Jump to content

Jedarius

Honorary Members
 View Profile  See their activity

  • Posts

    34

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Jedarius
    I've done all the updates...and my drive C: is an SSD so that's fine that it shows up as fragmented. Latest MBAM shows I'm clean, should be good to close this up. Thanks very much for all your help!
  2. Jedarius
    Results of screen317's Security Check version 0.99.60 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 21 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.2.202.233 Flash Player out of Date! Adobe Reader 10.1.3 Adobe Reader out of Date! Mozilla Firefox (19.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 43% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  3. Jedarius
    Clean run of MBAM this morning, I think we can officially close this case. Thank you for the help! Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hai :: HAI-HPC [administrator] Protection: Enabled 2/22/2013 9:28:53 AM mbam-log-2013-02-22 (09-28-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230087 Time elapsed: 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. Jedarius
    I think that did it, gonna give it another 24 hrs before we can call it a victory. Here's the latest MBAM: Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hai :: HAI-HPC [administrator] Protection: Enabled 2/21/2013 1:38:40 PM mbam-log-2013-02-21 (13-38-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208421 Time elapsed: 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. Jedarius
    Thanks for the help! Here's the ComboFix log: ComboFix 13-02-18.02 - Hai 02/19/2013 23:43:40.6.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16339.12315 [GMT -8:00] Running from: c:\users\Hai\Desktop\ComboFix.exe Command switches used :: c:\users\Hai\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Hai\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll c:\users\Hai\AppData\Roaming\MCommon c:\users\Hai\AppData\Roaming\MCommon\config.dat c:\users\Hai\AppData\Roaming\MCommon\sites.dat c:\users\Hai\AppData\Roaming\MCommon\uid.dat c:\users\Hai\AppData\Roaming\MCommon\uinfo.dat c:\users\Hai\AppData\Roaming\MCommon\vinfo.dat . . ((((((((((((((((((((((((( Files Created from 2013-01-20 to 2013-02-20 ))))))))))))))))))))))))))))))) . . 2013-02-20 07:45 . 2013-02-20 07:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-20 07:16 . 2013-02-20 07:16 -------- d-----w- c:\users\Hai\AppData\Roaming\Intuit Canada 2013-02-20 07:16 . 2013-02-20 07:16 -------- d-----w- c:\program files (x86)\Common Files\Intuit 2013-02-20 07:16 . 2013-02-20 07:16 -------- d-----w- c:\programdata\Intuit Canada 2013-02-16 23:45 . 2013-02-16 23:45 -------- d-----w- c:\program files (x86)\ESET 2013-02-15 04:35 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-15 04:35 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 03:14 . 2013-02-14 03:14 -------- d-----w- C:\_OTL 2013-02-12 07:15 . 2013-02-12 07:16 -------- d-----w- c:\windows\SysWow64\wbem\Performance 2013-02-12 07:05 . 2013-02-12 07:17 181064 ----a-w- c:\windows\PSEXESVC.EXE 2013-02-12 07:03 . 2013-02-12 07:17 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2013-02-11 05:42 . 2013-02-11 05:42 -------- d-----w- c:\program files\CCleaner 2013-02-06 07:12 . 2013-02-06 07:12 -------- d-----w- c:\users\Hai\AppData\Local\Futuremark 2013-02-06 06:31 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4326CDFA-7DE5-4A98-8004-087A3FB46E4C}\mpengine.dll 2013-02-02 07:18 . 2013-02-02 07:18 -------- d-----w- c:\users\Hai\AppData\Roaming\SUPERAntiSpyware.com 2013-02-02 07:17 . 2013-02-02 07:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-31 05:00 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2013-01-28 08:08 . 2013-01-28 08:08 -------- d-----w- c:\programdata\id Software 2013-01-23 07:45 . 2013-01-23 07:45 -------- d-----w- c:\users\Hai\AppData\Local\4A Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-18 00:00 . 2012-05-04 04:11 1048576 ----a-w- c:\windows\PE_Rom.dll 2013-02-15 04:37 . 2012-05-01 09:41 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-17 09:28 . 2012-05-01 10:10 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-04 04:43 . 2013-02-15 04:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-12-29 10:34 . 2013-01-05 22:24 1813432 ----a-w- c:\windows\system32\nvdispco64.dll 2012-12-29 10:34 . 2013-01-05 22:24 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-12-29 10:34 . 2013-01-05 22:24 7565240 ----a-w- c:\windows\system32\nvopencl.dll 2012-12-29 10:34 . 2013-01-05 22:24 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-12-29 10:34 . 2013-01-05 22:24 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-12-29 10:34 . 2013-01-05 22:24 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-12-29 10:34 . 2013-01-05 22:24 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-12-29 10:34 . 2013-01-05 22:24 26931128 ----a-w- c:\windows\system32\nvoglv64.dll 2012-12-29 10:34 . 2013-01-05 22:24 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-12-29 10:34 . 2013-01-05 22:24 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-12-29 10:34 . 2013-01-05 22:24 9389888 ----a-w- c:\windows\system32\nvcuda.dll 2012-12-29 10:34 . 2013-01-05 22:24 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-12-29 10:34 . 2013-01-05 22:24 364984 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll 2012-12-29 10:34 . 2013-01-05 22:24 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-12-29 10:34 . 2013-01-05 22:24 246024 ----a-w- c:\windows\system32\nvinitx.dll 2012-12-29 10:34 . 2013-01-05 22:24 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-12-29 10:34 . 2013-01-05 22:24 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-12-29 10:34 . 2013-01-05 22:24 201728 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-12-29 10:34 . 2013-01-05 22:24 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-12-29 10:34 . 2013-01-05 22:24 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-12-29 10:34 . 2013-01-05 22:24 420280 ----a-w- c:\windows\system32\nvEncodeAPI64.dll 2012-12-29 10:34 . 2013-01-05 22:24 2904504 ----a-w- c:\windows\system32\nvcuvid.dll 2012-12-29 10:34 . 2013-01-05 22:24 2824656 ----a-w- c:\windows\system32\nvapi64.dll 2012-12-29 10:34 . 2013-01-05 22:24 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-12-29 10:34 . 2013-01-05 22:24 25256376 ----a-w- c:\windows\system32\nvcompiler.dll 2012-12-29 10:34 . 2013-01-05 22:24 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-12-29 10:34 . 2013-01-05 22:24 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-12-29 08:40 . 2013-01-05 22:24 6382008 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-29 08:40 . 2013-01-05 22:24 3455416 ----a-w- c:\windows\system32\nvsvc64.dll 2012-12-29 08:40 . 2013-01-05 22:24 2923201 ----a-w- c:\windows\system32\nvcoproc.bin 2012-12-29 08:40 . 2013-01-05 22:24 884152 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-29 08:40 . 2013-01-05 22:24 63928 ----a-w- c:\windows\system32\nvshext.dll 2012-12-29 08:40 . 2013-01-05 22:24 118712 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-24 18:41 . 2012-12-24 18:41 1712201 ----a-w- c:\windows\SysWow64\InetClnt.dll 2012-12-23 04:42 . 2012-05-21 03:29 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-12-23 02:33 . 2012-05-21 03:27 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-12-16 17:11 . 2012-12-29 04:34 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-29 04:34 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-29 04:34 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-29 04:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-15 00:49 . 2012-09-15 08:08 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 13:20 . 2013-01-18 03:52 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-18 03:52 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-18 03:52 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-18 03:52 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-18 03:52 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-18 03:52 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-18 03:52 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-18 03:52 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-18 03:52 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-18 03:52 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-18 03:52 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-18 03:52 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-18 03:52 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-18 03:52 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-18 03:52 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-18 03:52 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-18 03:52 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-18 03:52 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-18 03:52 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-18 03:52 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-18 03:52 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-18 03:52 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-18 03:52 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-18 03:52 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-18 03:52 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-18 03:52 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-18 03:52 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-18 03:52 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-18 03:52 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-18 03:52 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-18 03:52 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 10:46 . 2013-01-18 03:52 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2012-12-03 15:47 . 2013-01-04 05:53 60776 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-03 15:47 . 2013-01-04 05:53 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-11-30 05:45 . 2013-01-18 03:52 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-11-30 05:45 . 2013-01-18 03:52 243200 ----a-w- c:\windows\system32\wow64.dll 2012-11-30 05:45 . 2013-01-18 03:52 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-11-30 05:43 . 2013-01-18 03:52 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-11-30 05:41 . 2013-01-18 03:52 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 05:41 . 2013-01-18 03:52 1161216 ----a-w- c:\windows\system32\kernel32.dll 2012-11-30 05:38 . 2013-01-18 03:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d6a4}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-12 969104] "KiesHelper"="d:\program files (x86)\Samsung\Kies\Kies\KiesHelper.exe" [2012-06-08 958392] "KiesPDLR"="d:\program files (x86)\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432] "DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Samsung Network PC Fax.lnk - c:\windows\System32\spool\drivers\x64\3\NetFaxTray64.exe [2012-9-17 273408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-20 363800] R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x] R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768] R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184] R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-23 77104] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-20 283200] S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880] S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe [2012-02-01 1489024] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2011-08-05 225280] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-08-16 178344] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560] S2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184] S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344] S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-23 19720] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-23 79504] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2012-04-26 237056] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2012-02-15 11576] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416] S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104] . . Contents of the 'Scheduled Tasks' folder . 2013-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 18:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-28 6457960] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - d:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - d:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - d:\program files (x86)\TurboTax 2012\ic2012pp.dll FF - ProfilePath - c:\users\Hai\AppData\Roaming\Mozilla\Firefox\Profiles\c4g4sdlg.default\ FF - ExtSQL: !HIDDEN! 2012-05-07 18:22; hotfix@mozilla.org; c:\users\Hai\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Completion time: 2013-02-19 23:48:28 - machine was rebooted ComboFix-quarantined-files.txt 2013-02-20 07:48 ComboFix2.txt 2013-02-17 23:54 ComboFix3.txt 2013-02-16 07:38 ComboFix4.txt 2013-02-06 15:29 ComboFix5.txt 2013-02-20 07:43 . Pre-Run: 151,778,177,024 bytes free Post-Run: 153,561,280,512 bytes free . - - End Of File - - 0E4F4677486C46ED140F043907FA4D9B and MBAM log: Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hai :: HAI-HPC [administrator] Protection: Disabled 2/19/2013 11:49:23 PM mbam-log-2013-02-19 (23-49-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208433 Time elapsed: 1 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. Jedarius
    Latest MBAM log: Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hai :: HAI-HPC [administrator] Protection: Enabled 2/19/2013 9:54:20 PM mbam-log-2013-02-19 (21-54-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208944 Time elapsed: 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|WindowsLiveUpdate (Trojan.Agent.DL) -> Data: C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully. (end)
  7. Jedarius
    Sorry for the late reply: SystemLook 30.07.11 by jpshortstuff Log created at 21:53 on 19/02/2013 by Hai Administrator - Elevation successful ========== filefind ========== Searching for "WinLive.dll " No files found. -= EOF =-
  8. Jedarius
    Looks like it's back again: Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.18.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hai :: HAI-HPC [administrator] Protection: Enabled 2/18/2013 8:06:36 PM mbam-log-2013-02-18 (20-06-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208699 Time elapsed: 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|WindowsLiveUpdate (Trojan.Agent.DL) -> Data: C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully. (end)
  9. Jedarius
    Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.17.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hai :: HAI-HPC [administrator] Protection: Enabled 2/17/2013 4:00:39 PM mbam-log-2013-02-17 (16-00-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208214 Time elapsed: 1 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  10. Jedarius
    Here's the ComboFix.txt log: ComboFix 13-02-15.01 - Hai 02/17/2013 15:48:17.5.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16339.14167 [GMT -8:00] Running from: c:\users\Hai\Desktop\ComboFix.exe Command switches used :: c:\users\Hai\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Hai\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll . . ((((((((((((((((((((((((( Files Created from 2013-01-17 to 2013-02-17 ))))))))))))))))))))))))))))))) . . 2013-02-17 23:50 . 2013-02-17 23:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-16 23:45 . 2013-02-16 23:45 -------- d-----w- c:\program files (x86)\ESET 2013-02-15 04:35 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-15 04:35 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 03:14 . 2013-02-14 03:14 -------- d-----w- C:\_OTL 2013-02-12 07:15 . 2013-02-12 07:16 -------- d-----w- c:\windows\SysWow64\wbem\Performance 2013-02-12 07:05 . 2013-02-12 07:17 181064 ----a-w- c:\windows\PSEXESVC.EXE 2013-02-12 07:03 . 2013-02-12 07:17 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2013-02-11 05:42 . 2013-02-11 05:42 -------- d-----w- c:\program files\CCleaner 2013-02-06 07:12 . 2013-02-06 07:12 -------- d-----w- c:\users\Hai\AppData\Local\Futuremark 2013-02-06 06:31 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4326CDFA-7DE5-4A98-8004-087A3FB46E4C}\mpengine.dll 2013-02-02 07:18 . 2013-02-02 07:18 -------- d-----w- c:\users\Hai\AppData\Roaming\SUPERAntiSpyware.com 2013-02-02 07:17 . 2013-02-02 07:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-31 05:00 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2013-01-28 08:08 . 2013-01-28 08:08 -------- d-----w- c:\programdata\id Software 2013-01-23 07:45 . 2013-01-23 07:45 -------- d-----w- c:\users\Hai\AppData\Local\4A Games 2013-01-20 17:33 . 2013-01-20 17:33 -------- d-----w- c:\users\Hai\AppData\Local\The Witcher 2 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-16 07:55 . 2012-05-04 04:11 1048576 ----a-w- c:\windows\PE_Rom.dll 2013-02-15 04:37 . 2012-05-01 09:41 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-17 09:28 . 2012-05-01 10:10 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-04 04:43 . 2013-02-15 04:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-12-29 10:34 . 2013-01-05 22:24 1813432 ----a-w- c:\windows\system32\nvdispco64.dll 2012-12-29 10:34 . 2013-01-05 22:24 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-12-29 10:34 . 2013-01-05 22:24 7565240 ----a-w- c:\windows\system32\nvopencl.dll 2012-12-29 10:34 . 2013-01-05 22:24 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-12-29 10:34 . 2013-01-05 22:24 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-12-29 10:34 . 2013-01-05 22:24 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-12-29 10:34 . 2013-01-05 22:24 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-12-29 10:34 . 2013-01-05 22:24 26931128 ----a-w- c:\windows\system32\nvoglv64.dll 2012-12-29 10:34 . 2013-01-05 22:24 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-12-29 10:34 . 2013-01-05 22:24 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-12-29 10:34 . 2013-01-05 22:24 9389888 ----a-w- c:\windows\system32\nvcuda.dll 2012-12-29 10:34 . 2013-01-05 22:24 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-12-29 10:34 . 2013-01-05 22:24 364984 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll 2012-12-29 10:34 . 2013-01-05 22:24 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-12-29 10:34 . 2013-01-05 22:24 246024 ----a-w- c:\windows\system32\nvinitx.dll 2012-12-29 10:34 . 2013-01-05 22:24 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-12-29 10:34 . 2013-01-05 22:24 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-12-29 10:34 . 2013-01-05 22:24 201728 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-12-29 10:34 . 2013-01-05 22:24 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-12-29 10:34 . 2013-01-05 22:24 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-12-29 10:34 . 2013-01-05 22:24 420280 ----a-w- c:\windows\system32\nvEncodeAPI64.dll 2012-12-29 10:34 . 2013-01-05 22:24 2904504 ----a-w- c:\windows\system32\nvcuvid.dll 2012-12-29 10:34 . 2013-01-05 22:24 2824656 ----a-w- c:\windows\system32\nvapi64.dll 2012-12-29 10:34 . 2013-01-05 22:24 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-12-29 10:34 . 2013-01-05 22:24 25256376 ----a-w- c:\windows\system32\nvcompiler.dll 2012-12-29 10:34 . 2013-01-05 22:24 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-12-29 10:34 . 2013-01-05 22:24 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-12-29 08:40 . 2013-01-05 22:24 6382008 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-29 08:40 . 2013-01-05 22:24 3455416 ----a-w- c:\windows\system32\nvsvc64.dll 2012-12-29 08:40 . 2013-01-05 22:24 2923201 ----a-w- c:\windows\system32\nvcoproc.bin 2012-12-29 08:40 . 2013-01-05 22:24 884152 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-29 08:40 . 2013-01-05 22:24 63928 ----a-w- c:\windows\system32\nvshext.dll 2012-12-29 08:40 . 2013-01-05 22:24 118712 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-23 04:42 . 2012-05-21 03:29 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-12-23 02:33 . 2012-05-21 03:27 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-12-16 17:11 . 2012-12-29 04:34 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-29 04:34 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-29 04:34 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-29 04:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-15 00:49 . 2012-09-15 08:08 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 13:20 . 2013-01-18 03:52 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-18 03:52 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-18 03:52 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-18 03:52 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-18 03:52 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-18 03:52 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-18 03:52 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-18 03:52 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-18 03:52 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-18 03:52 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-18 03:52 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-18 03:52 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-18 03:52 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-18 03:52 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-18 03:52 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-18 03:52 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-18 03:52 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-18 03:52 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-18 03:52 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-18 03:52 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-18 03:52 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-18 03:52 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-18 03:52 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-18 03:52 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-18 03:52 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-18 03:52 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-18 03:52 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-18 03:52 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-18 03:52 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-18 03:52 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-18 03:52 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 10:46 . 2013-01-18 03:52 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2012-12-03 15:47 . 2013-01-04 05:53 60776 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-03 15:47 . 2013-01-04 05:53 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-11-30 05:45 . 2013-01-18 03:52 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-11-30 05:45 . 2013-01-18 03:52 243200 ----a-w- c:\windows\system32\wow64.dll 2012-11-30 05:45 . 2013-01-18 03:52 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-11-30 05:43 . 2013-01-18 03:52 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-11-30 05:41 . 2013-01-18 03:52 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 05:41 . 2013-01-18 03:52 1161216 ----a-w- c:\windows\system32\kernel32.dll 2012-11-30 05:38 . 2013-01-18 03:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-11-30 05:38 . 2013-01-18 03:52 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d6a4}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-12 969104] "KiesHelper"="d:\program files (x86)\Samsung\Kies\Kies\KiesHelper.exe" [2012-06-08 958392] "KiesPDLR"="d:\program files (x86)\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432] "DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Samsung Network PC Fax.lnk - c:\windows\System32\spool\drivers\x64\3\NetFaxTray64.exe [2012-9-17 273408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x] R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768] R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184] R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-23 77104] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-20 283200] S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880] S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe [2012-02-01 1489024] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2011-08-05 225280] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-08-16 178344] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560] S2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184] S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344] S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-23 19720] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-23 79504] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2012-04-26 237056] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2012-02-15 11576] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-20 363800] S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176] . . Contents of the 'Scheduled Tasks' folder . 2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 18:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-28 6457960] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - d:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - d:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Hai\AppData\Roaming\Mozilla\Firefox\Profiles\c4g4sdlg.default\ FF - ExtSQL: !HIDDEN! 2012-05-07 18:22; hotfix@mozilla.org; c:\users\Hai\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-02-17 15:54:06 - machine was rebooted ComboFix-quarantined-files.txt 2013-02-17 23:54 ComboFix2.txt 2013-02-16 07:38 ComboFix3.txt 2013-02-06 15:29 ComboFix4.txt 2013-02-06 07:10 ComboFix5.txt 2013-02-17 23:47 . Pre-Run: 151,092,248,576 bytes free Post-Run: 151,042,965,504 bytes free . - - End Of File - - 1344FCD5E08FA4E02DA7BA7C03808D06
  11. Jedarius
    Looks like it's back again. Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.17.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hai :: HAI-HPC [administrator] Protection: Enabled 2/17/2013 11:41:54 AM mbam-log-2013-02-17 (11-41-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208830 Time elapsed: 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|WindowsLiveUpdate (Trojan.Agent.DL) -> Data: C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully. (end)
  12. Jedarius
    I've deleted the WinLive.dll file and here's the SecurityCheck.exe log Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! McAfee VirusScan Enterprise Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 21 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.2.202.233 Flash Player out of Date! Adobe Reader 10.1.3 Adobe Reader out of Date! Mozilla Firefox (18.0.2) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe McAfee VirusScan Enterprise x64 EngineServer.exe McAfee VirusScan Enterprise VsTskMgr.exe McAfee VirusScan Enterprise x64 McShield.exe McAfee VirusScan Enterprise x64 mfeann.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 41% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` ---------------------------- Here's the latest MBAM log, looks like things are good: Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.15.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hai :: HAI-HPC [administrator] Protection: Enabled 2/17/2013 12:00:36 AM mbam-log-2013-02-17 (00-00-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216399 Time elapsed: 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  13. Jedarius
    ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=7d28c1370c3b3e4795de059000301358 # engine=13173 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-02-17 01:35:34 # local_time=2013-02-16 05:35:34 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 8265 112608384 0 0 # scanned=216295 # found=3 # cleaned=0 # scan_time=6412 sh=E2810B9B3BB9B77A9D9C368F5667D75C8C5E7856 ft=1 fh=a2566cf690f106ad vn="a variant of MSIL/Adware.BHO.B application" ac=I fn="C:\Users\Hai\AppData\Roaming\WinLive\WinLive.dll" sh=B2790B1DEE00BA7EEC07B4E0868E32FB1B330941 ft=1 fh=97dd9fbbdab00a6c vn="a variant of Win32/HackTool.CheatEngine.AG application" ac=I fn="D:\cht\ac30-Jedarius.exe" sh=F860B0DD592E60596327089E8A76101626EE3303 ft=1 fh=46b2cbe6b4eb892e vn="a variant of Win32/GameHack.S application" ac=I fn="F:\cht\pztrain.exe" ESETSmartInstaller@High as downloader log: all ok
  14. Jedarius
    Here's the latest MBAM log: Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.15.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hai :: HAI-HPC [administrator] Protection: Enabled 2/16/2013 2:00:11 PM mbam-log-2013-02-16 (14-00-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216147 Time elapsed: 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ------------------ Looks clean I will run another sweep tonight after 11:30PM to see if it re-emerges. Thanks for the help!
  15. Jedarius
    Here's the ComboFix.txt log: ComboFix 13-02-15.01 - Hai 02/15/2013 23:33:34.4.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16339.13425 [GMT -8:00] Running from: c:\users\Hai\Desktop\ComboFix.exe Command switches used :: c:\users\Hai\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} * Resident AV is active . . FILE :: "c:\users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Hai\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll c:\users\Hai\AppData\Local\Temp\jna8123850758693307692.dll . . ((((((((((((((((((((((((( Files Created from 2013-01-16 to 2013-02-16 ))))))))))))))))))))))))))))))) . . 2013-02-16 07:35 . 2013-02-16 07:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-14 03:14 . 2013-02-14 03:14 -------- d-----w- C:\_OTL 2013-02-12 07:15 . 2013-02-12 07:16 -------- d-----w- c:\windows\SysWow64\wbem\Performance 2013-02-12 07:05 . 2013-02-12 07:17 181064 ----a-w- c:\windows\PSEXESVC.EXE 2013-02-12 07:03 . 2013-02-12 07:17 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2013-02-11 05:42 . 2013-02-11 05:42 -------- d-----w- c:\program files\CCleaner 2013-02-06 07:12 . 2013-02-06 07:12 -------- d-----w- c:\users\Hai\AppData\Local\Futuremark 2013-02-06 06:31 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4326CDFA-7DE5-4A98-8004-087A3FB46E4C}\mpengine.dll 2013-02-02 07:18 . 2013-02-02 07:18 -------- d-----w- c:\users\Hai\AppData\Roaming\SUPERAntiSpyware.com 2013-02-02 07:17 . 2013-02-02 07:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-31 05:00 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2013-01-28 08:08 . 2013-01-28 08:08 -------- d-----w- c:\programdata\id Software 2013-01-23 07:45 . 2013-01-23 07:45 -------- d-----w- c:\users\Hai\AppData\Local\4A Games 2013-01-20 17:33 . 2013-01-20 17:33 -------- d-----w- c:\users\Hai\AppData\Local\The Witcher 2 2013-01-18 03:51 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-18 03:51 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-18 03:51 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-18 03:51 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-18 03:51 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-18 03:51 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-15 04:37 . 2012-05-01 09:41 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-02-14 03:16 . 2012-05-04 04:11 1048576 ----a-w- c:\windows\PE_Rom.dll 2013-01-17 09:28 . 2012-05-01 10:10 273840 ------w- c:\windows\system32\MpSigStub.exe 2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-12-29 10:34 . 2013-01-05 22:24 1813432 ----a-w- c:\windows\system32\nvdispco64.dll 2012-12-29 10:34 . 2013-01-05 22:24 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-12-29 10:34 . 2013-01-05 22:24 7565240 ----a-w- c:\windows\system32\nvopencl.dll 2012-12-29 10:34 . 2013-01-05 22:24 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-12-29 10:34 . 2013-01-05 22:24 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-12-29 10:34 . 2013-01-05 22:24 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-12-29 10:34 . 2013-01-05 22:24 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-12-29 10:34 . 2013-01-05 22:24 26931128 ----a-w- c:\windows\system32\nvoglv64.dll 2012-12-29 10:34 . 2013-01-05 22:24 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-12-29 10:34 . 2013-01-05 22:24 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-12-29 10:34 . 2013-01-05 22:24 9389888 ----a-w- c:\windows\system32\nvcuda.dll 2012-12-29 10:34 . 2013-01-05 22:24 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-12-29 10:34 . 2013-01-05 22:24 364984 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll 2012-12-29 10:34 . 2013-01-05 22:24 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-12-29 10:34 . 2013-01-05 22:24 246024 ----a-w- c:\windows\system32\nvinitx.dll 2012-12-29 10:34 . 2013-01-05 22:24 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-12-29 10:34 . 2013-01-05 22:24 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-12-29 10:34 . 2013-01-05 22:24 201728 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-12-29 10:34 . 2013-01-05 22:24 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-12-29 10:34 . 2013-01-05 22:24 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-12-29 10:34 . 2013-01-05 22:24 420280 ----a-w- c:\windows\system32\nvEncodeAPI64.dll 2012-12-29 10:34 . 2013-01-05 22:24 2904504 ----a-w- c:\windows\system32\nvcuvid.dll 2012-12-29 10:34 . 2013-01-05 22:24 2824656 ----a-w- c:\windows\system32\nvapi64.dll 2012-12-29 10:34 . 2013-01-05 22:24 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-12-29 10:34 . 2013-01-05 22:24 25256376 ----a-w- c:\windows\system32\nvcompiler.dll 2012-12-29 10:34 . 2013-01-05 22:24 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-12-29 10:34 . 2013-01-05 22:24 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-12-29 08:40 . 2013-01-05 22:24 6382008 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-29 08:40 . 2013-01-05 22:24 3455416 ----a-w- c:\windows\system32\nvsvc64.dll 2012-12-29 08:40 . 2013-01-05 22:24 2923201 ----a-w- c:\windows\system32\nvcoproc.bin 2012-12-29 08:40 . 2013-01-05 22:24 884152 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-29 08:40 . 2013-01-05 22:24 63928 ----a-w- c:\windows\system32\nvshext.dll 2012-12-29 08:40 . 2013-01-05 22:24 118712 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-23 04:42 . 2012-05-21 03:29 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-12-23 02:33 . 2012-05-21 03:27 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-12-16 17:11 . 2012-12-29 04:34 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-29 04:34 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-29 04:34 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-29 04:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-15 00:49 . 2012-09-15 08:08 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-03 15:47 . 2013-01-04 05:53 60776 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-03 15:47 . 2013-01-04 05:53 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-11-30 04:45 . 2013-01-18 03:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-22 20:47 . 2012-11-22 22:22 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d6a4}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-12 969104] "KiesHelper"="d:\program files (x86)\Samsung\Kies\Kies\KiesHelper.exe" [2012-06-08 958392] "KiesPDLR"="d:\program files (x86)\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432] "DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Samsung Network PC Fax.lnk - c:\windows\System32\spool\drivers\x64\3\NetFaxTray64.exe [2012-9-17 273408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592] R2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184] R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-20 363800] R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x] R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768] R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184] R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-23 77104] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-20 283200] S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880] S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe [2012-02-01 1489024] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816] S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2011-08-05 225280] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-08-16 178344] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560] S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-23 19720] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-23 79504] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2012-04-26 237056] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2012-02-15 11576] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416] S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008] . . Contents of the 'Scheduled Tasks' folder . 2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 18:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-28 6457960] "RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - d:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - d:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Hai\AppData\Roaming\Mozilla\Firefox\Profiles\c4g4sdlg.default\ FF - ExtSQL: !HIDDEN! 2012-05-07 18:22; hotfix@mozilla.org; c:\users\Hai\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe . ************************************************************************** . Completion time: 2013-02-15 23:38:17 - machine was rebooted ComboFix-quarantined-files.txt 2013-02-16 07:38 ComboFix2.txt 2013-02-06 15:29 ComboFix3.txt 2013-02-06 07:10 ComboFix4.txt 2013-02-06 06:30 . Pre-Run: 152,273,502,208 bytes free Post-Run: 152,246,972,416 bytes free . - - End Of File - - 47DE6004AB69B5B3273B2AED6207992F
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.