doran66
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by doran66
-
-
Everything is good right now, it took a bit today for problems to start up again after I uninstalled java last night. Is there anything else we need to try at this time?
Again, thank you very much for your assistance.
-
Results from AdwCleaner:
# AdwCleaner v2.009 - Logfile created 11/24/2012 at 15:35:37
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : DCHAM - DCHAM102086
# Boot Mode : Normal
# Running from : C:\Users\DCHAM\Downloads\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v9.0.1 (en-US)
Profile name : default
File : C:\Users\DCHAM\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [unable to get version]
File : C:\Users\DCHAM\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [899 octets] - [24/11/2012 15:35:37]
########## EOF - C:\AdwCleaner[R1].txt - [958 octets] ##########
-
Here is the latest ComboFix.txt
Thanks
ComboFix 12-11-24.02 - DCHAM 11/24/2012 14:24:42.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9685 [GMT -8:00]
Running from: c:\users\DCHAM\Desktop\ComboFix.exe
Command switches used :: c:\users\DCHAM\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\DCHAM\AppData\Roaming\Microsoft\Xyqzwni
c:\users\DCHAM\AppData\Roaming\Microsoft\Xyqzwni\dymwbvu.ain
c:\users\DCHAM\AppData\Roaming\Microsoft\Xyqzwni\xyqzwn.dll
c:\users\DCHAM\AppData\Roaming\Microsoft\Xyqzwni\xyqzwni32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cuyyjphks
.
.
((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
.
.
2012-11-24 22:28 . 2012-11-24 22:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-24 22:28 . 2012-11-24 22:28 -------- d-----w- c:\users\Mcx2-DCHAM102086\AppData\Local\temp
2012-11-24 22:28 . 2012-11-24 22:28 -------- d-----w- c:\users\Mcx1-DCHAM102086\AppData\Local\temp
2012-11-24 22:28 . 2012-11-24 22:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-11-24 22:28 . 2012-11-24 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-24 21:12 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EBD00C5-97C4-4A77-A4BF-552F2DD63B10}\mpengine.dll
2012-11-24 18:42 . 2012-11-24 18:42 -------- d-----w- C:\MBAR
2012-11-24 16:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-24 05:28 . 2012-11-24 05:32 -------- d-----w- c:\program files\HitmanPro
2012-11-24 05:28 . 2012-11-24 05:31 -------- d-----w- c:\programdata\HitmanPro
2012-11-19 06:16 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 06:16 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 06:16 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-19 06:16 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-19 06:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-19 06:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-19 06:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 06:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 06:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-19 06:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-19 06:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-19 01:13 . 2012-11-19 01:13 -------- d-----w- C:\Brother
2012-11-19 01:13 . 2005-01-17 07:10 45056 ----a-w- c:\windows\SysWow64\BRTCPCON.DLL
2012-11-19 01:13 . 2010-05-10 08:45 103736 ----a-w- c:\windows\SysWow64\BRRBTOOL.EXE
2012-11-19 01:13 . 2010-04-02 05:33 25299 ----a-w- c:\windows\SysWow64\BRLM03A.DLL
2012-11-19 01:13 . 2004-08-09 06:42 77824 ----a-w- c:\windows\SysWow64\BRLMW03A.DLL
2012-11-19 01:13 . 2010-08-03 04:57 217088 ----a-w- c:\windows\SysWow64\NSSearch.dll
2012-11-19 01:13 . 2010-03-16 03:56 2560 ----a-w- c:\windows\SysWow64\BrDctF2S.dll
2012-11-19 01:13 . 2010-03-16 03:45 73728 ----a-w- c:\windows\SysWow64\BrDctF2.dll
2012-11-19 01:13 . 2007-12-14 06:16 5120 ----a-w- c:\windows\SysWow64\BrDctF2L.dll
2012-11-19 01:13 . 2012-11-19 01:13 -------- d-----w- c:\program files (x86)\Brother
2012-11-19 01:12 . 2010-02-05 19:42 180224 ----a-w- c:\windows\SysWow64\BroSNMP.dll
2012-11-19 01:12 . 2012-11-19 01:13 -------- d-----w- c:\programdata\Brother
2012-11-11 14:02 . 2012-11-11 14:02 -------- d-----w- c:\program files (x86)\CodeFromThe70s.org
2012-11-03 02:59 . 2012-11-03 02:59 -------- d-----w- c:\programdata\ATI
2012-11-03 02:59 . 2012-11-03 02:59 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-03 02:55 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 06:11 . 2009-11-25 22:16 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-11 13:20 . 2012-08-11 05:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-11 13:20 . 2011-06-13 04:40 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 03:54 . 2009-12-18 03:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 22:37 . 2012-09-28 22:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 22:36 . 2012-09-28 22:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 22:36 . 2012-09-28 22:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 22:36 . 2012-09-28 22:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 22:36 . 2012-09-28 22:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 22:36 . 2012-09-28 22:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 22:32 . 2012-09-28 22:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 15:59 . 2012-10-21 00:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19A2954B-16CD-43F8-8340-5ECEF9BDE0B1}\gapaengine.dll
2012-09-28 15:59 . 2011-03-26 03:35 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2011-11-10 03:16 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2010-05-05 02:18 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-06-11 17:16 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2011-05-25 03:18 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2011-05-25 03:33 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2009-11-04 15:31 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2011-05-25 03:24 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2011-05-25 03:24 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2011-05-25 03:24 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2011-05-25 03:24 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-02 19:31 . 2012-09-02 19:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-02 19:31 . 2012-09-02 19:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 05:03 . 2010-10-25 05:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="d:\games\Steam.exe" [2012-08-11 1353080]
"DDAssist"="c:\program files (x86)\Drobo\Drobo Dashboard\DDAssist.exe" [2011-07-14 323456]
"Akamai NetSession Interface"="c:\users\DCHAM\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-05-25 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-05-08 210216]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-13 119152]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-18 75048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-07-07 47104]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-08-25 35840]
R3 cpuz130;cpuz130;c:\users\DORANC~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-25 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 27536]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 46616]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-15 1255736]
R3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x64.sys [2012-06-12 35352]
R3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x64.sys [2012-06-12 34328]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/16 17:55];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-18 05:29 146928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-11-24 108904]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-30 82816]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-28 06:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 13:20]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 13:20]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 13:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-14 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 4195848]
"VX3000"="c:\windows\vVX3000.exe" [2010-03-13 762736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\DCHAM\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-11-23 16:29; {4a068a1c-9604-493b-b11b-c2add4964c37}; c:\users\DCHAM\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\extensions\{4a068a1c-9604-493b-b11b-c2add4964c37}.xpi
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-664601792-439284596-4029592348-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:a9,01,e2,f6,59,8d,09,e2,e2,a4,34,ca,4a,fc,48,f3,71,4a,a9,4c,e9,
86,2e,a0,a3,a9,9e,31,d0,81,56,77,cb,0f,88,f5,03,08,9b,65,10,91,ce,75,c3,62,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2012-11-24 14:31:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-24 22:31
ComboFix2.txt 2012-11-24 03:20
.
Pre-Run: 44,358,234,112 bytes free
Post-Run: 44,172,234,752 bytes free
.
- - End Of File - - D7FAE40EC8336E813304D875A0FDCB16
-
Here is the ComboFix.txt:
ComboFix 12-11-24.02 - DCHAM 11/24/2012 12:50:46.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9606 [GMT -8:00]
Running from: c:\users\DCHAM\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
.
.
2012-11-24 20:54 . 2012-11-24 20:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-24 20:54 . 2012-11-24 20:54 -------- d-----w- c:\users\Mcx2-DCHAM102086\AppData\Local\temp
2012-11-24 20:54 . 2012-11-24 20:54 -------- d-----w- c:\users\Mcx1-DCHAM102086\AppData\Local\temp
2012-11-24 20:54 . 2012-11-24 20:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-11-24 20:54 . 2012-11-24 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-24 18:42 . 2012-11-24 18:42 -------- d-----w- C:\MBAR
2012-11-24 16:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52F9C032-1C8B-4A17-9386-07CB045E63D6}\mpengine.dll
2012-11-24 05:28 . 2012-11-24 05:32 -------- d-----w- c:\program files\HitmanPro
2012-11-24 05:28 . 2012-11-24 05:31 -------- d-----w- c:\programdata\HitmanPro
2012-11-24 04:49 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-19 06:16 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 06:16 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 06:16 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-19 06:16 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-19 06:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-19 06:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-19 06:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 06:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 06:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-19 06:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-19 06:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-19 01:13 . 2012-11-19 01:13 -------- d-----w- C:\Brother
2012-11-19 01:13 . 2005-01-17 07:10 45056 ----a-w- c:\windows\SysWow64\BRTCPCON.DLL
2012-11-19 01:13 . 2010-05-10 08:45 103736 ----a-w- c:\windows\SysWow64\BRRBTOOL.EXE
2012-11-19 01:13 . 2010-04-02 05:33 25299 ----a-w- c:\windows\SysWow64\BRLM03A.DLL
2012-11-19 01:13 . 2004-08-09 06:42 77824 ----a-w- c:\windows\SysWow64\BRLMW03A.DLL
2012-11-19 01:13 . 2010-08-03 04:57 217088 ----a-w- c:\windows\SysWow64\NSSearch.dll
2012-11-19 01:13 . 2010-03-16 03:56 2560 ----a-w- c:\windows\SysWow64\BrDctF2S.dll
2012-11-19 01:13 . 2010-03-16 03:45 73728 ----a-w- c:\windows\SysWow64\BrDctF2.dll
2012-11-19 01:13 . 2007-12-14 06:16 5120 ----a-w- c:\windows\SysWow64\BrDctF2L.dll
2012-11-19 01:13 . 2012-11-19 01:13 -------- d-----w- c:\program files (x86)\Brother
2012-11-19 01:12 . 2010-02-05 19:42 180224 ----a-w- c:\windows\SysWow64\BroSNMP.dll
2012-11-19 01:12 . 2012-11-19 01:13 -------- d-----w- c:\programdata\Brother
2012-11-11 14:02 . 2012-11-11 14:02 -------- d-----w- c:\program files (x86)\CodeFromThe70s.org
2012-11-03 02:59 . 2012-11-03 02:59 -------- d-----w- c:\programdata\ATI
2012-11-03 02:59 . 2012-11-03 02:59 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-03 02:55 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 06:11 . 2009-11-25 22:16 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-11 13:20 . 2012-08-11 05:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-11 13:20 . 2011-06-13 04:40 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 03:54 . 2009-12-18 03:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 22:37 . 2012-09-28 22:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 22:36 . 2012-09-28 22:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 22:36 . 2012-09-28 22:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 22:36 . 2012-09-28 22:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 22:36 . 2012-09-28 22:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 22:36 . 2012-09-28 22:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 22:32 . 2012-09-28 22:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 15:59 . 2012-10-21 00:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19A2954B-16CD-43F8-8340-5ECEF9BDE0B1}\gapaengine.dll
2012-09-28 15:59 . 2011-03-26 03:35 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2011-11-10 03:16 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2010-05-05 02:18 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-06-11 17:16 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2011-05-25 03:18 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2011-05-25 03:33 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2009-11-04 15:31 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2011-05-25 03:24 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2011-05-25 03:24 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2011-05-25 03:24 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2011-05-25 03:24 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-09-02 19:31 . 2012-09-02 19:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-02 19:31 . 2012-09-02 19:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 05:03 . 2010-10-25 05:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="d:\games\Steam.exe" [2012-08-11 1353080]
"DDAssist"="c:\program files (x86)\Drobo\Drobo Dashboard\DDAssist.exe" [2011-07-14 323456]
"Akamai NetSession Interface"="c:\users\DCHAM\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-05-25 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-05-08 210216]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-13 119152]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-18 75048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"1"="c:\program files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" [2012-09-30 218184]
"Z1"="c:\mbar\mbar\mbar.exe" [2012-11-08 1341800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-07-07 47104]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cuyyjphks;Remote Procedure Call (RPC) Service;c:\users\DCHAM\AppData\Roaming\Microsoft\Xyqzwni\xyqzwni.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-08-25 35840]
R3 cpuz130;cpuz130;c:\users\DORANC~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-25 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 27536]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 46616]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-15 1255736]
R3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x64.sys [2012-06-12 35352]
R3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x64.sys [2012-06-12 34328]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/16 17:55];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-18 05:29 146928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-11-24 108904]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-30 82816]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-28 06:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 13:20]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 13:20]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 13:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-14 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 4195848]
"VX3000"="c:\windows\vVX3000.exe" [2010-03-13 762736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\DCHAM\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-11-23 16:29; {4a068a1c-9604-493b-b11b-c2add4964c37}; c:\users\DCHAM\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\extensions\{4a068a1c-9604-493b-b11b-c2add4964c37}.xpi
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-664601792-439284596-4029592348-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:a9,01,e2,f6,59,8d,09,e2,e2,a4,34,ca,4a,fc,48,f3,71,4a,a9,4c,e9,
86,2e,a0,a3,a9,9e,31,d0,81,56,77,cb,0f,88,f5,03,08,9b,65,10,91,ce,75,c3,62,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-24 12:56:02
ComboFix-quarantined-files.txt 2012-11-24 20:56
ComboFix2.txt 2012-11-24 03:20
.
Pre-Run: 44,251,512,832 bytes free
Post-Run: 44,283,662,336 bytes free
.
- - End Of File - - 88B603CBF121415152E8150E29D2A838
-
I deleted the files per your instructions via Roguekiller and manually for the folder.
After running MBAR I received the following:
Cleanup:
Congratulations, no cleanup is required
Scan Finished: No malware found
Here are the logs:
mbar-log:
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.11.24.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DCHAM :: DCHAM102086 [administrator]
11/24/2012 10:56:05 AM
mbar-log-2012-11-24 (10-56-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 32433
Time elapsed: 8 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
system-log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.340000 GHz
Memory total: 12875583488, free: 9499553792
------------ Kernel report ------------
11/24/2012 10:47:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\ctprxy2k.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\msiscsi.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\ha20x22k.sys
\SystemRoot\system32\drivers\emupia2k.sys
\SystemRoot\system32\drivers\ctsfm2k.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\CTHWIUT.SYS
\SystemRoot\System32\drivers\CT20XUT.SYS
\SystemRoot\System32\drivers\CTEXFIFX.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\LGPBTDD.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\user32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\msctf.dll
\Windows\System32\ole32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shell32.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\setupapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\difxapi.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\imagehlp.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800cc28060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a9\
Lower Device Object: 0xfffffa800cc22750
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800cc27060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a8\
Lower Device Object: 0xfffffa800cc22060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800cc26060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a7\
Lower Device Object: 0xfffffa800cc1d550
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800cc25060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a6\
Lower Device Object: 0xfffffa800cc1f060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800cc24060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a5\
Lower Device Object: 0xfffffa800cc1eb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800a620790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa800a3b1060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800a61a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800a3a4060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2012.11.24.08
Downloaded database version: v2012.11.19.01
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800a61a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a61a2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a61a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a3573e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800a3a4060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a01650f120, 0xfffffa800a61a790, 0xfffffa8010157090
Lower DeviceData: 0xfffff8a017958600, 0xfffffa800a3a4060, 0xfffffa80100d1e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B8EA0E00
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 500113408
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 256060514304 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-500098192-500118192)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800a620790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a6201e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a620790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a3a7520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800a3b1060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a00bc57180, 0xfffffa800a620790, 0xfffffa80100c1640
Lower DeviceData: 0xfffff8a01968d590, 0xfffffa800a3b1060, 0xfffffa800fc7d090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A6548B34
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3907024896
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800cc24060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cc1d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cc24060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc1eb60, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800cc25060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cc24b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cc25060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc1f060, DeviceName: \Device\000000a6\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800cc26060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cc25b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cc26060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc1d550, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800cc27060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cc26b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cc27060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc22060, DeviceName: \Device\000000a8\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800cc28060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cc27b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cc28060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc22750, DeviceName: \Device\000000a9\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B8EA0E00
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 500113408
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 256060514304 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-500098192-500118192)...
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A6548B34
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3907024896
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800cc24060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cc1d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cc24060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc1eb60, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800cc25060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cc24b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cc25060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc1f060, DeviceName: \Device\000000a6\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800cc26060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cc25b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cc26060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc1d550, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800cc27060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cc26b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cc27060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc22060, DeviceName: \Device\000000a8\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800cc28060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cc27b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cc28060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc22750, DeviceName: \Device\000000a9\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
-
Thanks so much for your help, here is the output from RogueKiller:
RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : DCHAM [Admin rights]
Mode : Scan -- Date : 11/24/2012 09:57:46
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][ROGUE ST] HKLM\[...]\Wow6432Node\RunOnce : 1 (C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p) -> FOUND
[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl) -> FOUND
[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl) -> FOUND
[sTARTUP][sUSP PATH] vaaiwfbv.lnk @Guest : C:\Users\Guest\AppData\Roaming\Microsoft\Vaaiwfbv\vaaiwfbv.exe -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: CORSAIR CMFSSD-256GBG2D ATA Device +++++
--- User ---
[MBR] 607541a524bb2e9e48d5cb3ca06258c1
[bSP] a224d1731a240c3eff817feb5cbb8333 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 244196 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD20EADS-00R6B0 ATA Device +++++
--- User ---
[MBR] 204b7e577b57d8c9f9c1599814124daf
[bSP] 7b77c505ad3f90984c738ddbe259e48b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11242012_02d0957.txt >>
RKreport[1]_S_11242012_02d0957.txt
-
Hello.
2 days ago Microsoft Security Essentials started detecting Trojans on my computer. Both Malewarebytes and MSE found items to quarantine and remove, here is a sample:
PWS:Win32/Fareit.gen!E
TrojanDropper:Win32/Qakbot.A
Backdoor:Win32/Qakbot!lnk
Trojan:JS/Medfos.B
The Trojans kept returning, and I saw in some log posts on the MS site to uninstall Java first, which then allowed MSE to detect and remove items such as this:
Exploit:Java/CVE-2012-1723.DGW
Today I received this notification from Malewarebytes, and another detection of a Exploit:Java/CVE from MSE:
2012/11/24 08:27:59 -0800 DCHAM102086 IP-BLOCK 66.150.14.17 (Type: outgoing, Port: 49782, Process: iexplore.exe)
Any assistance would be greatly appreciated.
Here is the DDS file:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by DCham at 9:06:53 on 2012-11-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9541 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Games\steam.exe
C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [steam] "D:\Games\Steam.exe" -silent
uRun: [DDAssist] C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe
uRun: [Akamai NetSession Interface] "C:\Users\DCham\AppData\Local\Akamai\netsession_win.exe"
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
dRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AAC08565-3C4E-42B5-88BD-42ADEE3007F6} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [VX3000] C:\Windows\vVX3000.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DCham\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-11-23 16:29; {4a068a1c-9604-493b-b11b-c2add4964c37}; C:\Users\DCham\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\extensions\{4a068a1c-9604-493b-b11b-c2add4964c37}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/16 17:55:28];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 146928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-11-23 108904]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-6 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-17 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-13 96896]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-7-14 22408]
R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2009-7-1 30728]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2009-12-17 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cuyyjphks;Remote Procedure Call (RPC) Service;C:\Users\DCham\AppData\Roaming\Microsoft\Xyqzwni\xyqzwni.exe /D --> C:\Users\DCham\AppData\Roaming\Microsoft\Xyqzwni\xyqzwni.exe [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-8-11 35840]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-25 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-25 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2009-11-19 12744]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-2 19456]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\Windows\System32\drivers\rcblan.sys [2010-5-20 46616]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-2 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-14 1255736]
S3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;C:\Windows\System32\drivers\WLRAWMp50x64.sys [2011-3-30 35352]
S3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;C:\Windows\System32\drivers\WLRAWSp50x64.sys [2010-12-6 34328]
.
=============== Created Last 30 ================
.
2012-11-24 17:01:17 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52F9C032-1C8B-4A17-9386-07CB045E63D6}\offreg.dll
2012-11-24 16:33:15 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52F9C032-1C8B-4A17-9386-07CB045E63D6}\mpengine.dll
2012-11-24 05:28:26 -------- d-----w- C:\Program Files\HitmanPro
2012-11-24 05:28:03 -------- d-----w- C:\ProgramData\HitmanPro
2012-11-24 04:49:46 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-19 06:16:48 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-19 06:16:48 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-19 06:16:48 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-19 06:16:48 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-19 06:11:16 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-19 06:11:16 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-19 06:11:16 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-19 06:11:16 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-19 06:11:15 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-19 06:11:15 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-19 06:11:15 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-19 01:13:23 -------- d-----w- C:\Brother
2012-11-19 01:13:13 45056 ----a-w- C:\Windows\SysWow64\BRTCPCON.DLL
2012-11-19 01:13:05 103736 ----a-w- C:\Windows\SysWow64\BRRBTOOL.EXE
2012-11-19 01:13:03 77824 ----a-w- C:\Windows\SysWow64\BRLMW03A.DLL
2012-11-19 01:13:03 25299 ----a-w- C:\Windows\SysWow64\BRLM03A.DLL
2012-11-19 01:13:01 73728 ----a-w- C:\Windows\SysWow64\BrDctF2.dll
2012-11-19 01:13:01 5120 ----a-w- C:\Windows\SysWow64\BrDctF2L.dll
2012-11-19 01:13:01 2560 ----a-w- C:\Windows\SysWow64\BrDctF2S.dll
2012-11-19 01:13:01 217088 ----a-w- C:\Windows\SysWow64\NSSearch.dll
2012-11-19 01:13:00 -------- d-----w- C:\Program Files (x86)\Brother
2012-11-19 01:12:59 180224 ----a-w- C:\Windows\SysWow64\BroSNMP.dll
2012-11-19 01:12:16 -------- d-----w- C:\ProgramData\Brother
2012-11-11 14:02:46 -------- d-----w- C:\Program Files (x86)\CodeFromThe70s.org
2012-11-03 02:59:00 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-11-03 02:55:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
==================== Find3M ====================
.
2012-11-11 13:20:31 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-11 13:20:31 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-28 22:37:02 221696 ----a-w- C:\Windows\System32\clinfo.exe
2012-09-28 22:36:44 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-09-28 22:36:40 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-09-28 22:36:36 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-09-28 22:36:34 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-09-28 22:36:24 32635904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-09-28 22:32:16 27341824 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-09-28 02:23:00 5557928 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-09-28 02:21:20 10697216 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-09-28 02:05:38 70144 ----a-w- C:\Windows\System32\coinst_9.002.dll
2012-09-28 02:03:52 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-09-28 02:02:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-09-28 02:02:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-09-28 02:02:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-09-28 02:02:20 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-09-28 02:02:08 16082432 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-09-28 01:59:56 23825920 ----a-w- C:\Windows\System32\atio6axx.dll
2012-09-28 01:57:20 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-09-28 01:43:28 935424 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-09-28 01:41:40 1120768 ----a-w- C:\Windows\System32\aticfx64.dll
2012-09-28 01:41:14 19624960 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-09-28 01:39:36 6536192 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-09-28 01:39:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-09-28 01:39:08 538112 ----a-w- C:\Windows\System32\atieclxx.exe
2012-09-28 01:38:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-09-28 01:36:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-09-28 01:36:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-09-28 01:36:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-09-28 01:36:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-09-28 01:31:26 3127296 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-09-28 01:25:24 6704640 ----a-w- C:\Windows\System32\atiumd64.dll
2012-09-28 01:22:42 7167488 ----a-w- C:\Windows\System32\atidxx64.dll
2012-09-28 01:22:30 2691584 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-09-28 01:13:40 595456 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-09-28 01:13:30 405504 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-09-28 01:13:16 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-09-28 01:13:12 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-09-28 01:13:12 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-09-28 01:13:08 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-09-28 01:13:00 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-09-28 01:12:52 460288 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-09-28 01:11:22 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-09-28 01:11:16 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-09-28 01:11:08 103424 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-09-28 01:10:58 82944 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-09-28 01:09:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-02 19:31:47 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-02 19:31:47 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 9:07:10.78 ===============
attach file:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/25/2009 11:53:58 AM
System Uptime: 11/24/2012 9:01:04 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6TD DELUXE
Processor: Intel® Core i7 CPU 975 @ 3.33GHz | LGA1366 | 1700/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 41.586 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1771.817 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
U: is NetworkDisk (NTFS) - 16362 GiB total, 16256.637 GiB free.
V: is NetworkDisk (NTFS) - 16362 GiB total, 16256.637 GiB free.
Z: is NetworkDisk (NTFS) - 16362 GiB total, 16256.637 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP497: 11/24/2012 9:05:49 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
64 Bit HP CIO Components Installer
6400_Help
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Akamai NetSession Interface
Akamai NetSession Interface Service
Alpha Protocol
Amazon MP3 Downloader 1.0.10
Amazon MP3 Uploader
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
ATI AVIVO64 Codecs
ATI Catalyst Registration
ATI Problem Report Wizard
Baldur's Gate
Baldur's Gate II - Throne of Bhaal
Bastion
Betrayal Pack
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Brother MFL-Pro Suite MFC-7860DW
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Circle of Eight Modpack version 6.1.0 NC
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative Diagnostics
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
CyberLink PowerDVD 10
Dolby Digital Live Pack
Dragon Age II
Dragon Age: Origins
Drakensang
Drakensang The River of Time
Drobo Dashboard
Dungeon Siege III
DVDFab 8.0.6.6 (30/12/2010)
Ewisoft Website Builder (include eCommerce Builder) Version 5
Fallout
Fallout 3
Fallout: New Vegas
Faster Than Light
Futuremark SystemInfo
GIMP 2.6.11
GOG.com Downloader version 3.0.52
Google Chrome
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
HitmanPro 3.6
HP Officejet J6400 Series
HydraVision
Icewind Dale II
iTunes
J6400_Basic
LG Burning Tools
LG CyberLink LabelPrint
LG CyberLink PowerBackup
LG CyberLink PowerProducer
LG Power Tools
LightScribe System Software
Logitech Alert Commander
Logitech GamePanel Software 3.03.133
Logitech Harmony Remote Software 7
Magic The Gathering Tactics
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Compatibility Toolkit 5.6
Microsoft Corporation
Microsoft DirectX SDK (March 2008)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft LifeCam
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Netflix in Windows Media Center
Network64
NVIDIA PhysX
OpenAL
Origin
Poke
Pool of Radiance: RoMD
POR DB
PowerDVD
QuickTime
Remote Control USB Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Sid Meier's Civilization V
SPORE™
Star Wars: The Old Republic
Steam
Temple of Elemental Evil
The Elder Scrolls V: Skyrim
The Lord of the Rings FREE Trial
The Witcher Enhanced Edition
Toolbox
Torchlight
Torchlight 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vim 7.3 (self-installing)
WebReg
Windows Live ID Sign-in Assistant
WinZip 14.0
XBMC
XCOM: Enemy Unknown
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/24/2012 9:05:26 AM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/23/2012 8:50:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: DCHAM102086\DCham Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
11/23/2012 8:49:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.343.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x800703fa Error description: Illegal operation attempted on a registry key that has been marked for deletion.
11/23/2012 8:48:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.343.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x800703fa Error description: Illegal operation attempted on a registry key that has been marked for deletion.
.
==== End Of File ===========================
Cannot fully remove Trojan
in Resolved Malware Removal Logs
Posted
As I mentioned in my first post, MSE would remove Trojans, I would get a clean scan, then they would come back. One forum I found mentioned that uninstalling Java first would allow MSE to find the problem. I tried this, scanned, and picked up problem files it hadn't before.
Anyways, here is the checkup.txt:
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (9.0.1)
Google Chrome 22.0.1229.95
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````