SnappleDan

todays log is nearly blank cause I haven't been online but its here 2012/07/26 20:54:28 -0400 DAN-PC Dan MESSAGE Starting protection 2012/07/26 20:54:30 -0400 DAN-PC Dan MESSAGE Protection started successfully 2012/07/26 20:54:33 -0400 DAN-PC Dan MESSAGE Starting IP protection 2012/07/26 20:54:37 -0400 DAN-PC Dan MESSAGE IP Protection started successfully I'm posting a snip of yesterdays log when it kept blocking ips 2012/07/25 14:02:24 -0400 DAN-PC Dan IP-BLOCK 112.175.243.24 (Type: outgoing, Port: 52651, Process: svchost.exe) 2012/07/25 14:08:26 -0400 DAN-PC Dan IP-BLOCK 112.175.243.22 (Type: outgoing, Port: 52671, Process: svchost.exe) 2012/07/25 14:14:28 -0400 DAN-PC Dan IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 52689, Process: svchost.exe) 2012/07/25 14:20:30 -0400 DAN-PC Dan IP-BLOCK 112.175.243.24 (Type: outgoing, Port: 52721, Process: svchost.exe) 2012/07/25 14:26:39 -0400 DAN-PC Dan IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 52743, Process: svchost.exe)

ComboFix 12-07-26.03 - Dan 07/25/2012 16:06:49.8.1 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3999.2338 [GMT -4:00] Running from: c:\users\Dan\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 ))))))))))))))))))))))))))))))) . . 2012-07-25 20:20 . 2012-07-25 20:20 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-25 20:20 . 2012-07-25 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-25 20:20 . 2012-07-25 20:20 -------- d-----w- c:\users\Daniel\AppData\Local\temp 2012-07-25 11:48 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18B8B528-6249-4560-9B32-CA07F0506B4A}\mpengine.dll 2012-07-24 13:40 . 2012-07-24 13:40 -------- d-----w- c:\users\Dan\AppData\Local\Diagnostics 2012-07-24 07:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-20 01:46 . 2012-07-20 01:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-20 01:46 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-18 13:45 . 2012-07-18 13:45 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-18 13:45 . 2012-07-18 13:45 -------- d-----w- c:\program files (x86)\Oracle 2012-07-18 13:44 . 2012-07-18 13:44 -------- d-----w- c:\program files (x86)\Java 2012-07-17 15:20 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-17 15:11 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-07-17 15:11 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-07-17 15:11 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-17 15:11 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-16 17:38 . 2012-07-16 17:38 -------- d-----w- C:\Mountain_of_Ice 2012-07-16 16:59 . 2012-07-16 16:59 -------- d-----w- C:\Mysterious_Life_of_Caves 2012-07-11 14:47 . 2012-07-11 14:47 -------- d-----w- c:\program files\Synaptics 2012-07-11 14:46 . 2012-07-11 14:46 -------- d-----w- C:\swsetup 2012-07-10 14:25 . 2012-07-10 14:25 -------- d-----w- C:\THE_LOTTERY 2012-07-10 13:34 . 2012-07-10 13:34 -------- d-----w- C:\HOW_TO_DIE_IN_OREGON 2012-07-08 02:55 . 2012-07-08 02:55 -------- d-----w- c:\users\Dan\AppData\Local\WBFSManager 2012-07-08 02:54 . 2012-07-08 02:54 -------- d-----w- c:\program files\WBFS 2012-07-03 17:22 . 2012-02-11 03:33 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{077C8753-F108-4350-A634-621BC64657B2}\gapaengine.dll 2012-07-03 14:24 . 2012-07-03 14:24 -------- d-----w- c:\program files\Handbrake 2012-06-29 13:26 . 2012-06-29 13:26 -------- d-----w- c:\users\Dan\AppData\Local\Adobe 2012-06-26 17:37 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-06-26 17:37 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-06-26 17:37 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\program files\iPod 2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\program files\iTunes 2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\program files (x86)\iTunes 2012-06-26 16:00 . 2012-06-26 16:00 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-06-26 16:00 . 2012-06-26 16:00 -------- d-----w- c:\program files\Common Files\Apple 2012-06-26 12:02 . 2012-06-26 12:02 -------- d-----w- c:\users\Dan\AppData\Roaming\QuickScan . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-18 20:29 . 2012-04-09 11:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-18 20:29 . 2011-08-17 16:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-17 15:13 . 2011-01-03 05:09 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-06 02:06 . 2011-01-03 05:47 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-16 04:38 . 2012-06-16 04:38 268720 ----a-w- c:\windows\system32\javaws.exe 2012-06-16 04:38 . 2012-06-16 04:38 189360 ----a-w- c:\windows\system32\javaw.exe 2012-06-16 04:38 . 2012-06-16 04:38 188840 ----a-w- c:\windows\system32\java.exe 2012-06-16 04:37 . 2012-06-16 04:38 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-16 04:37 . 2011-01-03 05:48 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-02 22:19 . 2012-06-21 05:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 05:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 05:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 05:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 05:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 05:19 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 05:19 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-21 05:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-21 05:19 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-23 13:25 . 2012-05-23 13:25 726016 ----a-w- c:\windows\SysWow64\7z.dll 2012-05-15 03:56 . 2012-06-18 03:45 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:52 . 2012-06-18 03:45 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:08 . 2012-06-18 03:45 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 10:52 . 2012-06-18 03:45 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:08 . 2012-06-18 03:45 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08 . 2012-06-18 03:45 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-28 03:50 . 2012-06-18 03:43 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((( SnapShot_2012-07-20_20.47.49 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-07-25 20:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-07-20 20:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-07-20 20:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-25 20:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-20 20:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-25 20:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2012-07-22 03:43 41940 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-07-20 19:50 41940 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-01-03 12:44 . 2012-07-22 03:43 16384 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1673223263-37901431-4082015536-1001_UserData.bin - 2009-07-14 05:30 . 2012-07-11 14:47 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30 . 2012-07-22 04:51 86016 c:\windows\system32\DriverStore\infpub.dat + 2008-05-06 20:06 . 2008-05-06 20:06 14464 c:\windows\system32\DriverStore\FileRepository\wdcsam.inf_amd64_neutral_782a203832146fb2\wdcsam64.sys + 2008-05-06 20:06 . 2008-05-06 20:06 14464 c:\windows\system32\drivers\wdcsam64.sys - 2011-01-03 08:02 . 2012-07-20 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-01-03 08:02 . 2012-07-25 07:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-01-03 08:02 . 2012-07-25 07:38 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-01-03 08:02 . 2012-07-20 19:45 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-20 19:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-25 07:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-01-03 06:56 . 2012-07-25 20:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-01-03 06:56 . 2012-07-20 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-01-03 06:56 . 2012-07-25 20:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-01-03 06:56 . 2012-07-20 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-07-20 20:46 . 2012-07-20 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-25 20:24 . 2012-07-25 20:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-20 20:46 . 2012-07-20 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-25 20:24 . 2012-07-25 20:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-01-03 12:39 . 2012-07-25 19:54 311742 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:36 . 2012-07-25 15:56 662942 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-07-19 19:50 662942 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-07-19 19:50 122738 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-07-25 15:56 122738 c:\windows\system32\perfc009.dat + 2009-07-14 05:30 . 2012-07-22 04:51 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-07-11 14:47 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-07-11 14:47 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-07-14 05:30 . 2012-07-22 04:51 143360 c:\windows\system32\DriverStore\infstor.dat - 2011-06-28 14:01 . 2012-07-10 12:46 770744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-06-28 14:01 . 2012-07-25 20:24 770744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 05:01 . 2012-07-25 20:24 429216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-07-20 18:08 429216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 02:34 . 2012-07-25 11:59 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34 . 2012-07-20 20:01 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] 2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 hcw10cir;Hauppauge CIR Receiver;c:\windows\system32\drivers\hcw10cir.sys [2010-05-10 46080] R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] R3 DaShenAudio_simple;DaShen Audio Filter Driver (DaShen Copyright);c:\windows\system32\drivers\DaShenAudio.sys [2012-01-13 33816] R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2012-01-17 77520] R3 hcw10bda;Hauppauge Cx2310x WinTV Capture;c:\windows\system32\drivers\hcw10bda.sys [2010-12-09 641920] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-05-26 351136] R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-05-26 4186528] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Smport;Smport;c:\windows\system32\Smport.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-07 254528] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2012-01-17 331608] S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-01-04 363336] S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2012-01-04 329544] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-05-26 442656] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] 2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 20.17.157.15 20.17.157.16 FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\igbv66k0.default\ FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . ************************************************************************** . Completion time: 2012-07-25 16:43:15 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-25 20:43 ComboFix2.txt 2012-07-20 21:12 ComboFix3.txt 2012-06-26 13:27 ComboFix4.txt 2012-06-18 19:22 ComboFix5.txt 2012-07-25 20:05 . Pre-Run: 111,397,294,080 bytes free Post-Run: 111,813,627,904 bytes free . - - End Of File - - 749FC8357C15595B954B22824EF132C4

sorry but I can't find those files anywhere in the syswow64 folder nor on my pc for that matter. I attached a screenshot of my syswow64 folder at where the 2 files should be. Just so happens to be when I was taking that screenshot malwarebytes blocked another ip so I included it in the picture as well. Should I do another etes scan?

I take that back, this morning malwarebytes blocked another attempt to access some site

ETES log ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK ------------------------------------------------------------------------------------ Check up Log Results of screen317's Security Check version 0.99.43 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java 7 Update 5 Adobe Reader X 10.0.1 Adobe Reader out of Date! Mozilla Firefox (14.0.1) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` My PC: Everything seems back to normal i haven't noticed any weird attempted connections and malwarebytes isn't blocking anything anymore..I know my IE is out of date but I rarely/never use it only in situations like this where I needed to in order to run that program

Combofix log ComboFix 12-07-20.02 - Dan 07/20/2012 16:28:00.7.1 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3999.2874 [GMT -4:00] Running from: c:\users\Dan\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 ))))))))))))))))))))))))))))))) . . 2012-07-20 20:42 . 2012-07-20 20:42 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-20 20:42 . 2012-07-20 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-20 20:42 . 2012-07-20 20:42 -------- d-----w- c:\users\Daniel\AppData\Local\temp 2012-07-20 16:18 . 2012-07-20 16:18 192512 ----a-w- c:\windows\SysWow64\ivphlrskk.exe 2012-07-20 14:46 . 2012-07-20 14:46 192512 ----a-w- c:\windows\SysWow64\rscmht.exe 2012-07-20 13:20 . 2012-07-20 13:20 192512 ----a-w- c:\windows\SysWow64\vuujpv.exe 2012-07-20 11:58 . 2012-07-20 11:58 192512 ----a-w- c:\windows\SysWow64\amsrkbnob.exe 2012-07-20 10:35 . 2012-07-20 10:35 189952 ----a-w- c:\windows\SysWow64\afxujqpxu.exe 2012-07-20 09:10 . 2012-07-20 09:10 189952 ----a-w- c:\windows\SysWow64\npbfqht.exe 2012-07-20 07:46 . 2012-07-20 07:46 189952 ----a-w- c:\windows\SysWow64\bgejqajwh.exe 2012-07-20 06:22 . 2012-07-20 06:22 189952 ----a-w- c:\windows\SysWow64\moxnpv.exe 2012-07-20 04:58 . 2012-07-20 04:58 189952 ----a-w- c:\windows\SysWow64\omcfdwfi.exe 2012-07-20 01:46 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF4FCD03-21F7-4A96-9F98-4BFCB9E6B12C}\mpengine.dll 2012-07-20 01:46 . 2012-07-20 01:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-20 01:46 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-18 13:45 . 2012-07-18 13:45 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-18 13:45 . 2012-07-18 13:45 -------- d-----w- c:\program files (x86)\Oracle 2012-07-18 13:44 . 2012-07-18 13:44 -------- d-----w- c:\program files (x86)\Java 2012-07-18 09:51 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-17 15:20 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-17 15:11 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-07-17 15:11 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-07-17 15:11 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-17 15:11 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-16 17:38 . 2012-07-16 17:38 -------- d-----w- C:\Mountain_of_Ice 2012-07-16 16:59 . 2012-07-16 16:59 -------- d-----w- C:\Mysterious_Life_of_Caves 2012-07-11 14:47 . 2012-07-11 14:47 -------- d-----w- c:\program files\Synaptics 2012-07-11 14:46 . 2012-07-11 14:46 -------- d-----w- C:\swsetup 2012-07-10 14:25 . 2012-07-10 14:25 -------- d-----w- C:\THE_LOTTERY 2012-07-10 13:34 . 2012-07-10 13:34 -------- d-----w- C:\HOW_TO_DIE_IN_OREGON 2012-07-08 02:55 . 2012-07-08 02:55 -------- d-----w- c:\users\Dan\AppData\Local\WBFSManager 2012-07-08 02:54 . 2012-07-08 02:54 -------- d-----w- c:\program files\WBFS 2012-07-03 17:22 . 2012-02-11 03:33 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{077C8753-F108-4350-A634-621BC64657B2}\gapaengine.dll 2012-07-03 14:24 . 2012-07-03 14:24 -------- d-----w- c:\program files\Handbrake 2012-06-29 13:26 . 2012-06-29 13:26 -------- d-----w- c:\users\Dan\AppData\Local\Adobe 2012-06-26 17:37 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-06-26 17:37 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-06-26 17:37 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\program files\iPod 2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\program files\iTunes 2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\program files (x86)\iTunes 2012-06-26 16:00 . 2012-06-26 16:00 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-06-26 16:00 . 2012-06-26 16:00 -------- d-----w- c:\program files\Common Files\Apple 2012-06-26 12:02 . 2012-06-26 12:02 -------- d-----w- c:\users\Dan\AppData\Roaming\QuickScan 2012-06-25 11:46 . 2012-06-25 11:46 -------- d-----w- c:\users\Dan\AppData\Local\Macromedia 2012-06-24 20:10 . 2012-06-24 20:10 -------- d-----w- c:\program files (x86)\ESET 2012-06-22 19:50 . 2012-06-22 19:50 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-21 05:19 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 05:19 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 05:19 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 05:19 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 05:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 05:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 05:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 05:19 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 05:19 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-18 20:29 . 2012-04-09 11:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-18 20:29 . 2011-08-17 16:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-17 15:13 . 2011-01-03 05:09 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-06 02:06 . 2011-01-03 05:47 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-16 04:38 . 2012-06-16 04:38 268720 ----a-w- c:\windows\system32\javaws.exe 2012-06-16 04:38 . 2012-06-16 04:38 189360 ----a-w- c:\windows\system32\javaw.exe 2012-06-16 04:38 . 2012-06-16 04:38 188840 ----a-w- c:\windows\system32\java.exe 2012-06-16 04:37 . 2012-06-16 04:38 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-16 04:37 . 2011-01-03 05:48 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-28 16:59 . 2012-05-28 16:59 1799168 ----a-w- c:\windows\SysWow64\mprdin.dll 2012-05-23 13:25 . 2012-05-23 13:25 726016 ----a-w- c:\windows\SysWow64\7z.dll 2012-05-15 03:56 . 2012-06-18 03:45 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:52 . 2012-06-18 03:45 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:08 . 2012-06-18 03:45 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 10:52 . 2012-06-18 03:45 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:08 . 2012-06-18 03:45 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08 . 2012-06-18 03:45 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-28 03:50 . 2012-06-18 03:43 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:34 . 2012-06-18 03:46 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:34 . 2012-06-18 03:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:28 . 2012-06-18 03:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((( SnapShot_2012-06-18_12.55.56 ))))))))))))))))))))))))))))))))))))))))) . - 2012-03-08 13:53 . 2011-11-17 05:35 96768 c:\windows\SysWOW64\sspicli.dll + 2012-07-17 15:12 . 2012-06-02 04:42 96768 c:\windows\SysWOW64\sspicli.dll + 2012-07-17 15:12 . 2012-06-02 04:48 22016 c:\windows\SysWOW64\secur32.dll - 2012-03-08 13:53 . 2011-11-17 05:39 22016 c:\windows\SysWOW64\secur32.dll - 2009-07-14 04:54 . 2012-06-18 12:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-20 20:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-06-18 12:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-20 20:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-18 12:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-20 20:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-01-03 12:44 . 2012-07-20 20:48 36766 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-20 19:50 41940 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-01-03 12:44 . 2012-07-20 19:50 16218 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1673223263-37901431-4082015536-1001_UserData.bin - 2012-04-13 14:44 . 2009-05-18 17:17 34152 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspiWDM.sys + 2012-06-26 17:37 . 2009-05-18 17:17 34152 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspiWDM.sys + 2009-07-14 05:30 . 2012-07-11 14:47 86016 c:\windows\system32\DriverStore\infpub.dat - 2009-07-14 05:30 . 2012-04-30 15:45 86016 c:\windows\system32\DriverStore\infpub.dat + 2012-04-25 16:11 . 2012-04-25 16:11 52736 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_509d7a31d0ee45f2\usbaapl64.sys + 2012-03-26 18:50 . 2012-03-26 18:50 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_bf785db627c6d127\netaapl64.sys + 2012-06-21 20:05 . 2011-06-26 00:56 33888 c:\windows\system32\DriverStore\FileRepository\appliand.inf_amd64_neutral_0c48234b04f54702\appliand.sys - 2012-03-08 13:53 . 2011-11-17 07:17 95088 c:\windows\system32\drivers\ksecdd.sys + 2012-07-17 15:12 . 2012-06-02 05:38 95088 c:\windows\system32\drivers\ksecdd.sys - 2011-01-03 08:02 . 2012-06-18 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-01-03 08:02 . 2012-07-20 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-01-03 08:02 . 2012-06-18 04:14 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-01-03 08:02 . 2012-07-20 19:45 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-20 19:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-18 04:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-07-18 03:54 64448 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-01-03 06:56 . 2012-07-20 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-01-03 06:56 . 2012-06-18 12:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-01-03 06:56 . 2012-06-18 12:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-01-03 06:56 . 2012-07-20 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-01-03 14:09 . 2012-07-17 15:19 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2011-01-03 14:09 . 2012-06-18 04:03 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2011-01-03 14:09 . 2012-07-17 15:19 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe - 2011-01-03 14:09 . 2012-06-18 04:03 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe + 2011-01-03 14:09 . 2012-07-17 15:19 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2011-01-03 14:09 . 2012-06-18 04:03 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2012-06-26 16:00 . 2012-06-26 16:00 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe + 2012-07-20 20:46 . 2012-07-20 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-18 12:54 . 2012-06-18 12:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-20 20:46 . 2012-07-20 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-18 12:54 . 2012-06-18 12:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 19:13 . 2009-07-14 19:13 107816 c:\windows\SysWOW64\SynTPCOM.dll - 2011-10-14 08:35 . 2011-10-14 08:35 107816 c:\windows\SysWOW64\SynTPCOM.dll + 2009-07-14 19:13 . 2009-07-14 19:13 206120 c:\windows\SysWOW64\SynCtrl.dll + 2009-07-14 19:13 . 2009-07-14 19:13 169256 c:\windows\SysWOW64\SynCOM.dll + 2012-07-17 15:12 . 2012-06-02 04:48 225280 c:\windows\SysWOW64\schannel.dll - 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll + 2012-07-17 15:12 . 2012-06-02 04:47 219136 c:\windows\SysWOW64\ncrypt.dll + 2012-07-18 20:29 . 2012-07-18 20:29 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe + 2012-07-18 20:29 . 2012-07-18 20:29 465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll + 2012-06-23 05:31 . 2012-06-23 05:31 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe + 2012-04-09 11:50 . 2012-07-18 20:29 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe + 2012-07-18 13:44 . 2012-07-06 02:06 227760 c:\windows\SysWOW64\javaws.exe + 2012-07-18 13:44 . 2012-07-18 13:44 174064 c:\windows\SysWOW64\javaw.exe + 2012-07-18 13:44 . 2012-07-18 13:44 174064 c:\windows\SysWOW64\java.exe + 2004-05-26 12:37 . 2004-05-26 12:37 719872 c:\windows\SysWOW64\devil.dll + 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\SysWOW64\avisynth.dll + 2011-01-12 16:33 . 2012-07-07 13:24 242590 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2011-01-03 12:39 . 2012-07-20 03:45 311234 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 19:13 . 2009-07-14 19:13 147752 c:\windows\system32\SynTPCo4.dll - 2010-05-28 03:29 . 2010-05-28 03:29 147752 c:\windows\system32\SynTPCo4.dll + 2009-07-14 19:13 . 2009-07-14 19:13 203560 c:\windows\system32\SynTPAPI.dll + 2009-07-14 19:13 . 2009-07-14 19:13 260904 c:\windows\system32\SynCtrl.dll + 2009-07-14 19:13 . 2009-07-14 19:13 395048 c:\windows\system32\SynCOM.dll - 2012-03-08 13:53 . 2011-11-17 07:10 340992 c:\windows\system32\schannel.dll + 2012-07-17 15:12 . 2012-06-02 05:27 340992 c:\windows\system32\schannel.dll + 2009-07-14 02:36 . 2012-07-19 19:50 662942 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-06-18 04:00 662942 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-19 19:50 122738 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-06-18 04:00 122738 c:\windows\system32\perfc009.dat - 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll + 2012-07-17 15:12 . 2012-06-02 05:27 307200 c:\windows\system32\ncrypt.dll + 2012-07-18 20:29 . 2012-07-18 20:29 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe + 2012-07-18 20:29 . 2012-07-18 20:29 512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.dll + 2012-06-23 05:31 . 2012-06-23 05:31 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_262_Plugin.exe + 2012-06-26 17:37 . 2008-04-17 16:12 126312 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspi64.dll - 2012-04-13 14:44 . 2008-04-17 16:12 126312 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspi64.dll - 2012-04-13 14:44 . 2008-04-17 16:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspi.dll + 2012-06-26 17:37 . 2008-04-17 16:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspi.dll + 2009-07-14 05:30 . 2012-07-11 14:47 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-04-30 15:42 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-07-11 14:47 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:30 . 2012-04-30 15:45 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-07-14 19:13 . 2009-07-14 19:13 337192 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\Tutorial.exe + 2009-07-14 19:13 . 2009-07-14 19:13 247080 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynZMetr.exe + 2009-07-14 19:13 . 2009-07-14 19:13 120616 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPHelper.exe + 2009-07-14 19:13 . 2009-07-14 19:13 107816 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPCOM32.dll + 2009-07-14 19:13 . 2009-07-14 19:13 120104 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPCOM.dll + 2009-07-14 19:13 . 2009-07-14 19:13 147752 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPCo4.dll + 2009-07-14 19:13 . 2009-07-14 19:13 203560 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPAPI.dll + 2009-07-14 19:16 . 2009-07-14 19:16 273456 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTP.sys + 2009-07-14 19:12 . 2009-07-14 19:12 238888 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynMood.exe + 2009-07-14 19:13 . 2009-07-14 19:13 197928 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynISDLL.dll + 2009-07-14 19:13 . 2009-07-14 19:13 206120 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynCtrl32.dll + 2009-07-14 19:13 . 2009-07-14 19:13 260904 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynCtrl.dll + 2009-07-14 19:13 . 2009-07-14 19:13 169256 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynCOM32.dll + 2009-07-14 19:13 . 2009-07-14 19:13 395048 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynCOM.dll + 2009-07-14 19:12 . 2009-07-14 19:12 149800 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\InstNT.exe + 2009-07-14 19:16 . 2009-07-14 19:16 273456 c:\windows\system32\drivers\SynTP.sys - 2012-03-08 13:53 . 2011-11-17 07:17 152432 c:\windows\system32\drivers\ksecpkg.sys + 2012-07-17 15:12 . 2012-06-02 05:38 152432 c:\windows\system32\drivers\ksecpkg.sys + 2012-07-17 15:12 . 2012-06-02 05:37 459216 c:\windows\system32\drivers\cng.sys + 2012-07-17 15:12 . 2012-04-24 05:59 182272 c:\windows\system32\cryptsvc.dll + 2012-07-17 15:12 . 2012-04-24 05:59 140288 c:\windows\system32\cryptnet.dll + 2011-06-28 14:01 . 2012-07-10 12:46 770744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 05:01 . 2012-07-20 18:08 429216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-06-18 12:54 429216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-07-18 13:45 . 2012-07-18 13:45 179200 c:\windows\Installer\4c9f721.msi + 2012-07-18 13:44 . 2012-07-18 13:44 461312 c:\windows\Installer\4c9f71a.msi + 2011-01-03 14:09 . 2012-07-17 15:19 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe - 2011-01-03 14:09 . 2012-06-18 04:03 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe - 2011-01-03 14:09 . 2012-06-18 04:03 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2011-01-03 14:09 . 2012-07-17 15:19 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2011-01-03 14:09 . 2012-07-17 15:19 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe - 2011-01-03 14:09 . 2012-06-18 04:03 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe + 2011-01-03 14:09 . 2012-07-17 15:19 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe - 2011-01-03 14:09 . 2012-06-18 04:03 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe - 2011-01-03 14:09 . 2012-06-18 04:03 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2011-01-03 14:09 . 2012-07-17 15:19 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe - 2011-01-03 14:09 . 2012-06-18 04:03 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe + 2011-01-03 14:09 . 2012-07-17 15:19 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe + 2012-06-26 17:37 . 2012-06-26 17:37 380928 c:\windows\Installer\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}\iTunesIco.exe - 2012-04-13 14:44 . 2012-04-13 14:44 380928 c:\windows\Installer\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}\iTunesIco.exe + 2012-04-04 16:38 . 2012-04-04 16:38 787560 c:\windows\Downloaded Program Files\qsax64.dll + 2012-07-17 15:12 . 2012-06-06 05:09 1389568 c:\windows\SysWOW64\msxml6.dll + 2012-07-17 15:12 . 2012-06-06 05:09 1236992 c:\windows\SysWOW64\msxml3.dll + 2012-06-23 05:31 . 2012-06-23 05:31 9459912 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll + 2012-06-23 05:31 . 2012-06-23 05:31 1535176 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe + 2012-07-17 15:12 . 2012-04-24 04:47 1156608 c:\windows\SysWOW64\crypt32.dll + 2012-07-17 15:12 . 2012-06-06 05:50 2003968 c:\windows\system32\msxml6.dll + 2012-07-17 15:12 . 2012-06-06 05:50 1880064 c:\windows\system32\msxml3.dll + 2009-07-14 04:45 . 2012-07-17 15:25 4907816 c:\windows\system32\FNTCACHE.DAT - 2009-07-14 04:45 . 2012-06-18 04:16 4907816 c:\windows\system32\FNTCACHE.DAT + 2012-04-25 16:11 . 2012-04-25 16:11 4547944 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_509d7a31d0ee45f2\usbaaplrc.dll + 2008-07-08 14:55 . 2008-07-08 14:55 1490656 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\WdfCoInstaller01007.dll + 2009-07-14 19:13 . 2009-07-14 19:13 8056616 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPRes.dll + 2009-07-14 19:12 . 2009-07-14 19:12 1815848 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPEnh.exe + 2009-07-14 19:13 . 2009-07-14 19:13 1526568 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPCpl.dll + 2012-03-26 18:51 . 2012-03-26 18:51 1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_bf785db627c6d127\wdfcoinstaller01009.dll + 2012-07-17 15:12 . 2012-04-24 05:59 1460224 c:\windows\system32\crypt32.dll - 2009-07-14 04:45 . 2012-06-18 04:16 3607983 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2012-07-17 15:28 3607983 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2012-04-05 21:27 . 2012-04-05 21:27 2323456 c:\windows\Installer\5393d.msi + 2012-06-20 06:00 . 2012-06-20 06:00 3461120 c:\windows\Installer\1e2c5861.msp + 2011-01-03 14:09 . 2012-07-17 15:19 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe - 2011-01-03 14:09 . 2012-06-18 04:03 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2011-01-03 14:09 . 2012-07-17 15:19 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2011-01-03 14:09 . 2012-06-18 04:03 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe + 2011-01-03 14:09 . 2012-07-17 15:19 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2011-01-03 14:09 . 2012-06-18 04:03 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2011-01-03 14:09 . 2012-07-17 15:19 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe - 2011-01-03 14:09 . 2012-06-18 04:03 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2012-07-17 15:12 . 2012-06-09 04:46 12868608 c:\windows\SysWOW64\shell32.dll + 2009-07-14 02:34 . 2012-07-20 20:01 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat + 2012-07-17 15:12 . 2012-06-09 05:30 14165504 c:\windows\system32\shell32.dll + 2012-06-23 05:31 . 2012-06-23 05:31 12310216 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll + 2012-01-18 22:49 . 2012-01-18 22:49 44700672 c:\windows\Installer\c9988.msi + 2012-05-24 22:34 . 2012-05-24 22:34 11071488 c:\windows\Installer\53937.msi + 2012-05-31 05:47 . 2012-05-31 05:47 20403200 c:\windows\Installer\5392d.msi + 2012-07-18 13:43 . 2012-07-18 13:43 17379840 c:\windows\Installer\4c9f716.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] 2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 hcw10cir;Hauppauge CIR Receiver;c:\windows\system32\drivers\hcw10cir.sys [2010-05-10 46080] R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] R3 DaShenAudio_simple;DaShen Audio Filter Driver (DaShen Copyright);c:\windows\system32\drivers\DaShenAudio.sys [2012-01-13 33816] R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2012-01-17 77520] R3 hcw10bda;Hauppauge Cx2310x WinTV Capture;c:\windows\system32\drivers\hcw10bda.sys [2010-12-09 641920] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-05-26 351136] R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-05-26 4186528] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Smport;Smport;c:\windows\system32\Smport.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-07 254528] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2012-01-17 331608] S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-01-04 363336] S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2012-01-04 329544] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-05-26 442656] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] 2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 20.17.157.15 20.17.157.16 FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\igbv66k0.default\ FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . ************************************************************************** . Completion time: 2012-07-20 17:12:24 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-20 21:12 ComboFix.txt 2012-07-20 17:40 . Pre-Run: 113,639,874,560 bytes free Post-Run: 113,755,795,456 bytes free . - - End Of File - - F7D928CC899EE39BE1D014A0121AAA95 --------------------------------------------- DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1 Run by Dan at 17:13:17 on 2012-07-20 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3999.2769 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\Expat Shield\bin\hsswd.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\NLSSRV32.EXE C:\Windows\SysWOW64\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\notepad.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll TCP: DhcpNameServer = 20.17.157.15 20.17.157.16 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\16474777966696 : DhcpNameServer = 192.168.5.1 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\5484D27457563747 : DhcpNameServer = 192.168.254.4 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\74C656E677F6F646 : DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\74C656E677F6F6463313 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\7796E67666F6F647 : DhcpNameServer = 148.74.252.7 148.74.252.8 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\E4544574541425 : DhcpNameServer = 10.1.10.1 TCP: Interfaces\{4565F866-6864-4D76-A3DF-92E6C88AE1DF} : DhcpNameServer = 20.17.157.15 20.17.157.16 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\igbv66k0.default\ FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2012-1-17 331608] R2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-1-4 363336] R2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat --> C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-19 655944] R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-3-21 68928] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-5-26 442656] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 hcw10cir;Hauppauge CIR Receiver;C:\Windows\system32\drivers\hcw10cir.sys --> C:\Windows\system32\drivers\hcw10cir.sys [?] S3 DaShenAudio_simple;DaShen Audio Filter Driver (DaShen Copyright);C:\Windows\system32\drivers\DaShenAudio.sys --> C:\Windows\system32\drivers\DaShenAudio.sys [?] S3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\EXPATTrayService.exe [2012-1-17 77520] S3 hcw10bda;Hauppauge Cx2310x WinTV Capture;C:\Windows\system32\drivers\hcw10bda.sys --> C:\Windows\system32\drivers\hcw10bda.sys [?] S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?] S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656] . =============== Created Last 30 ================ . 2012-07-20 16:18:06 192512 ----a-w- C:\Windows\SysWow64\ivphlrskk.exe 2012-07-20 14:46:58 192512 ----a-w- C:\Windows\SysWow64\rscmht.exe 2012-07-20 13:20:25 192512 ----a-w- C:\Windows\SysWow64\vuujpv.exe 2012-07-20 11:58:21 192512 ----a-w- C:\Windows\SysWow64\amsrkbnob.exe 2012-07-20 10:35:02 189952 ----a-w- C:\Windows\SysWow64\afxujqpxu.exe 2012-07-20 09:10:42 189952 ----a-w- C:\Windows\SysWow64\npbfqht.exe 2012-07-20 07:46:28 189952 ----a-w- C:\Windows\SysWow64\bgejqajwh.exe 2012-07-20 06:22:16 189952 ----a-w- C:\Windows\SysWow64\moxnpv.exe 2012-07-20 04:58:17 189952 ----a-w- C:\Windows\SysWow64\omcfdwfi.exe 2012-07-20 01:46:48 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF4FCD03-21F7-4A96-9F98-4BFCB9E6B12C}\mpengine.dll 2012-07-20 01:46:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-20 01:46:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-18 13:45:19 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-18 09:51:39 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-17 15:20:10 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-07-17 15:11:59 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-07-17 15:11:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-07-17 15:11:13 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-07-17 15:11:11 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-07-16 17:38:01 -------- d-----w- C:\Mountain_of_Ice 2012-07-16 16:59:48 -------- d-----w- C:\Mysterious_Life_of_Caves 2012-07-11 14:47:10 -------- d-----w- C:\Program Files\Synaptics 2012-07-11 14:46:37 -------- d-----w- C:\swsetup 2012-07-10 14:25:15 -------- d-----w- C:\THE_LOTTERY 2012-07-10 13:34:22 -------- d-----w- C:\HOW_TO_DIE_IN_OREGON 2012-07-08 02:55:57 -------- d-----w- C:\Users\Dan\AppData\Local\WBFSManager 2012-07-08 02:54:13 -------- d-----w- C:\Program Files\WBFS 2012-07-03 17:22:37 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{077C8753-F108-4350-A634-621BC64657B2}\gapaengine.dll 2012-07-03 14:24:45 -------- d-----w- C:\Program Files\Handbrake 2012-06-29 13:26:23 -------- d-----w- C:\Users\Dan\AppData\Local\Adobe 2012-06-26 17:37:00 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-06-26 17:37:00 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-06-26 17:37:00 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-06-26 17:36:04 -------- d-----w- C:\Program Files\iPod 2012-06-26 17:36:02 -------- d-----w- C:\Program Files\iTunes 2012-06-26 17:36:02 -------- d-----w- C:\Program Files (x86)\iTunes 2012-06-26 12:02:22 -------- d-----w- C:\Users\Dan\AppData\Roaming\QuickScan 2012-06-25 11:46:13 -------- d-----w- C:\Users\Dan\AppData\Local\Macromedia 2012-06-24 20:10:23 -------- d-----w- C:\Program Files (x86)\ESET 2012-06-22 19:50:25 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-21 05:19:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 05:19:34 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 05:19:19 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-21 05:19:18 36864 ----a-w- C:\Windows\System32\wuapp.exe . ==================== Find3M ==================== . 2012-07-18 20:29:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 20:29:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-16 04:37:59 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-06-16 04:37:59 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-06-16 01:04:40 188943 ----a-w- C:\Windows\SysWow64\mrjibjbgw.exe 2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-28 16:59:10 1799168 ----a-w- C:\Windows\SysWow64\mprdin.dll 2012-05-23 13:25:43 726016 ----a-w- C:\Windows\SysWow64\7z.dll 2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll . ============= FINISH: 17:15:09.08 ===============

hello screen317 MBAM log Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.18.06 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Dan :: DAN-PC [administrator] 7/19/2012 9:46:54 PM mbam-log-2012-07-19 (21-46-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 243819 Time elapsed: 9 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ---------------------------------- DDS.txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1 Run by Dan at 21:59:33 on 2012-07-19 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3999.2543 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\Expat Shield\bin\hsswd.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\NLSSRV32.EXE C:\Windows\SysWOW64\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\notepad.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll TCP: DhcpNameServer = 20.17.157.15 20.17.157.16 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\16474777966696 : DhcpNameServer = 192.168.5.1 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\5484D27457563747 : DhcpNameServer = 192.168.254.4 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\74C656E677F6F646 : DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\74C656E677F6F6463313 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\7796E67666F6F647 : DhcpNameServer = 148.74.252.7 148.74.252.8 TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\E4544574541425 : DhcpNameServer = 10.1.10.1 TCP: Interfaces\{4565F866-6864-4D76-A3DF-92E6C88AE1DF} : DhcpNameServer = 20.17.157.15 20.17.157.16 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\igbv66k0.default\ FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2012-1-17 331608] R2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-1-4 363336] R2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat --> C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat [?] R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-3-21 68928] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-5-26 442656] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 hcw10cir;Hauppauge CIR Receiver;C:\Windows\system32\drivers\hcw10cir.sys --> C:\Windows\system32\drivers\hcw10cir.sys [?] S3 DaShenAudio_simple;DaShen Audio Filter Driver (DaShen Copyright);C:\Windows\system32\drivers\DaShenAudio.sys --> C:\Windows\system32\drivers\DaShenAudio.sys [?] S3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\EXPATTrayService.exe [2012-1-17 77520] S3 hcw10bda;Hauppauge Cx2310x WinTV Capture;C:\Windows\system32\drivers\hcw10bda.sys --> C:\Windows\system32\drivers\hcw10bda.sys [?] S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?] S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656] . =============== Created Last 30 ================ . 2012-07-20 01:46:48 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF4FCD03-21F7-4A96-9F98-4BFCB9E6B12C}\mpengine.dll 2012-07-20 01:46:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-20 01:46:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-18 13:45:19 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-18 09:51:39 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-17 15:20:10 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-07-17 15:11:59 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-07-17 15:11:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-07-17 15:11:13 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-07-17 15:11:11 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-07-16 17:38:01 -------- d-----w- C:\Mountain_of_Ice 2012-07-16 16:59:48 -------- d-----w- C:\Mysterious_Life_of_Caves 2012-07-11 14:47:10 -------- d-----w- C:\Program Files\Synaptics 2012-07-11 14:46:37 -------- d-----w- C:\swsetup 2012-07-10 14:25:15 -------- d-----w- C:\THE_LOTTERY 2012-07-10 13:34:22 -------- d-----w- C:\HOW_TO_DIE_IN_OREGON 2012-07-08 02:55:57 -------- d-----w- C:\Users\Dan\AppData\Local\WBFSManager 2012-07-08 02:54:13 -------- d-----w- C:\Program Files\WBFS 2012-07-03 17:22:37 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{077C8753-F108-4350-A634-621BC64657B2}\gapaengine.dll 2012-07-03 14:24:45 -------- d-----w- C:\Program Files\Handbrake 2012-06-29 13:26:23 -------- d-----w- C:\Users\Dan\AppData\Local\Adobe 2012-06-26 17:37:00 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-06-26 17:37:00 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-06-26 17:37:00 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-06-26 17:36:04 -------- d-----w- C:\Program Files\iPod 2012-06-26 17:36:02 -------- d-----w- C:\Program Files\iTunes 2012-06-26 17:36:02 -------- d-----w- C:\Program Files (x86)\iTunes 2012-06-26 15:54:27 -------- d-sh--w- C:\$RECYCLE.BIN 2012-06-26 12:02:22 -------- d-----w- C:\Users\Dan\AppData\Roaming\QuickScan 2012-06-25 11:46:13 -------- d-----w- C:\Users\Dan\AppData\Local\Macromedia 2012-06-24 20:10:23 -------- d-----w- C:\Program Files (x86)\ESET 2012-06-22 19:50:25 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-21 05:19:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 05:19:34 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 05:19:19 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-21 05:19:18 36864 ----a-w- C:\Windows\System32\wuapp.exe . ==================== Find3M ==================== . 2012-07-18 20:29:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 20:29:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-16 04:37:59 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-06-16 04:37:59 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-06-16 01:04:40 188943 ----a-w- C:\Windows\SysWow64\mrjibjbgw.exe 2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-28 16:59:10 1799168 ----a-w- C:\Windows\SysWow64\mprdin.dll 2012-05-23 13:25:43 726016 ----a-w- C:\Windows\SysWow64\7z.dll 2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll . ============= FINISH: 22:01:41.50 ===============

Hello, I've been having this problem for the last 2-3 days it seems. I ran a few malware scanners but nothing picks anything up. attached is my latest malware bytes log along with the 2 files that are requested. Attach.txt DDS.txt mbam-log-2012-06-18 (11-09-20).txt