Jump to content

Giez

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Giez
    See post above regarding what Security Essentials sees. This was how I first detected there was a problem. The good news is it's not longer detecting the Users>>>Adam>>>Appdata path. So far no redirects...sample size about 20...via internet explorer. I have also since switched to Google Chrome, which hasn't redirected once....sample size closer to 40-50.
  2. Giez
    This is all that I am seeing currently: Security Essentials detected items on your PC that it doesn't recognize. By sending the files listed below, you can help Microsoft analysts determine whether these items are malicious. C:\Qoobox\Quarantine.zip C;\Users\Adam\Downloads\Quarantine.zip C:\Users\Adam\Downloads\Quarantine(1).zip
  3. Giez
    I will let you know this evening. I thought it was fine after combofix and I started getting Security Essentials pop-ups later that day. One question...I still have files in quarantine from Eset. May I simply delete those?
  4. Giez
    Quite a long log. Several files were not checked due to password protection. No threats detected. Kaspersky Log.zip
  5. Giez
    ESET Log: ESETSmartInstaller@High as downloader log: all ok I kept detected files in quarantine...wasn't sure if you wanted me to delete those yet given the instruction to just close the window & post the log. I am hoping this is what you were looking for. I was surprised to see such a short log. Maybe short is good news in this case.
  6. Giez
    I have followed others' instructions to get to this point. I could not find my original (fresh) DDS log, so the best I have at this point is the one I just ran. Here are my logs regarding a trojan that's been identified. Any help would be much appreciated and thanks in advance for your time spent. My apologies if I need to start from square one. Malwarebytes: Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.15.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Adam :: ADAM-PC [administrator] Protection: Enabled 9/15/2012 11:15:26 AM mbam-log-2012-09-15 (11-15-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223605 Time elapsed: 3 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Adam\AppData\Local\Temp\0.41827216041724546 (Trojan.BHO) -> Quarantined and deleted successfully. C:\Users\Adam\AppData\Local\Temp\0.5574026247446549 (Trojan.BHO) -> Quarantined and deleted successfully. C:\Users\Adam\AppData\Local\Temp\0.8449302239046887 (Trojan.BHO) -> Quarantined and deleted successfully. (end) Avast: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-16 15:52:23 ----------------------------- 15:52:23.367 OS Version: Windows x64 6.1.7601 Service Pack 1 15:52:23.367 Number of processors: 8 586 0x1A05 15:52:23.367 ComputerName: ADAM-PC UserName: Adam 15:52:24.287 Initialze error C000010E - driver not loaded 15:52:24.427 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process. 15:53:14.566 AVAST engine defs: 12091400 15:53:21.352 Service scanning 15:53:42.802 Modules scanning 15:53:42.802 Disk 0 trace - called modules: 15:53:42.802 15:53:44.128 AVAST engine scan C:\Windows 15:53:46.920 AVAST engine scan C:\Windows\system32 15:56:16.063 AVAST engine scan C:\Windows\system32\drivers 15:56:26.998 AVAST engine scan C:\Users\Adam 15:56:32.786 File: C:\Users\Adam\AppData\Local\Apps\Adobe\fddptrl.dll **INFECTED** Win32:Labedo-A [Trj] 15:57:49.224 The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR2.txt" DDS: (couldn't find the one I ran prior to Combofix) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Adam at 16:55:10 on 2012-09-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3865 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\ASUS.SYS\config\DVMExportService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k HPService C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\ASUS\TurboV\TurboV.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Adam\AppData\Local\Apps\2.0\A9GJO4H7.2Y4\RBY41X7X.TOK\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\CurseClient.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: HP QuickPrint: {1658d3a1-9e13-4196-a82a-d70d70880f36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" -b mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{801CB375-42B4-421A-B509-B348512C622B} : DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: HP QuickPrint: {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll BHO-X64: QpBHO Class - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" -b mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?] R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?] R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-16 397720] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-7-29 55096] R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-7-29 297240] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2010-12-9 90112] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 676936] R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-7-29 976728] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-28 382312] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-9 136176] S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-14 1258856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-8 250056] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-9 136176] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-8-12 14440] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-09-16 20:29:04 -------- d-sh--w- C:\$RECYCLE.BIN 2012-09-16 20:20:19 98816 ----a-w- C:\Windows\sed.exe 2012-09-16 20:20:19 518144 ----a-w- C:\Windows\SWREG.exe 2012-09-16 20:20:19 256000 ----a-w- C:\Windows\PEV.exe 2012-09-16 20:20:19 208896 ----a-w- C:\Windows\MBR.exe 2012-09-16 14:40:50 -------- d-----w- C:\e7fc70c41d4d4bf5bfbbfe0aa0263aa8 2012-09-16 14:12:08 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-16 13:53:08 -------- d-----w- C:\Users\Adam\AppData\Roaming\DriverCure 2012-09-16 13:53:07 -------- d-----w- C:\Users\Adam\AppData\Roaming\PC Utility Kit 2012-09-16 13:52:57 -------- d-----w- C:\ProgramData\PC Utility Kit 2012-09-16 13:14:40 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6519292-B479-4349-ABD2-5F2FEA42FA57}\mpengine.dll 2012-09-15 15:22:58 -------- d-----w- C:\ProgramData\Overwolf 2012-09-15 15:14:47 -------- d-----w- C:\Users\Adam\AppData\Roaming\Malwarebytes 2012-09-15 15:14:39 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-15 15:14:38 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-15 15:14:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-15 00:41:37 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-11 17:08:29 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-11 17:08:29 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-11 17:08:28 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-11 17:08:28 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-11 17:08:27 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-11 17:08:27 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-11 17:08:27 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-07 20:56:53 -------- d-----w- C:\Users\Adam\AppData\Local\Overwolf 2012-09-02 17:33:14 -------- d-----w- C:\Windows\Hewlett-Packard . ==================== Find3M ==================== . 2012-09-16 14:12:02 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-16 14:12:02 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-14 21:40:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-14 21:40:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-30 00:52:38 101688 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-14 14:45:55 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-07-14 14:45:54 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-28 23:56:15 2667062 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-06-28 23:55:57 3266408 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-06-28 23:55:46 6193000 ----a-w- C:\Windows\System32\nvcpl.dll 2012-06-28 23:55:40 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-06-28 23:55:39 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-06-28 23:55:39 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-06-28 21:44:42 428904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe . ============= FINISH: 16:55:27.78 =============== Combofix: ComboFix 12-09-15.02 - Adam 09/16/2012 16:21:26.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3710 [GMT -4:00] Running from: c:\users\Adam\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Adam\AppData\Local\Apps\Adobe\fddptrl.dll . . ((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 ))))))))))))))))))))))))))))))) . . 2012-09-16 20:26 . 2012-09-16 20:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-16 20:26 . 2012-09-16 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-16 14:40 . 2012-09-16 14:41 -------- d-----w- C:\e7fc70c41d4d4bf5bfbbfe0aa0263aa8 2012-09-16 14:12 . 2012-09-16 14:12 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-16 14:12 . 2012-09-16 14:12 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-16 14:12 . 2012-09-16 14:12 -------- d-----w- c:\program files (x86)\Java 2012-09-16 13:53 . 2012-09-16 13:53 -------- d-----w- c:\users\Adam\AppData\Roaming\DriverCure 2012-09-16 13:53 . 2012-09-16 13:53 -------- d-----w- c:\users\Adam\AppData\Roaming\PC Utility Kit 2012-09-16 13:52 . 2012-09-16 19:08 -------- d-----w- c:\programdata\PC Utility Kit 2012-09-16 13:14 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D6519292-B479-4349-ABD2-5F2FEA42FA57}\mpengine.dll 2012-09-15 15:22 . 2012-09-15 15:22 -------- d-----w- c:\programdata\Overwolf 2012-09-15 15:14 . 2012-09-15 15:14 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes 2012-09-15 15:14 . 2012-09-15 15:14 -------- d-----w- c:\programdata\Malwarebytes 2012-09-15 15:14 . 2012-09-15 15:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-15 15:14 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-15 00:41 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-11 17:08 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-11 17:08 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-11 17:08 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-11 17:08 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-11 17:08 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-11 17:08 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-11 17:08 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-07 20:56 . 2012-09-13 20:55 -------- d-----w- c:\users\Adam\AppData\Local\Overwolf 2012-09-02 17:33 . 2012-09-02 17:33 -------- d-----w- c:\windows\Hewlett-Packard . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-16 14:12 . 2012-05-08 14:29 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-16 14:12 . 2012-05-08 14:29 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-12 07:00 . 2010-12-15 15:10 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-14 21:40 . 2012-05-08 17:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-14 21:40 . 2011-08-22 23:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-30 00:52 . 2011-04-15 14:46 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys 2012-07-18 18:15 . 2012-08-15 20:41 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-14 14:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-07-14 14:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-07-04 22:16 . 2012-08-15 20:41 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-07-04 22:13 . 2012-08-15 20:41 59392 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 22:13 . 2012-08-15 20:41 136704 ----a-w- c:\windows\system32\browser.dll 2012-07-04 21:14 . 2012-08-15 20:41 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-06-29 04:55 . 2012-08-16 07:02 17809920 ----a-w- c:\windows\system32\mshtml.dll 2012-06-29 04:09 . 2012-08-16 07:02 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-06-29 03:56 . 2012-08-16 07:02 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 03:49 . 2012-08-16 07:02 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-29 03:49 . 2012-08-16 07:02 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 03:48 . 2012-08-16 07:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 03:47 . 2012-08-16 07:02 237056 ----a-w- c:\windows\system32\url.dll 2012-06-29 03:45 . 2012-08-16 07:02 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-29 03:44 . 2012-08-16 07:02 816640 ----a-w- c:\windows\system32\jscript.dll 2012-06-29 03:43 . 2012-08-16 07:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 03:42 . 2012-08-16 07:02 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-29 03:40 . 2012-08-16 07:02 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-29 03:39 . 2012-08-16 07:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-29 03:37 . 2012-07-26 20:53 9164648 ----a-w- c:\windows\system32\nvcuda.dll 2012-06-29 03:37 . 2012-07-26 20:53 828264 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-06-29 03:37 . 2012-07-26 20:53 7699304 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-06-29 03:37 . 2012-07-26 20:53 2744680 ----a-w- c:\windows\system32\nvcuvid.dll 2012-06-29 03:37 . 2012-07-26 20:53 26226536 ----a-w- c:\windows\system32\nvoglv64.dll 2012-06-29 03:37 . 2012-07-26 20:53 2573160 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-06-29 03:37 . 2012-07-26 20:53 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-06-29 03:37 . 2012-07-26 20:53 247144 ----a-w- c:\windows\system32\nvinitx.dll 2012-06-29 03:37 . 2012-07-26 20:53 2216296 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-06-29 03:37 . 2012-07-26 20:53 202600 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-06-29 03:37 . 2012-07-26 20:53 19828072 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-06-29 03:37 . 2012-07-26 20:53 1865064 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-06-29 03:37 . 2012-07-26 20:53 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-06-29 03:37 . 2012-07-26 20:53 1472360 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-06-29 03:37 . 2012-07-26 20:53 13365608 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-06-29 03:37 . 2012-07-14 14:22 969064 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-06-29 03:37 . 2012-07-14 14:22 2723688 ----a-w- c:\windows\system32\nvapi64.dll 2012-06-29 03:37 . 2012-05-02 20:46 14806376 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-06-29 03:37 . 2012-05-02 20:46 18228072 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-06-29 03:37 . 2012-05-02 20:46 15290216 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-06-29 03:37 . 2012-05-02 20:46 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-06-29 03:37 . 2012-02-10 02:43 60776 ----a-w- c:\windows\system32\OpenCL.dll 2012-06-29 03:37 . 2012-02-10 02:43 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-06-29 03:37 . 2012-02-10 02:43 1758056 ----a-w- c:\windows\system32\nvdispco64.dll 2012-06-29 03:37 . 2012-02-10 02:43 12388712 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-06-29 03:35 . 2012-08-16 07:02 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-29 00:16 . 2012-08-16 07:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-29 00:09 . 2012-08-16 07:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-29 00:08 . 2012-08-16 07:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-29 00:04 . 2012-08-16 07:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-29 00:00 . 2012-08-16 07:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-28 23:56 . 2012-07-14 14:23 2667062 ----a-w- c:\windows\system32\nvcoproc.bin 2012-06-28 23:55 . 2012-07-14 14:23 3266408 ----a-w- c:\windows\system32\nvsvc64.dll 2012-06-28 23:55 . 2012-07-14 14:23 6193000 ----a-w- c:\windows\system32\nvcpl.dll 2012-06-28 23:55 . 2012-07-14 14:23 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-06-28 23:55 . 2012-07-14 14:23 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-06-28 23:55 . 2012-07-14 14:23 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-06-28 21:44 . 2012-06-28 21:44 428904 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-09 39408] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-16 1353080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-11-19 5665280] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2010-12-15 0] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-09 136176] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-29 1258856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-09 136176] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2011-08-13 14440] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-10 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-30 101688] S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-16 397720] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-30 55096] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-30 297240] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2009-08-19 90112] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-30 976728] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-28 382312] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 51600] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 21:40] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-09 05:31] . 2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-09 05:31] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe Wow6432Node-HKCU-Run-Adobe - c:\users\Adam\AppData\Local\Apps\Adobe\fddptrl.dll . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3233702448-1458384512-3670773108-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3233702448-1458384512-3670773108-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files\ASUS\Six Engine\SixEngine.exe . ************************************************************************** . Completion time: 2012-09-16 16:31:49 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-16 20:31 . Pre-Run: 761,998,471,168 bytes free Post-Run: 762,347,548,672 bytes free . - - End Of File - - 152C04356CD370C936CB51A63FE57657 Here's the one causing all the frustration: 15:56:32.786 File: C:\Users\Adam\AppData\Local\Apps\Adobe\fddptrl.dll **INFECTED** Win32:Labedo-A [Trj]
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.