\PFRO.log 2012-08-01 13:25 - 2012-08-01 13:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-01 13:25 - 2012-08-01 13:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-31 22:30 - 2012-07-31 10:03 - 00000544 ____A C:\Users\Chris\Documents\JuanAMA.txt 2012-07-31 12:18 - 2012-07-31 12:18 - 00998720 ____A (Solid State Networks) C:\Users\Chris\Downloads\install_flashplayer11x32_mssd_aih(1).exe 2012-07-26 15:39 - 2012-06-18 13:56 - 00000000 ____A C:\Users\Chris\Documents\willitworkwhoknows.txt 2012-07-24 13:21 - 2012-07-24 13:21 - 00114045 ___AT C:\Users\Chris\Downloads\Trailer Park Boys - The Water Bong Is So Smooth.mp3.asd 2012-07-24 07:51 - 2012-07-24 07:51 - 00383991 ___AT C:\Users\Chris\Downloads\31487__lonemonk__bar-crowd-logans-pub-feb-2007.wav.asd 2012-07-24 07:51 - 2012-07-24 07:47 - 61915320 ____A C:\Users\Chris\Downloads\31487__lonemonk__bar-crowd-logans-pub-feb-2007.wav 2012-07-23 09:51 - 2012-07-23 09:51 - 00000280 ____A C:\Users\Chris\Documents\guitar tab.txt 2012-07-19 13:43 - 2012-07-19 13:43 - 00000006 ____A C:\Users\Chris\Documents\SONGTITLE.txt 2012-07-16 19:03 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-07-16 18:24 - 2012-07-16 18:24 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-16 18:21 - 2012-07-16 18:21 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Desktop\mbam-setup-1.62.0.1300.exe 2012-07-16 17:49 - 2012-07-16 17:49 - 00000969 ____A C:\Users\Public\Desktop\AVG 2012.lnk 2012-07-16 17:40 - 2009-07-13 21:08 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-16 14:24 - 2012-07-16 14:24 - 00006327 ____A C:\Users\Chris\Documents\Attach.txt 2012-07-16 13:59 - 2012-07-16 13:59 - 00607260 ____R (Swearware) C:\Users\Chris\Downloads\dds.com 2012-07-16 12:12 - 2012-07-16 12:12 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\setup.exe 2012-07-16 12:09 - 2012-07-16 12:09 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.62.0.1300(1).exe 2012-07-15 21:23 - 2012-07-15 21:22 - 194600468 ____A C:\Users\Chris\Downloads\Louie.S03E03.HDTV.x264-LOL.mp4 2012-07-15 09:54 - 2012-07-15 09:54 - 00413363 ___AT C:\Users\Chris\Downloads\Skate park fight.mp3.asd 2012-07-14 17:07 - 2012-07-14 17:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.62.0.1300.exe 2012-07-12 06:49 - 2009-07-13 20:45 - 00414656 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-12 06:43 - 2012-04-08 18:30 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-11 08:32 - 2012-07-11 08:32 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.61.0.1400.exe 2012-07-08 12:15 - 2012-07-08 12:12 - 159861084 ____A C:\Users\Chris\Downloads\Louie.S03E02.HDTV.x264-LOL.mp4 2012-07-05 00:59 - 2012-07-05 00:59 - 07618700 ____A C:\Users\Chris\Downloads\My world acapella 174bpm.wav 2012-07-05 00:59 - 2012-07-05 00:59 - 00068555 ___AT C:\Users\Chris\Downloads\My world acapella 174bpm.wav.asd 2012-07-03 09:46 - 2012-07-16 18:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-01 15:12 - 2012-07-01 15:12 - 00278960 ____A C:\Users\Chris\Downloads\Louie_S03E01_HDTV_x264-LOL.exe 2012-06-23 23:30 - 2012-06-23 23:30 - 00000023 ____A C:\Users\Chris\Documents\email.txt 2012-06-23 21:15 - 2012-04-08 15:16 - 00000292 ____A C:\Users\Chris\Documents\travel.txt 2012-06-22 21:24 - 2012-06-22 21:24 - 00001386 ____A C:\Users\Chris\Documents\LUCIDDREAMING.txt 2012-06-16 14:06 - 2012-06-16 14:06 - 00003592 ____A C:\Users\Chris\Documents\slow jam.wlmp 2012-06-16 13:33 - 2012-06-16 13:33 - 00000196 ____A C:\Windows\DirectX.log 2012-06-16 13:30 - 2012-06-16 13:30 - 01287528 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\wlsetup-web.exe 2012-06-11 19:08 - 2012-07-12 06:46 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-11 08:31 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-11 08:31 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-11 08:31 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-11 08:31 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-11 08:31 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-11 08:31 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-11 08:31 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-11 08:31 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 14:19 - 2012-06-08 15:09 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-08 15:09 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-08 15:09 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-08 15:09 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-08 15:09 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-08 15:09 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-08 15:09 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-08 15:09 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-08 15:09 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 04:49 - 2012-07-12 06:40 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-12 06:40 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-12 06:40 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-12 06:40 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:05 - 2012-07-12 06:40 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:04 - 2012-07-12 06:40 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:04 - 2012-07-12 06:40 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:03 - 2012-07-12 06:40 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-12 06:40 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-12 06:40 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-12 06:40 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-12 06:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-12 06:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-12 06:40 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-12 06:40 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-12 06:40 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-12 06:40 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-12 06:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-12 06:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:25 - 2012-07-12 06:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:23 - 2012-07-12 06:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-12 06:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-12 06:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-12 06:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-12 06:40 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-12 06:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-12 06:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-12 06:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 21:50 - 2012-07-11 08:31 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-11 08:31 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-11 08:31 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-11 08:31 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-11 08:31 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-11 08:31 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-11 08:31 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-11 08:31 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-11 08:31 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-29 16:31 - 2012-05-29 16:06 - 36486894 ____A C:\Users\Chris\Desktop\Ableton Class - Assignment 1.zip 2012-05-27 13:23 - 2012-05-27 13:22 - 00094142 ____A C:\Users\Chris\Downloads\UFC.146.Dos.Santos.vs.Mir.1080p.HDTV.x264-RUDOS.exe.part 2012-05-18 08:52 - 2012-05-18 08:52 - 00486080 ____A C:\Users\Chris\Downloads\Facebook-Timeline-Template-Design-Sandbox.psd 2012-05-17 21:31 - 2012-05-17 21:31 - 00448634 ____A (Novation DMS Ltd. ) C:\Users\Chris\Downloads\Novation_USB_Driver-2.3.exe 2012-05-15 09:03 - 2012-05-15 09:03 - 00002102 ____A C:\Users\Chris\Desktop\Deckadance.lnk 2012-05-15 09:02 - 2012-05-15 09:02 - 48551657 ____A C:\Users\Chris\Downloads\deckadance_install.exe 2012-05-15 09:01 - 2012-05-15 09:01 - 16741322 ____A C:\Users\Chris\Desktop\abysnth beat 2.wav 2012-05-13 10:22 - 2012-05-13 10:22 - 02055726 ____A C:\Users\Chris\Desktop\absynth beat.wav 2012-05-09 14:11 - 2012-05-09 14:02 - 261790167 ____A C:\Users\Chris\Downloads\Off the Air - Space [adult swim].mp4 2012-05-06 19:48 - 2012-04-08 15:34 - 00001833 ____A C:\Users\Chris\Downloads\LIMBO.lnk 2012-05-06 15:00 - 2012-05-06 10:06 - 114545087 ____A C:\Users\Chris\Downloads\Zechs Marquise - Getting Paid (2011)[Full album].rar 2012-05-05 15:32 - 2012-05-05 15:32 - 00000237 ____A C:\user.js ZeroAccess: C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e} C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L\00000004.@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L\201d3dde C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\00000004.@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\00000008.@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\000000cb.@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\80000000.@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\80000032.@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\80000064.@ ZeroAccess: C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e} C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\@ C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 15% Total physical RAM: 3947.86 MB Available physical RAM: 3317.41 MB Total Pagefile: 3946.01 MB Available Pagefile: 3311.15 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ======================= Partitions ========================= 1 Drive c: (Acer) (Fixed) (Total:580.07 GB) (Free:253.15 GB) NTFS 2 Drive e: (PQSERVICE) (Fixed) (Total:16 GB) (Free:2.11 GB) NTFS 4 Drive g: (Lexar) (Removable) (Total:0.94 GB) (Free:0.64 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 959 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 16 GB 1024 KB Partition 2 Primary 100 MB 16 GB Partition 3 Primary 580 GB 16 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E PQSERVICE NTFS Partition 16 GB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Acer NTFS Partition 580 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 959 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 04 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G Lexar FAT Removable 959 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-28 23:35 ======================= End Of Log ========================== Search.txt Farbar Recovery Scan Tool Version: 16-07-2012 02 Ran by SYSTEM at 2012-08-02 14:12:39 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 C:\Windows\erdnt\cache64\services.exe [2012-07-16 18:05] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\FRST\Quarantine\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
  16. MoonSpoon
    yeah I did. It keeps crashing all the time too.
  17. MoonSpoon
    DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Chris at 13:38:27 on 2012-08-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2754 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=109035&babsrc=HP_ss&mntrId=bc53a9eb000000000000b870f47b14de uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{B23769C1-942C-4EB4-8E70-DDB13FF01558} : DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{B23769C1-942C-4EB4-8E70-DDB13FF01558}\C696E6B6379737 : DhcpNameServer = 192.168.17.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll BHO-X64: Babylon toolbar helper - No File BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do Not Track - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-1 250056] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248] S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 113120] S3 NvnUsbAudio;Novation USB Audio Driver;C:\Windows\system32\DRIVERS\nvnusbaudio.sys --> C:\Windows\system32\DRIVERS\nvnusbaudio.sys [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-08-01 21:25:03 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-01 21:25:03 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-31 20:01:21 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\41A0.tmp 2012-07-31 20:01:21 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\417F.tmp 2012-07-29 22:27:08 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\104.tmp 2012-07-29 22:27:08 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\103.tmp 2012-07-21 13:14:32 -------- d-----w- C:\Users\Chris\AppData\Roaming\uTorrent 2012-07-17 04:45:32 -------- d-----w- C:\FRST 2012-07-17 03:03:53 -------- d-----w- C:\$RECYCLE.BIN 2012-07-17 02:24:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-17 02:24:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-17 01:49:46 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-07-17 01:49:22 -------- d-----w- C:\Windows\System32\drivers\AVG 2012-07-16 20:15:33 -------- d-----w- C:\Malware 2012-07-16 18:34:22 -------- d-----w- C:\Users\Chris\AppData\Roaming\Ad-Aware Antivirus 2012-07-15 19:59:42 -------- d-----w- C:\Users\Chris\AppData\Local\Microsoft Games 2012-07-12 14:46:20 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 16:33:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes 2012-07-11 16:33:33 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-11 05:14:03 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% . ==================== Find3M ==================== . 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 13:39:57.30 =============== Attach.txt
  18. MoonSpoon
    Nevermind. I rebooted and everything's working now. Thanks again.
  19. MoonSpoon
    Actually I'm having a problem opening programs. I keep getting the error "illegal operation attempted on a regisrty key that has been marked for deletion."
  20. MoonSpoon
    "No malicious software has been detected." Thank you so much for your help. I appreciate it a lot. You're a good man.
  21. MoonSpoon
    ComboFix 12-07-16.01 - Chris 07/16/2012 21:54:15.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2620 [GMT -4:00] Running from: c:\users\Chris\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files (x86)\2YourFace\2YourFace.crx c:\users\Chris\Documents\~WRL0005.tmp c:\users\Chris\Documents\~WRL0022.tmp c:\users\Chris\Documents\Pictures.exe c:\windows\Fonts\TCBI____.TTF . . ((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 ))))))))))))))))))))))))))))))) . . 2012-07-17 04:45 . 2012-07-17 04:45 -------- d-----w- C:\FRST 2012-07-17 01:59 . 2012-07-17 01:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-17 01:49 . 2012-07-17 01:49 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-07-17 01:49 . 2012-07-17 01:50 -------- d-----w- c:\windows\system32\drivers\AVG 2012-07-16 20:15 . 2012-07-16 20:15 -------- d-----w- C:\Malware 2012-07-16 18:34 . 2012-07-16 18:35 -------- d-----w- c:\users\Chris\AppData\Roaming\Ad-Aware Antivirus 2012-07-15 19:59 . 2012-07-15 19:59 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Games 2012-07-12 16:33 . 2012-07-12 16:33 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-07-12 14:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 16:33 . 2012-07-11 16:33 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes 2012-07-11 16:33 . 2012-07-11 16:33 -------- d-----w- c:\programdata\Malwarebytes 2012-07-11 05:14 . 2012-07-11 05:14 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-06-23 05:21 . 2012-06-23 05:21 -------- d-----w- c:\users\Chris\AppData\Local\Macromedia . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 16:33 . 2012-04-09 18:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 16:33 . 2012-04-09 18:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-16 21:34 . 2011-03-28 22:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-02 22:19 . 2012-06-08 23:09 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-08 23:09 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-08 23:09 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-08 23:09 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-08 23:09 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-08 23:09 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-08 23:09 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-08 23:09 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-08 23:09 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-04 11:06 . 2012-06-14 03:16 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 03:16 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 03:16 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 03:16 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 03:16 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 03:16 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 03:16 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 03:16 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 03:16 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 03:16 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 03:16 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 03:16 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 03:16 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 03:16 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-21 01:06 . 2012-04-21 01:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-01 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux9"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120] R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2011-10-05 53080] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-09 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 16:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?affID=109035&babsrc=HP_ss&mntrId=bc53a9eb000000000000b870f47b14de mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-1ClickDownloader - c:\program files (x86)\1ClickDownload\uninst.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\AVG\AVG2012\avgsrmax.exe . ************************************************************************** . Completion time: 2012-07-16 22:06:40 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-17 02:06 . Pre-Run: 278,396,284,928 bytes free Post-Run: 279,011,061,760 bytes free . - - End Of File - - C0E1C6EA71D1ACFFDFE908BC7B8670AF
  22. MoonSpoon
    I appreciate your time. Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02 Ran by SYSTEM at 2012-07-16 21:29:46 Run:1 Running from G:\ ============================================== C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e} moved successfully. C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\@ not found. C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L not found. C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U not found. C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L\00000004.@ not found. C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L\1afb2d56 not found. C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L\201d3dde not found. C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\00000004.@ not found. C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\00000008.@ not found. C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\000000cb.@ not found. C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\80000000.@ not found. C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\80000032.@ not found. C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\80000064.@ not found. C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e} moved successfully. C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\@ not found. C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L not found. C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U not found. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
  23. MoonSpoon
    Farbar Recovery Scan Tool Version: 16-07-2012 02 Ran by SYSTEM at 2012-07-16 21:09:10 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
  24. MoonSpoon
    Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02 Ran by SYSTEM at 16-07-2012 20:45:43 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [170264 2012-02-14] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [398616 2012-02-14] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [440600 2012-02-14] (Intel Corporation) HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2538280 2011-01-13] (Synaptics Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Malware\Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\Chris\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-30] (Valve Corporation) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112 ==================== Services (Whitelisted) ====== 2 MBAMService; "C:\Malware\Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) ========================== Drivers (Whitelisted) ============= 1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [556120 2012-04-08] () 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 NvnUsbAudio; C:\Windows\System32\Drivers\NvnUsbAudio.sys [53080 2011-10-05] (Novation DMS Ltd.) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-16 14:24 - 2012-07-16 14:24 - 00006327 ____A C:\Users\Chris\Documents\Attach.txt 2012-07-16 13:59 - 2012-07-16 13:59 - 00607260 ____R (Swearware) C:\Users\Chris\Downloads\dds.com 2012-07-16 12:15 - 2012-07-16 12:15 - 00000000 ____D C:\Malware 2012-07-16 12:15 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-16 12:12 - 2012-07-16 12:12 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\setup.exe 2012-07-16 12:09 - 2012-07-16 12:09 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.62.0.1300(1).exe 2012-07-16 10:39 - 2012-07-16 10:39 - 18593232 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Downloads\SUPERAntiSpyware.exe 2012-07-16 10:34 - 2012-07-16 10:35 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Ad-Aware Antivirus 2012-07-16 10:34 - 2012-07-16 10:34 - 06236280 ____A (Lavasoft Limited) C:\Users\Chris\Downloads\Adaware_Installer.exe 2012-07-15 21:22 - 2012-07-15 21:23 - 194600468 ____A C:\Users\Chris\Downloads\Louie.S03E03.HDTV.x264-LOL.mp4 2012-07-15 11:59 - 2012-07-15 11:59 - 00000000 ____D C:\Users\Chris\AppData\Local\Microsoft Games 2012-07-15 09:54 - 2012-07-15 09:54 - 00413363 ___AT C:\Users\Chris\Downloads\Skate park fight.mp3.asd 2012-07-14 17:07 - 2012-07-14 17:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.62.0.1300.exe 2012-07-12 08:33 - 2012-07-12 08:33 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2012-07-12 06:46 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-12 06:40 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-12 06:40 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-12 06:40 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-12 06:40 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-12 06:40 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-12 06:40 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-12 06:40 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-12 06:40 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-12 06:40 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-12 06:40 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-12 06:40 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-12 06:40 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-12 06:40 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-12 06:40 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-12 06:40 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-12 06:40 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-12 06:40 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-12 06:40 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-12 06:40 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-12 06:40 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-12 06:40 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-12 06:40 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-12 06:40 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-12 06:40 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-12 06:40 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-12 06:40 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-12 06:40 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-12 06:40 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-11 08:33 - 2012-07-11 08:33 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Malwarebytes 2012-07-11 08:33 - 2012-07-11 08:33 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-07-11 08:32 - 2012-07-11 08:32 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.61.0.1400.exe 2012-07-11 08:31 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 08:31 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 08:31 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 08:31 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 08:31 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 08:31 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 08:31 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 08:31 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-11 08:31 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 08:31 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 08:31 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 08:31 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 08:31 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 08:31 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 08:31 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 08:31 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 08:31 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-11 08:31 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 08:31 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-10 21:14 - 2012-07-10 21:14 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-08 12:12 - 2012-07-08 12:15 - 159861084 ____A C:\Users\Chris\Downloads\Louie.S03E02.HDTV.x264-LOL.mp4 2012-07-08 12:11 - 2012-07-08 12:14 - 00000000 ____D C:\Users\Chris\Downloads\Louie S03E01 HDTV x264-LOL[ettv] 2012-07-07 21:32 - 2012-07-07 21:32 - 00000000 ____D C:\Users\Chris\Downloads\Shameless Season 2 2012-07-05 00:59 - 2012-07-05 00:59 - 07618700 ____A C:\Users\Chris\Downloads\My world acapella 174bpm.wav 2012-07-05 00:59 - 2012-07-05 00:59 - 00068555 ___AT C:\Users\Chris\Downloads\My world acapella 174bpm.wav.asd 2012-07-01 15:12 - 2012-07-01 15:12 - 00278960 ____A C:\Users\Chris\Downloads\Louie_S03E01_HDTV_x264-LOL.exe 2012-06-25 10:29 - 2012-06-25 10:37 - 00000000 ____D C:\Users\Chris\Downloads\Warrior.DVDRip.XviD-DiAMOND 2012-06-23 23:30 - 2012-06-23 23:30 - 00000023 ____A C:\Users\Chris\Documents\email.txt 2012-06-22 21:24 - 2012-06-22 21:24 - 00001386 ____A C:\Users\Chris\Documents\LUCIDDREAMING.txt 2012-06-22 21:21 - 2012-06-22 21:21 - 00000000 ____D C:\Users\Chris\AppData\Local\Macromedia 2012-06-18 13:56 - 2012-06-18 13:56 - 00000142 ____A C:\Users\Chris\Documents\willitworkwhoknows.txt 2012-06-16 22:14 - 2012-06-16 22:15 - 00000000 ____D C:\Users\Chris\Downloads\Shameless.US.S02 2012-06-16 14:06 - 2012-06-16 14:06 - 00003592 ____A C:\Users\Chris\Documents\slow jam.wlmp 2012-06-16 13:44 - 2012-06-16 13:44 - 00000000 ____D C:\Users\Chris\AppData\Local\{83955546-AA8B-4645-8B0A-EDEC7411B74D} 2012-06-16 13:42 - 2012-06-16 13:42 - 00000000 ____D C:\Windows\en 2012-06-16 13:37 - 2012-06-16 13:37 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-06-16 13:35 - 2012-06-16 13:36 - 00000000 ____D C:\Program Files (x86)\Windows Live 2012-06-16 13:33 - 2012-06-16 13:33 - 00000196 ____A C:\Windows\DirectX.log 2012-06-16 13:33 - 2009-09-04 13:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2012-06-16 13:33 - 2009-09-04 13:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2012-06-16 13:33 - 2009-09-04 13:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll 2012-06-16 13:33 - 2009-09-04 13:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2012-06-16 13:33 - 2006-11-29 09:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll 2012-06-16 13:33 - 2006-11-29 09:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2012-06-16 13:32 - 2012-06-19 10:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2012-06-16 13:31 - 2012-06-16 13:43 - 00000000 ____D C:\Users\Chris\AppData\Local\Windows Live 2012-06-16 13:30 - 2012-06-16 13:30 - 01287528 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\wlsetup-web.exe ============ 3 Months Modified Files ======================== 2012-07-16 16:43 - 2012-04-08 13:04 - 01905140 ____A C:\Windows\WindowsUpdate.log 2012-07-16 16:43 - 2009-07-13 20:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-16 16:43 - 2009-07-13 20:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-16 16:39 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-16 16:39 - 2009-07-13 20:51 - 00056766 ____A C:\Windows\setupact.log 2012-07-16 14:33 - 2012-04-09 10:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-16 14:24 - 2012-07-16 14:24 - 00006327 ____A C:\Users\Chris\Documents\Attach.txt 2012-07-16 13:59 - 2012-07-16 13:59 - 00607260 ____R (Swearware) C:\Users\Chris\Downloads\dds.com 2012-07-16 12:24 - 2012-04-09 06:22 - 00022006 ____A C:\Windows\PFRO.log 2012-07-16 12:12 - 2012-07-16 12:12 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\setup.exe 2012-07-16 12:09 - 2012-07-16 12:09 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.62.0.1300(1).exe 2012-07-16 10:39 - 2012-07-16 10:39 - 18593232 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Downloads\SUPERAntiSpyware.exe 2012-07-16 10:34 - 2012-07-16 10:34 - 06236280 ____A (Lavasoft Limited) C:\Users\Chris\Downloads\Adaware_Installer.exe 2012-07-15 21:23 - 2012-07-15 21:22 - 194600468 ____A C:\Users\Chris\Downloads\Louie.S03E03.HDTV.x264-LOL.mp4 2012-07-15 09:54 - 2012-07-15 09:54 - 00413363 ___AT C:\Users\Chris\Downloads\Skate park fight.mp3.asd 2012-07-14 17:07 - 2012-07-14 17:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.62.0.1300.exe 2012-07-12 08:33 - 2012-07-12 08:33 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2012-07-12 08:33 - 2012-04-09 10:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-12 08:33 - 2012-04-09 10:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-12 06:49 - 2009-07-13 20:45 - 00414656 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-12 06:43 - 2012-04-08 18:30 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-11 08:39 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-11 08:32 - 2012-07-11 08:32 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-1.61.0.1400.exe 2012-07-08 12:15 - 2012-07-08 12:12 - 159861084 ____A C:\Users\Chris\Downloads\Louie.S03E02.HDTV.x264-LOL.mp4 2012-07-05 00:59 - 2012-07-05 00:59 - 07618700 ____A C:\Users\Chris\Downloads\My world acapella 174bpm.wav 2012-07-05 00:59 - 2012-07-05 00:59 - 00068555 ___AT C:\Users\Chris\Downloads\My world acapella 174bpm.wav.asd 2012-07-03 09:46 - 2012-07-16 12:15 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-01 15:12 - 2012-07-01 15:12 - 00278960 ____A C:\Users\Chris\Downloads\Louie_S03E01_HDTV_x264-LOL.exe 2012-06-23 23:30 - 2012-06-23 23:30 - 00000023 ____A C:\Users\Chris\Documents\email.txt 2012-06-23 21:15 - 2012-04-08 15:16 - 00000292 ____A C:\Users\Chris\Documents\travel.txt 2012-06-22 21:24 - 2012-06-22 21:24 - 00001386 ____A C:\Users\Chris\Documents\LUCIDDREAMING.txt 2012-06-18 13:56 - 2012-06-18 13:56 - 00000142 ____A C:\Users\Chris\Documents\willitworkwhoknows.txt 2012-06-16 14:06 - 2012-06-16 14:06 - 00003592 ____A C:\Users\Chris\Documents\slow jam.wlmp 2012-06-16 13:33 - 2012-06-16 13:33 - 00000196 ____A C:\Windows\DirectX.log 2012-06-16 13:30 - 2012-06-16 13:30 - 01287528 ____A (Microsoft Corporation) C:\Users\Chris\Downloads\wlsetup-web.exe 2012-06-11 19:08 - 2012-07-12 06:46 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-11 08:31 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-11 08:31 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-11 08:31 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-11 08:31 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-11 08:31 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-11 08:31 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-11 08:31 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-11 08:31 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 14:19 - 2012-06-08 15:09 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-08 15:09 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-08 15:09 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-08 15:09 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-08 15:09 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-08 15:09 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-08 15:09 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-08 15:09 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-08 15:09 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 04:49 - 2012-07-12 06:40 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-12 06:40 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-12 06:40 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-12 06:40 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:05 - 2012-07-12 06:40 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:04 - 2012-07-12 06:40 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:04 - 2012-07-12 06:40 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:03 - 2012-07-12 06:40 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-12 06:40 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-12 06:40 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-12 06:40 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-12 06:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-12 06:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-12 06:40 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-12 06:40 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-12 06:40 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-12 06:40 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-12 06:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-12 06:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:25 - 2012-07-12 06:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:23 - 2012-07-12 06:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-12 06:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-12 06:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-12 06:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-12 06:40 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-12 06:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-12 06:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-12 06:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 21:50 - 2012-07-11 08:31 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-11 08:31 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-11 08:31 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-11 08:31 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-11 08:31 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-11 08:31 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-11 08:31 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-11 08:31 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-11 08:31 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-29 16:31 - 2012-05-29 16:06 - 36486894 ____A C:\Users\Chris\Desktop\Ableton Class - Assignment 1.zip 2012-05-27 13:23 - 2012-05-27 13:22 - 00094142 ____A C:\Users\Chris\Downloads\UFC.146.Dos.Santos.vs.Mir.1080p.HDTV.x264-RUDOS.exe.part 2012-05-18 08:52 - 2012-05-18 08:52 - 00486080 ____A C:\Users\Chris\Downloads\Facebook-Timeline-Template-Design-Sandbox.psd 2012-05-17 21:31 - 2012-05-17 21:31 - 00448634 ____A (Novation DMS Ltd. ) C:\Users\Chris\Downloads\Novation_USB_Driver-2.3.exe 2012-05-15 09:03 - 2012-05-15 09:03 - 00002102 ____A C:\Users\Chris\Desktop\Deckadance.lnk 2012-05-15 09:02 - 2012-05-15 09:02 - 48551657 ____A C:\Users\Chris\Downloads\deckadance_install.exe 2012-05-15 09:01 - 2012-05-15 09:01 - 16741322 ____A C:\Users\Chris\Desktop\abysnth beat 2.wav 2012-05-13 10:22 - 2012-05-13 10:22 - 02055726 ____A C:\Users\Chris\Desktop\absynth beat.wav 2012-05-09 14:11 - 2012-05-09 14:02 - 261790167 ____A C:\Users\Chris\Downloads\Off the Air - Space [adult swim].mp4 2012-05-06 19:48 - 2012-04-08 15:34 - 00001833 ____A C:\Users\Chris\Downloads\LIMBO.lnk 2012-05-06 15:00 - 2012-05-06 10:06 - 114545087 ____A C:\Users\Chris\Downloads\Zechs Marquise - Getting Paid (2011)[Full album].rar 2012-05-05 15:32 - 2012-05-05 15:32 - 00000237 ____A C:\user.js 2012-05-04 03:06 - 2012-06-13 19:16 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 02:03 - 2012-06-13 19:16 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 02:03 - 2012-06-13 19:16 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-02 14:43 - 2012-05-02 14:43 - 00001317 ____A C:\Users\Public\Desktop\Plants vs. Zombies.lnk 2012-05-02 14:42 - 2012-05-02 14:42 - 01639789 ____A C:\Users\Chris\Downloads\winrar-x64-411.exe 2012-05-01 10:46 - 2012-05-01 10:46 - 42571452 ____A C:\Users\Chris\Downloads\NI Massive 1.1.5 -AiR.rar 2012-04-30 21:40 - 2012-06-13 19:16 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-27 19:55 - 2012-06-13 19:16 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-25 21:41 - 2012-06-13 19:16 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-25 21:41 - 2012-06-13 19:16 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-25 21:34 - 2012-06-13 19:16 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-25 19:11 - 2012-04-25 19:11 - 00000921 ____A C:\Users\Public\Desktop\Steam.lnk 2012-04-25 19:10 - 2012-04-25 19:09 - 01606656 ____A C:\Users\Chris\Downloads\SteamInstall(1).msi 2012-04-24 16:51 - 2012-04-24 16:51 - 00000983 ____A C:\Users\Public\Desktop\Origin.lnk 2012-04-24 16:50 - 2012-04-24 16:50 - 17054296 ____A (Electronic Arts, Inc.) C:\Users\Chris\Downloads\OriginThinSetup.exe 2012-04-24 16:50 - 2012-04-24 16:50 - 00000527 ____A C:\Windows\KB893803v2.log 2012-04-23 21:37 - 2012-06-13 19:16 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 21:37 - 2012-06-13 19:16 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 21:37 - 2012-06-13 19:16 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-23 20:36 - 2012-06-13 19:16 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-23 20:36 - 2012-06-13 19:16 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-23 20:36 - 2012-06-13 19:16 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-04-20 17:06 - 2012-04-20 17:06 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll 2012-04-20 17:06 - 2012-04-20 17:06 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2012-04-20 17:06 - 2012-04-20 17:06 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2012-04-20 17:06 - 2012-04-20 17:06 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2012-04-20 17:05 - 2012-04-20 17:05 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\Chris\Downloads\jre-6u31-windows-i586-iftw-k.exe 2012-04-20 06:54 - 2012-04-20 06:54 - 00098409 ____A C:\Users\Chris\Downloads\Jc_Reversr_b004.amxd ZeroAccess: C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e} C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L\00000004.@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L\1afb2d56 C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L\201d3dde C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\00000004.@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\00000008.@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\000000cb.@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\80000000.@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\80000032.@ C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\80000064.@ ZeroAccess: C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e} C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\@ C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\L C:\Users\Chris\AppData\Local\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 15% Total physical RAM: 3947.86 MB Available physical RAM: 3334 MB Total Pagefile: 3946.01 MB Available Pagefile: 3326.18 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (Acer) (Fixed) (Total:580.07 GB) (Free:255.85 GB) NTFS 2 Drive e: (PQSERVICE) (Fixed) (Total:16 GB) (Free:2.11 GB) NTFS 4 Drive g: (Lexar) (Removable) (Total:0.94 GB) (Free:0.66 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 959 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 16 GB 1024 KB Partition 2 Primary 100 MB 16 GB Partition 3 Primary 580 GB 16 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E PQSERVICE NTFS Partition 16 GB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Acer NTFS Partition 580 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 959 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 04 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G Lexar FAT Removable 959 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-07 22:52 ======================= End Of Log ==========================
  25. MoonSpoon
    So I have the Trojan.Dropper.BCMiner virus... DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Chris at 18:19:50 on 2012-07-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2194 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Malware\Malware\mbamservice.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Malware\Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=109035&babsrc=HP_ss&mntrId=bc53a9eb000000000000b870f47b14de uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: 2YourFace Addon: {1185823f-f22f-4027-80e5-4f68acd5de5e} - C:\Program Files (x86)\2YourFace\bho.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Malware\Malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{B23769C1-942C-4EB4-8E70-DDB13FF01558} : DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{B23769C1-942C-4EB4-8E70-DDB13FF01558}\C696E6B6379737 : DhcpNameServer = 192.168.17.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: 2YourFace Addon: {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Program Files (x86)\2YourFace\bho.dll BHO-X64: C:\\Program Files (x86)\\2YourFace\\bho.dll - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll BHO-X64: Babylon toolbar helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Malware\Malware\mbamgui.exe" /starttray mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 MBAMService;MBAMService;C:\Malware\Malware\mbamservice.exe [2012-7-16 655944] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248] S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 113120] S3 NvnUsbAudio;Novation USB Audio Driver;C:\Windows\system32\DRIVERS\nvnusbaudio.sys --> C:\Windows\system32\DRIVERS\nvnusbaudio.sys [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-16 20:15:33 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-16 20:15:33 -------- d-----w- C:\Malware 2012-07-16 18:34:22 -------- d-----w- C:\Users\Chris\AppData\Roaming\Ad-Aware Antivirus 2012-07-15 19:59:42 -------- d-----w- C:\Users\Chris\AppData\Local\Microsoft Games 2012-07-12 16:33:41 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-07-12 14:46:20 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 16:33:41 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes 2012-07-11 16:33:33 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-11 05:14:03 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-06-23 05:21:31 -------- d-----w- C:\Users\Chris\AppData\Local\Macromedia . ==================== Find3M ==================== . 2012-07-12 16:33:59 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 16:33:59 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-21 01:06:05 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 18:20:08.08 =============== MOST RECENT MBAM LOG mbam-log-2012-07-16 (17-26-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207270 Time elapsed: 2 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{02d4c915-f5f4-abbf-b14a-b8be7027a42e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end) Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.