Jump to content

jamaster14

Members
  • Posts

    15
  • Joined

  • Last visited

Everything posted by jamaster14

  1. Combofix.txt ComboFix 13-07-20.01 - Jamaster 07/20/2013 9:47.3.2 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6351 [GMT -4:00]Running from: c:\users\Jamaster\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\SysWow64\Packet.dllc:\windows\SysWow64\pthreadVC.dllc:\windows\SysWow64\wpcap.dll..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NPF-------\Service_npf..((((((((((((((((((((((((( Files Created from 2013-06-20 to 2013-07-20 )))))))))))))))))))))))))))))))..2013-07-20 13:55 . 2013-07-20 13:55 -------- d-----w- c:\users\Public\AppData\Local\temp2013-07-20 13:55 . 2013-07-20 13:55 -------- d-----w- c:\users\Guest\AppData\Local\temp2013-07-20 13:55 . 2013-07-20 13:55 -------- d-----w- c:\users\DTS\AppData\Local\temp2013-07-20 13:55 . 2013-07-20 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp2013-07-19 13:01 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28A149A5-DB46-43AD-A317-7F04D73ACF15}\mpengine.dll2013-07-19 02:04 . 2013-05-25 00:22 171512 ----a-w- c:\windows\system32\Spool\prtprocs\x64\dellopd.ppr.dll2013-07-18 20:22 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-07-17 00:35 . 2013-07-17 00:35 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D64579FC-A8B4-4BD2-838C-7092F6B8B883}\gapaengine.dll2013-07-11 07:06 . 2013-06-11 23:43 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-07-11 07:06 . 2013-06-11 23:43 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll2013-07-11 07:06 . 2013-06-11 23:26 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-07-11 07:06 . 2013-06-11 23:26 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-07-11 07:06 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-07-11 07:06 . 2013-06-11 23:25 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-07-11 07:06 . 2013-06-11 23:26 2241024 ----a-w- c:\windows\system32\wininet.dll2013-07-11 07:06 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll2013-07-11 07:06 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll2013-07-03 03:03 . 2013-07-03 03:03 -------- d-----w- c:\windows\ERUNT2013-07-03 03:03 . 2013-07-03 03:03 -------- d-----w- C:\JRT2013-07-02 23:31 . 2013-07-02 23:31 -------- d-----w- c:\users\Jamaster\AppData\Roaming\VDownloader2013-07-02 23:31 . 2013-07-02 23:31 -------- d-----w- c:\program files\WinPcap2013-07-02 23:31 . 2013-07-02 23:32 -------- d-----w- c:\users\Jamaster\AppData\Local\VDownloader2013-07-02 23:31 . 2013-06-27 21:00 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe2013-07-02 23:31 . 2013-07-02 23:31 -------- d-----w- c:\program files\VDownloader2013-07-02 23:30 . 2013-07-02 23:31 -------- d-----w- c:\program files (x86)\LessTabs2013-07-02 23:28 . 2013-07-02 23:28 -------- d-----w- c:\program files (x86)\Common Files\Java2013-07-02 23:28 . 2013-07-02 23:28 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-07-02 23:28 . 2013-07-02 23:28 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-11 07:08 . 2010-02-14 14:21 78185248 ----a-w- c:\windows\system32\MRT.exe2013-07-02 23:28 . 2010-04-22 00:11 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-06-21 13:10 . 2011-12-22 13:04 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-06-18 03:38 . 2013-03-22 18:45 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-06-18 03:38 . 2012-01-27 13:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-15 02:13 . 2011-03-28 23:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-05-13 05:51 . 2013-06-18 03:53 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-05-13 05:51 . 2013-06-18 03:53 1464320 ----a-w- c:\windows\system32\crypt32.dll2013-05-13 05:51 . 2013-06-18 03:53 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-05-13 05:50 . 2013-06-18 03:53 52224 ----a-w- c:\windows\system32\certenc.dll2013-05-13 04:45 . 2013-06-18 03:53 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-05-13 04:45 . 2013-06-18 03:53 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll2013-05-13 04:45 . 2013-06-18 03:53 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-05-13 03:43 . 2013-06-18 03:53 1192448 ----a-w- c:\windows\system32\certutil.exe2013-05-13 03:08 . 2013-06-18 03:53 903168 ----a-w- c:\windows\SysWow64\certutil.exe2013-05-13 03:08 . 2013-06-18 03:53 43008 ----a-w- c:\windows\SysWow64\certenc.dll2013-05-10 05:49 . 2013-06-18 03:54 30720 ----a-w- c:\windows\system32\cryptdlg.dll2013-05-10 03:20 . 2013-06-18 03:54 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll2013-05-08 06:39 . 2013-06-18 03:54 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-05-02 15:29 . 2010-02-13 04:46 278800 ------w- c:\windows\system32\MpSigStub.exe2013-04-26 05:51 . 2013-06-18 03:54 751104 ----a-w- c:\windows\system32\win32spl.dll2013-04-26 04:55 . 2013-06-18 03:54 492544 ----a-w- c:\windows\SysWow64\win32spl.dll2013-04-25 23:30 . 2013-06-18 03:53 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Spotify Web Helper"="c:\users\Jamaster\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-19 1104384]"Spotify"="c:\users\Jamaster\AppData\Roaming\Spotify\Spotify.exe" [2013-07-19 4640768].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-08-03 685048]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SoftwareSASGeneration"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"RequireSignedAppInit_DLLs"=0 (0x0)"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux2"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver; [x]R2 CLBUDFR;CyberLink UDF Filesystem; [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]R3 AMDRAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe;c:\program files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [x]R3 ATICDSDr;ATICDSDr;c:\users\Jamaster\AppData\Local\Temp\ATICDSDr.sys;c:\users\Jamaster\AppData\Local\Temp\ATICDSDr.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe;c:\program files (x86)\TightVNC\tvnserver.exe [x]S2 Voice Bridge Msg Fwd Admin;Voice Bridge Msg Fwd Admin;c:\program files (x86)\VoiceBridge\VBK TO WAV\VBMsgFwdAdmin\VBMFWebAdminService.exe;c:\program files (x86)\VoiceBridge\VBK TO WAV\VBMsgFwdAdmin\VBMFWebAdminService.exe [x]S2 Voice Bridge Msg Fwding;Voice Bridge Msg Fwding;c:\program files (x86)\VoiceBridge\VBK TO WAV\VBMsgFwd\VBMessageForwardingService.exe;c:\program files (x86)\VoiceBridge\VBK TO WAV\VBMsgFwd\VBMessageForwardingService.exe [x]S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2008-07-30 15:39 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-13 02:51 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-22 03:38].2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 13:28].2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 13:28].2013-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1973264182-3681135313-2161461637-1001Core.job- c:\users\Jamaster\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-11 22:32].2013-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1973264182-3681135313-2161461637-1001UA.job- c:\users\Jamaster\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-11 22:32]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]"VDownloader"="c:\program files\VDownloader\VDownloader.exe" [2013-06-27 873984].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlTCP: DhcpNameServer = 192.168.10.1FF - ProfilePath - c:\users\Jamaster\AppData\Roaming\Mozilla\Firefox\Profiles\mbbfyb1p.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - www.google.comFF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2013-07-02 19:31; lesstabs@lesstabs.com; c:\program files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com.- - - - ORPHANS REMOVED - - - -.HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startAddRemove-{5008FB8C-FA88-4639-75A9-B59E5AACF88C} - c:\progra~3\INSTAL~1\{3E620~1\Setup.exe...[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]@Denied: (2) (LocalSystem)"Progid"="IE.AssocFile.HTM".[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]@Denied: (2) (LocalSystem)"Progid"="IE.AssocFile.HTM".[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]@Denied: (2) (LocalSystem)"Progid"="IE.AssocFile.MHT".[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="IE.AssocFile.MHT".[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]@Denied: (2) (LocalSystem)"Progid"="IE.AssocFile.URL".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe.**************************************************************************.Completion time: 2013-07-20 10:10:26 - machine was rebootedComboFix-quarantined-files.txt 2013-07-20 14:10.Pre-Run: 805,989,171,200 bytes freePost-Run: 805,989,744,640 bytes free.- - End Of File - - 08CCCCE6EFDDA464DD47F3786D2887178F558EB6672622401DA993E1E865C861
  2. attatch.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2Install Date: 2/12/2010 8:17:23 PMSystem Uptime: 7/15/2013 12:08:27 PM (100 hours ago).Motherboard: ASRock | | M3A770DEProcessor: AMD Athlon II X2 245 Processor | CPUSocket | 2893/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 931 GiB total, 716.202 GiB free.D: is FIXED (NTFS) - 932 GiB total, 222.266 GiB free.E: is CDROM ()F: is CDROM (UDF)G: is RemovableH: is RemovableI: is RemovableJ: is RemovableK: is RemovableL: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Device ID: ROOT\NET\0000Manufacturer: Cisco SystemsName: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64PNP Device ID: ROOT\NET\0000Service: vpnva.==== System Restore Points ===================.RP424: 7/5/2013 3:11:49 AM - Windows UpdateRP425: 7/9/2013 3:11:48 AM - Windows UpdateRP426: 7/11/2013 3:00:13 AM - Windows UpdateRP427: 7/15/2013 1:04:31 AM - Windows UpdateRP428: 7/18/2013 4:21:48 PM - Windows Update.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Acrobat.comAdobe AIRAdobe Bridge 1.0Adobe Common File InstallerAdobe Flash Player 10 ActiveXAdobe Flash Player 10 ActiveX 64-bitAdobe Flash Player 11 PluginAdobe Help Center 1.0Adobe Photoshop CS2Adobe Reader X (10.1.7)Adobe Stock Photos 1.0AMD Processor DriverApple Application SupportApple Software UpdateAvery TemplateBrowseToSaveCisco AnyConnect Secure Mobility ClientCisco AnyConnect Secure Mobility Client CyberLink BD Advisor 2.0CyberLink Blu-ray Disc SuiteCyberLink LabelPrintCyberLink Power2GoCyberLink PowerDVDCyberLink PowerProducerCyberLink UDF Reader 5.0D3DX10DivX SetupFacebook Plug-Inffdshow v1.1.3516 [2010-07-25]FileHippo.com Update CheckerGoogle ChromeGoogle Talk PluginGoogle Update HelperIHA_MessageCenterJava 7 Update 25Java Auto UpdaterJava 7 Update 2 (64-bit)LessTabsLightScribe System Software 1.14.19.1Logitech Desktop MessengerLogitech Harmony Remote Software 7Logitech VidLogitech Webcam SoftwareMagic ISO Maker v5.5 (build 0281)Malwarebytes Anti-Malware version 1.75.0.1300Media Player Classic - Home Cinema v. 1.3.1249.0Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional Plus 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Mozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMP3 Cutter 1.1.1MP3 To WAV Decoder version 1.0 r2MSVCRTNapster Download ManagerNortel Networks Desktop Assistant v 1.0Octoshape add-in for Adobe Flash PlayerPFPortChecker 1.0.36PlatformPokerStars.netQuickTimeRAIDXpertRarZilla Free UnrarREALTEK GbE & FE Ethernet PCI-E NIC DriverRemote Control USB DriverSafe SaverSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype™ 6.3SpotifyTightVNC 2.0.4Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596802) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)VBK TO WAVVC80CRTRedist - 8.0.50727.6195VDownloader 3.9.1476VIA Platform Device ManagerVisual Studio 2008 x64 RedistributablesVz In Home AgentWin7codecsWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWinPcap 4.1.1Xvid Video Codec.==== Event Viewer Messages From Past Week ========.7/19/2013 4:21:36 PM, Error: atikmdag [43029] - Display is not active.==== End Of File ===========================
  3. dds.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2Run by Jamaster at 16:26:09 on 2013-07-19Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6109 [GMT -4:00].SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\TightVNC\tvnserver.exeC:\Program Files (x86)\VoiceBridge\VBK TO WAV\VBMsgFwdAdmin\VBMFWebAdminService.exeC:\Program Files (x86)\VoiceBridge\VBK TO WAV\VBMsgFwd\VBMessageForwardingService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Security Client\msseces.exeC:\Users\Jamaster\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exeC:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\splwow64.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [spotify Web Helper] "C:\Users\Jamaster\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [Google Update] "C:\Users\Jamaster\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [spotify] "C:\Users\Jamaster\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartuRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update pluginmRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exemRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimizedmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: SoftwareSASGeneration = dword:1IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.10.1TCP: Interfaces\{09E48FDD-B5F1-4E61-ADBC-99612CC1AED8} : DHCPNameServer = 192.168.10.1TCP: Interfaces\{B7123783-F185-47FD-8551-EAAA514B4809} : DHCPNameServer = 192.168.42.129Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe /silentx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Jamaster\AppData\Roaming\Mozilla\Firefox\Profiles\mbbfyb1p.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - www.google.comFF - prefs.js: network.proxy.type - 0FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Jamaster\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Users\Jamaster\AppData\Roaming\Facebook\npfbplugin_1_0_3.dllFF - plugin: C:\Users\Jamaster\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Jamaster\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\Jamaster\AppData\Roaming\Mozilla\plugins\npo1d.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-07-02 19:31; lesstabs@lesstabs.com; C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-24 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-24 701512]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-5-26 828944]R2 Voice Bridge Msg Fwd Admin;Voice Bridge Msg Fwd Admin;C:\Program Files (x86)\VoiceBridge\VBK TO WAV\VBMsgFwdAdmin\VBMFWebAdminService.exe [2010-3-31 524288]R2 Voice Bridge Msg Fwding;Voice Bridge Msg Fwding;C:\Program Files (x86)\VoiceBridge\VBK TO WAV\VBMsgFwd\VBMessageForwardingService.exe [2010-3-31 524288]R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-8-3 537592]R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-2-14 25928]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-2-13 1120768]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-8-3 107432]S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]S3 AMDRAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [2003-9-29 110592]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-1 20992]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-21 1255736]S4 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 352248].=============== Created Last 30 ================.2013-07-19 13:01:43 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{28A149A5-DB46-43AD-A317-7F04D73ACF15}\mpengine.dll2013-07-19 02:04:01 171512 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\dellopd.ppr.dll2013-07-18 20:22:32 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-07-17 00:35:32 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D64579FC-A8B4-4BD2-838C-7092F6B8B883}\gapaengine.dll2013-07-15 13:33:02 263576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll2013-07-11 07:06:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-07-11 07:06:59 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll2013-07-11 07:06:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll2013-07-11 07:06:58 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-11 07:06:57 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-07-03 03:03:20 -------- d-----w- C:\Windows\ERUNT2013-07-03 03:03:04 -------- d-----w- C:\JRT2013-07-02 23:31:50 -------- d-----w- C:\Users\Jamaster\AppData\Roaming\VDownloader2013-07-02 23:31:35 -------- d-----w- C:\Program Files\WinPcap2013-07-02 23:31:34 444283 ----a-w- C:\Program Files\Common Files\WinPcapNmap.exe2013-07-02 23:31:34 -------- d-----w- C:\Users\Jamaster\AppData\Local\VDownloader2013-07-02 23:31:25 -------- d-----w- C:\Program Files\VDownloader2013-07-02 23:30:55 -------- d-----w- C:\Program Files (x86)\LessTabs2013-07-02 23:30:54 -------- d-----w- C:\Program Files (x86)\Safe Saver2013-07-02 23:28:43 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-07-02 23:28:38 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-21 13:11:32 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52B923F3-E9D8-4E18-9EF4-C96470F49989}\gapaengine.dll.==================== Find3M ====================.2013-07-02 23:28:20 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-06-18 03:38:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-18 03:38:17 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll.============= FINISH: 16:26:32.93 ===============
  4. I started this topic last week: http://forums.malwarebytes.org/index.php?showtopic=128683&hl= the problems seemed resolved, but in the last day or two have come back even worse. tons of adds whenver i use any webrowser, it wont allow any java enabled sites to work, and I cant log into the MWB forums from that PC please advise!
  5. ran JRT and posted the log. browsers seem to be back to normal
  6. JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows 7 Ultimate x64Ran by Jamaster on Tue 07/02/2013 at 23:03:22.21~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Jamaster\appdata\local\{17B3BBCA-A9D6-4D9B-BD30-40225364D6FC}Successfully deleted: [Empty Folder] C:\Users\Jamaster\appdata\local\{29FFC3A8-AAD3-4392-A3F8-92C7AF7B115E}Successfully deleted: [Empty Folder] C:\Users\Jamaster\appdata\local\{51B1FDF8-7EBD-41BD-B280-F90257C9279D}Successfully deleted: [Empty Folder] C:\Users\Jamaster\appdata\local\{A2DE3842-9B52-40F1-958B-63560ED10663}Successfully deleted: [Empty Folder] C:\Users\Jamaster\appdata\local\{CB7A7F5A-9F41-42C2-8C65-0A23814CCEF1} ~~~ FireFox Successfully deleted the following from C:\Users\Jamaster\AppData\Roaming\mozilla\firefox\profiles\mbbfyb1p.default\prefs.js user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.backgroundjs", "\n\n/****************************************************user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.js", "\n\n /************************************************************user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPIuser_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_14.name", "CrossriderUtils");user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regiuser_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){vauser_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resuser_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_78.name", "CrossriderInfo");user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquuser_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_91.code", "(function(e){var l=(function(){var N=0;var V=\"user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.33254.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undeuser_pref("extensions.crossrider.bic", "13fa1ba50ea09ebc456ff950205a558b");Emptied folder: C:\Users\Jamaster\AppData\Roaming\mozilla\firefox\profiles\mbbfyb1p.default\minidumps [10 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 07/02/2013 at 23:07:16.30End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. ran adwcleaner and posted the text above. running JRT now...
  8. adwcleaner[s1].txt # AdwCleaner v2.303 - Logfile created 07/02/2013 at 22:58:30 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Jamaster - ZEUS # Boot Mode : Normal # Running from : C:\Users\Jamaster\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt File Deleted : C:\Users\Jamaster\AppData\Roaming\Mozilla\Firefox\Profiles\mbbfyb1p.default\extensions\freehdsport@freehdsport.tv.xpi File Deleted : C:\Users\Jamaster\AppData\Roaming\Mozilla\Firefox\Profiles\mbbfyb1p.default\extensions\plugin@yontoo.com.xpi Folder Deleted : C:\Program Files (x86)\Yontoo Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\SoftSafe Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Jamaster\AppData\Roaming\Mozilla\Firefox\Profiles\mbbfyb1p.default\extensions\vshare@toolbar Folder Deleted : C:\Users\Jamaster\AppData\Roaming\Mozilla\Firefox\Profiles\mbbfyb1p.default\jetpack ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344324454} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311321154} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311321154} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322322254} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355325554} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366326654} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311321154} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355325554} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366326654} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Jamaster\AppData\Roaming\Mozilla\Firefox\Profiles\mbbfyb1p.default\prefs.js C:\Users\Jamaster\AppData\Roaming\Mozilla\Firefox\Profiles\mbbfyb1p.default\user.js ... Deleted ! Deleted : user_pref("aol_toolbar.default.homepage.check", false); Deleted : user_pref("aol_toolbar.default.search.check", false); Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...] Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...] Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...] Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...] Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers"); Deleted : user_pref("extentions.y2layers.installId", "71f56ca1-2138-4e71-863e-655593783a35"); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); Deleted : user_pref("vshare.install.date", "1286668800000"); Deleted : user_pref("vshare.install.finished", "1.0.0"); Deleted : user_pref("vshare.install.guid", "{c444ecfd-ea4c-481b-8058-930dcd07288e}"); Deleted : user_pref("vshare.install.isHidden", true); Deleted : user_pref("vshare.install.laststatreq", "1324512000000"); Deleted : user_pref("vshare.install.newtab", false); File : C:\Users\DTS\AppData\Roaming\Mozilla\Firefox\Profiles\x18y3mty.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.63 File : C:\Users\Jamaster\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\DTS\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [8628 octets] - [02/07/2013 22:58:30] ########## EOF - C:\AdwCleaner[s1].txt - [8688 octets] ##########
  9. Also, I'm unable to log in and post from the infected computer... it seems to have hijacked the malwarebytes webpage and when you click log in it just kills the pop up.
  10. dds.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2 Run by Jamaster at 22:35:09 on 2013-07-02 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6015 [GMT -4:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\TightVNC\tvnserver.exe C:\Program Files (x86)\VoiceBridge\VBK TO WAV\VBMsgFwdAdmin\VBMFWebAdminService.exe C:\Program Files (x86)\VoiceBridge\VBK TO WAV\VBMsgFwd\VBMessageForwardingService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Users\Jamaster\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\calc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Safe Saver: {11111111-1111-1111-1111-110311321154} - C:\Program Files (x86)\Safe Saver\Safe Saver-bho.dll BHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll uRun: [spotify Web Helper] "C:\Users\Jamaster\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [Google Update] "C:\Users\Jamaster\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [spotify] "C:\Users\Jamaster\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: SoftwareSASGeneration = dword:1 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.10.1 TCP: Interfaces\{09E48FDD-B5F1-4E61-ADBC-99612CC1AED8} : DHCPNameServer = 192.168.10.1 TCP: Interfaces\{B7123783-F185-47FD-8551-EAAA514B4809} : DHCPNameServer = 192.168.42.129 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\progra~2\browse~1\sprote~1.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe /silent x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jamaster\AppData\Roaming\Mozilla\Firefox\Profiles\mbbfyb1p.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Jamaster\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Users\Jamaster\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Users\Jamaster\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Jamaster\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Jamaster\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-07-02 19:31; lesstabs@lesstabs.com; C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com FF - ExtSQL: !HIDDEN! 2013-07-02 19:31; lesstabs@lesstabs.com; C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: extentions.y2layers.installId - 71f56ca1-2138-4e71-863e-655593783a35 FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers . FF - user.js: extensions.autoDisableScopes - 14 . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-24 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-24 701512] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008] R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-5-26 828944] R2 Voice Bridge Msg Fwd Admin;Voice Bridge Msg Fwd Admin;C:\Program Files (x86)\VoiceBridge\VBK TO WAV\VBMsgFwdAdmin\VBMFWebAdminService.exe [2010-3-31 524288] R2 Voice Bridge Msg Fwding;Voice Bridge Msg Fwding;C:\Program Files (x86)\VoiceBridge\VBK TO WAV\VBMsgFwd\VBMessageForwardingService.exe [2010-3-31 524288] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-8-3 537592] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704] R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-2-14 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-2-13 1120768] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-8-3 107432] S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264] S3 AMDRAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [2003-9-29 110592] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-1 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-21 1255736] S4 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 352248] . =============== Created Last 30 ================ . 2013-07-02 23:31:50 -------- d-----w- C:\Users\Jamaster\AppData\Roaming\VDownloader 2013-07-02 23:31:35 -------- d-----w- C:\Program Files\WinPcap 2013-07-02 23:31:34 444283 ----a-w- C:\Program Files\Common Files\WinPcapNmap.exe 2013-07-02 23:31:34 -------- d-----w- C:\Users\Jamaster\AppData\Local\VDownloader 2013-07-02 23:31:25 -------- d-----w- C:\Program Files\VDownloader 2013-07-02 23:30:55 -------- d-----w- C:\Program Files (x86)\LessTabs 2013-07-02 23:30:54 -------- d-----w- C:\Program Files (x86)\Safe Saver 2013-07-02 23:28:43 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-07-02 23:28:38 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-02 06:26:04 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{713EBF07-EB6C-492E-8309-73B13CE7B3FB}\mpengine.dll 2013-07-02 04:33:59 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-30 00:28:11 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-06-21 13:11:32 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52B923F3-E9D8-4E18-9EF4-C96470F49989}\gapaengine.dll 2013-06-18 07:01:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-06-18 03:54:11 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-18 03:54:10 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-06-18 03:54:10 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-06-18 03:54:06 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-06-18 03:54:06 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-06-18 03:54:04 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-06-18 03:54:04 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-06-18 03:53:59 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-06-18 03:53:59 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-06-18 03:53:58 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-06-18 03:53:58 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-06-18 03:53:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-06-18 03:53:58 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-06-18 03:53:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-06-18 03:53:58 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-06-18 03:53:58 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-06-18 03:53:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-06-18 03:53:52 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-06-18 03:53:52 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll . ==================== Find3M ==================== . 2013-07-02 23:28:20 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-18 03:38:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-18 03:38:17 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 22:35:43.37 ===============
  11. attatch.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 2/12/2010 8:17:23 PM System Uptime: 7/2/2013 10:04:34 PM (0 hours ago) . Motherboard: ASRock | | M3A770DE Processor: AMD Athlon II X2 245 Processor | CPUSocket | 2893/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 740.069 GiB free. D: is FIXED (NTFS) - 932 GiB total, 222.266 GiB free. E: is CDROM () F: is CDROM (UDF) G: is Removable H: is Removable I: is Removable J: is Removable K: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . RP421: 6/28/2013 8:28:26 AM - Windows Update RP422: 7/2/2013 12:33:18 AM - Windows Update RP423: 7/2/2013 7:27:48 PM - Installed Java 7 Update 25 . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 ActiveX 64-bit Adobe Flash Player 11 Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader X (10.1.7) Adobe Stock Photos 1.0 AMD Processor Driver Apple Application Support Apple Software Update Avery Template BrowseToSave Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client CyberLink BD Advisor 2.0 CyberLink Blu-ray Disc Suite CyberLink LabelPrint CyberLink Power2Go CyberLink PowerDVD CyberLink PowerProducer CyberLink UDF Reader 5.0 D3DX10 DivX Setup Download Updater (AOL LLC) Facebook Plug-In ffdshow v1.1.3516 [2010-07-25] FileHippo.com Update Checker FirstRowSportApp Google Chrome Google Talk Plugin Google Update Helper IHA_MessageCenter Java 7 Update 25 Java Auto Updater Java 7 Update 2 (64-bit) LessTabs LightScribe System Software 1.14.19.1 Logitech Desktop Messenger Logitech Harmony Remote Software 7 Logitech Vid Logitech Webcam Software Magic ISO Maker v5.5 (build 0281) Malwarebytes Anti-Malware version 1.75.0.1300 Media Player Classic - Home Cinema v. 1.3.1249.0 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MP3 Cutter 1.1.1 MP3 To WAV Decoder version 1.0 r2 MSVCRT Napster Download Manager Nortel Networks Desktop Assistant v 1.0 Octoshape add-in for Adobe Flash Player PFPortChecker 1.0.36 Platform PokerStars.net QuickTime RAIDXpert RarZilla Free Unrar REALTEK GbE & FE Ethernet PCI-E NIC Driver Remote Control USB Driver Safe Saver Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype™ 6.3 Spotify TightVNC 2.0.4 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VBK TO WAV VC80CRTRedist - 8.0.50727.6195 VDownloader 3.9.1476 VIA Platform Device Manager Visual Studio 2008 x64 Redistributables Vz In Home Agent Win7codecs Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinPcap 4.1.1 Xvid Video Codec Yontoo 1.10.02 . ==== Event Viewer Messages From Past Week ======== . 7/2/2013 9:44:39 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/2/2013 9:44:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/2/2013 9:44:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/2/2013 9:44:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/2/2013 9:44:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/2/2013 8:18:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6 7/2/2013 10:04:52 PM, Error: Service Control Manager [7000] - The CyberLink UDF Filesystem service failed to start due to the following error: This driver has been blocked from loading 7/2/2013 10:04:52 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter 7/2/2013 10:04:52 PM, Error: atikmdag [43029] - Display is not active 7/2/2013 10:04:52 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\CLBUDFR.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 7/2/2013 10:04:43 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 7/2/2013 10:04:43 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\CLBStor.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 7/2/2013 10:03:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 7/2/2013 10:03:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 7/2/2013 10:00:32 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/30/2013 11:28:19 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
  12. I have the full/paid/pro version of malware bytes. Recently both firefox and chrome have become infected with tons of adds, banners, and redirects. I updated malwarebytes and ran a scan. it found nothing. I tried running the software as an adminstrator and in safe mode, both methods still did not find anything. Please advise on what steps i should take from here -Jason
  13. I have been having an issue with my computer. I seem to have gotten a trojan. It disguises it self as iexplore.exe and services.exe. Internet explorer runs in the backround and plays audio of all kinds of ads. it also causes my computer to freeze if i leave it idle. i can kill the process, but it just respawns. same with services.exe. It seems like the trojan got in through an exploit in wmp or iexplorer as i hadnt run those security updates in a while(doh!) Anyhow, I tried running various adware/virus scans, but i am unable to. if i try and run malwarebytes,mcafee,norton,hijack this, avp, etc this trojan will stop the program from running, then make its directory read only prevent it from being run again. this also happens in safe mode.... I tried renaming the directories and executable files, but it didnt help any. I tried the web base virus scans, but the computer froze whenever i did. i tried combing through the registry, but couldnt find anything of note. I tried following the instructions posted by prariedog i was unable to do this in either normal or safe mode. When i run malwarebytes, it is immediately shut down, and its file and directory are made read only, which prevents me from running it again. i tried re-installing and renaming the file and directory, but that didnt help, so i was unable to run the scan. same issue with hijack this, i run it, it closes, its made read only and i can not run it again after that. same issue with mcafee, norton, and all the other stuff. running in safe mode yields the same results.... I saw another thread here with a file to check the master boot record. i ran it based on the instructions and here was the result: C:\WINDOWS>mbr.exe -t Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net device: opened successfully user: error reading MBR called modules: ntoskrnl.exe >>UNKNOWN [0x8A62AC92]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x8a6bab80 Warning: possible MBR rootkit infection ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. C:\WINDOWS>mbr .exe -f Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net device: opened successfully user: error reading MBR kernel: MBR read successfully not sure if that helps any, but running the mbr,.exe -f command didnt help.
  14. I have been having an issue with my computer. I seem to have gotten a trojan. It disguises it self as iexplore.exe and services.exe. Internet explorer runs in the backround and plays audio of all kinds of ads. i can kill the process, but it just respawns. same with services.exe. It seems like the trojan got in through an exploit in wmp or iexplorer as i hadnt run those security updates in a while(doh!) Anyhow, I tried running various adware/virus scans, but i am unable to. if i try and run malwarebytes,mcafee,norton,hijack this, avp, etc this trojan will stop the program from running, then make its directory read only prevent it from being run again. this also happens in safe mode.... I tried renaming the directories and executable files, but it didnt help any. I tried the web base virus scans, but the computer froze whenever i did. i tried combing through the registry, but couldnt find anything of note. I saw another thread hear with a file to check the master boot record. i ran it based on the instructions and here was the result: C:\WINDOWS>mbr.exe -t Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net device: opened successfully user: error reading MBR called modules: ntoskrnl.exe >>UNKNOWN [0x8A62AC92]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x8a6bab80 Warning: possible MBR rootkit infection ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. C:\WINDOWS>mbr .exe -f Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net device: opened successfully user: error reading MBR kernel: MBR read successfully i assume this is part of my problem, but not sure where to go from here. running the mbr.exe -f fix command didnt seem to do anything.... any help would be appreciated, id prefer not to reformat/re-install if can avoid it as i have a ton of software and subscriptions on here that i cant really back up
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.