Jump to content

PUP.Bitminer/PING.Exe virus


Recommended Posts

Hi there, after buying and using a new laptop for less than a couple of weeks I seem to have picked up the PUP.Bitminer virus that several people on this forum also seem to be getting. I used the removal methods that usually work for me with no problem--MBAM scans in safe mode, and Rkill to end the registry process--but upon restarting and rescanning this PUP.Bitminer virus keeps sticking around. In my task manager the PING.EXE process is running and consuming a good amount of my CPU. If you could help me with removing this virus, I will climb Mt. Rushmore and inscribe your face next to Lincoln's!

I'm sure that you guys are very busy, and I apologize for "bumping" this thread, but if you could help me out I would very much appreciate it. Looking through other posts, it looks like I made an error in attaching my log files, so I will copy both of them into this post. Again, I don't mean to come across as impatient!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by VALIS at 16:35:57 on 2011-12-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3494 [GMT -6:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [<NO NAME>]

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1 68.94.156.1

TCP: Interfaces\{0A04A8FE-4085-42C0-B375-D1F513AB3BFB} : DhcpNameServer = 192.168.0.1 68.94.156.1

TCP: Interfaces\{C954445D-0A4F-4531-BC8F-0DEAFF825265} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{C954445D-0A4F-4531-BC8F-0DEAFF825265}\2656C6B696E6E2036323 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{C954445D-0A4F-4531-BC8F-0DEAFF825265}\3416D60757370245F677E60213 : DhcpNameServer = 10.0.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [(Default)]

mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\VALIS\AppData\Roaming\Mozilla\Firefox\Profiles\sjyw0ah9.default\

FF - prefs.js: browser.startup.homepage - Google.com

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-18 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-8-29 514232]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-18 2375168]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-12-11 03:21:26 -------- d--h--w- C:\_Exception1

2011-12-10 15:56:05 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-12-10 15:55:46 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-12-09 03:20:54 -------- d-----w- C:\Users\VALIS\AppData\Local\CyberLink

2011-12-08 00:32:31 -------- d-----w- C:\ProgramData\VirtualizedApplications

2011-12-07 13:24:14 -------- d-----w- C:\Users\VALIS\AppData\Local\CrashDumps

2011-12-07 13:22:41 -------- d-----w- C:\Users\VALIS\AppData\Roaming\SoftGrid Client

2011-12-07 13:22:41 -------- d-----w- C:\Users\VALIS\AppData\Local\SoftGrid Client

2011-12-07 13:21:12 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2011-12-07 13:20:59 -------- d-----w- C:\Users\VALIS\AppData\Roaming\TP

2011-12-07 00:26:21 -------- d-----w- C:\Users\VALIS\AppData\Local\Activision

2011-12-06 13:20:23 -------- d-----we C:\Windows\system64

2011-12-06 13:20:02 291840 ----a-w- C:\Users\VALIS\AppData\Local\bnn.exe

2011-12-05 05:25:00 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro

2011-12-04 18:00:57 -------- d-----w- C:\Users\VALIS\AppData\Roaming\IrfanView

2011-12-04 18:00:57 -------- d-----w- C:\Program Files (x86)\IrfanView

2011-12-04 05:30:40 -------- d-----w- C:\ProgramData\Premium

2011-12-04 05:30:39 -------- d-----w- C:\ProgramData\InstallMate

2011-12-03 20:35:32 -------- d-----w- C:\Windows\SysWow64\Wat

2011-12-03 20:35:32 -------- d-----w- C:\Windows\System32\Wat

2011-12-03 17:08:23 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-12-03 16:37:47 -------- d-----w- C:\Users\VALIS\AppData\Local\dxhr

2011-12-03 16:37:06 -------- d-----w- C:\Users\VALIS\AppData\Local\28050

2011-12-03 11:54:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-03 11:54:38 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-03 11:52:12 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-12-03 11:52:11 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-12-03 11:52:11 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-12-03 11:50:59 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-12-03 11:50:32 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-12-03 11:50:32 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-12-03 11:48:27 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-12-03 11:46:42 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-12-03 11:46:42 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-12-03 11:46:42 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-12-03 11:46:42 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-12-03 11:38:46 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-12-03 11:38:46 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-12-03 11:38:46 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-12-03 11:38:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-12-03 11:38:46 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-12-03 11:17:48 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-12-03 11:17:48 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-12-03 11:17:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-12-03 11:17:48 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-12-03 09:28:17 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-12-03 09:28:09 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F481493-0DAC-4388-802B-191EBAF6E9F7}\mpengine.dll

2011-12-03 04:11:59 -------- d-----w- C:\Users\VALIS\AppData\Local\LogMeIn Hamachi

2011-12-03 04:11:45 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2011-12-03 03:39:22 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll

2011-12-03 03:39:22 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll

2011-12-03 03:39:21 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll

2011-12-03 03:39:21 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

2011-12-03 03:39:21 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll

2011-12-03 03:39:21 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll

2011-12-03 03:39:21 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll

2011-12-03 03:39:14 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2011-12-03 02:18:22 1660232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll

2011-12-03 01:44:29 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2011-12-03 01:44:27 -------- d-----w- C:\Program Files (x86)\Steam

2011-12-03 01:41:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-03 01:36:20 -------- d-----w- C:\Users\VALIS\AppData\Roaming\Malwarebytes

2011-12-03 01:35:25 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-03 01:35:22 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-03 01:35:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-03 00:59:34 -------- d-----w- C:\Users\VALIS\AppData\Local\AMD

2011-12-03 00:59:25 -------- d-----w- C:\Users\VALIS\AppData\Local\ATI

2011-12-03 00:58:24 -------- d-----w- C:\Users\VALIS\AppData\Roaming\Synaptics

2011-12-03 00:57:43 -------- d-----w- C:\Users\VALIS\AppData\Roaming\hpqlog

2011-12-03 00:57:38 -------- d-----w- C:\Users\VALIS\AppData\Local\RemEngine

2011-12-03 00:55:51 -------- d-----w- C:\Users\VALIS\AppData\Local\VirtualStore

2011-12-03 00:51:44 -------- d-----w- C:\Users\VALIS\AppData\Local\Hewlett-Packard

2011-12-03 00:51:31 -------- d-----w- C:\Users\VALIS\AppData\Local\Hewlett-Packard_Company

.

==================== Find3M ====================

.

2011-10-19 06:11:16 31744 ----a-w- C:\Windows\System32\drivers\usbrpm.sys

2011-10-19 05:33:55 0 ----a-w- C:\Windows\ativpsrm.bin

.

============= FINISH: 16:36:37.66 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/2/2011 6:49:41 PM

System Uptime: 12/13/2011 4:20:54 PM (0 hours ago)

.

Motherboard: Hewlett-Packard | | 358B

Processor: AMD A8-3500M APU with Radeon HD Graphics | Socket FS1 | 1500/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 449 GiB total, 390.707 GiB free.

D: is FIXED (NTFS) - 17 GiB total, 1.857 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP11: 12/6/2011 6:24:17 PM - Installed DirectX

RP12: 12/7/2011 8:13:55 AM - Windows Update

RP13: 12/10/2011 9:49:15 AM - Windows Update

RP14: 12/11/2011 1:56:48 AM - Windows Update

.

==== Installed Programs ======================

.

ActiveCheck component for HP Active Support Library

Adobe Flash Player 10 ActiveX

Adobe Reader X MUI

Adobe Shockwave Player 11.5

AMD System Monitor

AMD VISION Engine Control Center

Bing Bar

Blio

Call of Duty: Black Ops - Multiplayer

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CyberLink YouCam

D3DX10

Deus Ex: Human Revolution

Energy Star Digital Logo

ESU for Microsoft Windows 7

Evernote v. 4.2.2

HP Connection Manager

HP Customer Experience Enhancements

HP DVB-T TV Tuner 8.0.64.43

HP MovieStore

HP On Screen Display

HP Power Manager

HP Quick Launch

HP Setup

HP Setup Manager

HP SimplePass 2011

HP Software Framework

HP Support Assistant

HPAsset component for HP Active Support Library

IDT Audio

IrfanView (remove only)

Java Auto Updater

Java 6 Update 24

Junk Mail filter update

LogMeIn Hamachi

Magic Desktop

Malwarebytes' Anti-Malware version 1.51.2.1300

Mesh Runtime

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

Mozilla Firefox 8.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PlayReady PC Runtime x86

Ralink RT5390 802.11b/g/n WiFi Adapter

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Recovery Manager

RoxioNow Player

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Steam

Terraria

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

12/9/2011 3:18:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.

12/8/2011 5:06:37 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/8/2011 5:06:37 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/8/2011 5:06:37 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/8/2011 5:06:37 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/8/2011 5:06:37 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/8/2011 5:06:37 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/8/2011 5:06:37 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/8/2011 5:06:37 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/8/2011 5:06:37 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/8/2011 5:06:37 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/7/2011 7:50:55 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

12/7/2011 7:50:55 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

12/6/2011 4:13:32 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 4:13:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/6/2011 4:13:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/6/2011 4:13:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/6/2011 4:13:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/6/2011 4:13:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

12/6/2011 4:13:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 4:12:10 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243

12/13/2011 4:23:24 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

12/13/2011 4:21:22 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

12/13/2011 4:21:16 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

12/13/2011 4:21:16 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

12/10/2011 8:12:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

12/10/2011 8:12:26 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/10/2011 6:41:37 PM, Error: Microsoft Antimalware [3002] -

12/10/2011 10:07:31 AM, Error: Service Control Manager [7022] - The Server service hung on starting.

12/10/2011 10:07:31 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

.

==== End Of File ===========================

DDS.txt

Attach.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Thank you for the quick response! Here's the MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122301

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/22/2011 6:25:07 PM

mbam-log-2011-12-22 (18-25-07).txt

Scan type: Quick scan

Objects scanned: 170766

Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And the Combofix log:

ComboFix 11-12-22.04 - VALIS 12/22/2011 18:29:47.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3755 [GMT -6:00]

Running from: c:\users\VALIS\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender

c:\users\VALIS\AppData\Local\bnn.exe

c:\windows\system32\consrv.dll

c:\windows\system32\java.exe

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))

.

.

2011-12-23 00:42 . 2011-12-23 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-22 19:03 . 2011-12-22 19:03 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-12-20 00:00 . 2011-12-20 00:00 -------- d-----w- c:\program files (x86)\bitComposer Games

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-12-19 23:45 . 2011-12-19 23:45 -------- d-----w- c:\program files (x86)\QuickTime

2011-12-19 23:45 . 2011-12-19 23:45 -------- d-----w- c:\programdata\Apple Computer

2011-12-19 23:44 . 2011-12-19 23:44 -------- d-----w- c:\program files (x86)\Common Files\Apple

2011-12-19 23:44 . 2011-12-19 23:44 -------- d-----w- c:\programdata\Apple

2011-12-19 23:44 . 2011-12-19 23:44 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-12-16 23:59 . 2011-12-17 00:00 -------- d-----w- c:\windows\WindowsMobile

2011-12-13 22:28 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-13 22:28 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-13 22:28 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-13 22:28 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-13 22:28 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-13 22:28 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-11 03:21 . 2011-12-11 03:30 -------- d-----w- C:\_Exception1

2011-12-10 15:56 . 2011-12-10 15:56 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-12-10 15:55 . 2011-12-11 04:03 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-09 03:21 . 2011-12-09 03:21 -------- d-----w- c:\programdata\CyberLink

2011-12-09 03:20 . 2011-12-09 03:20 -------- d-----w- c:\users\Public\CyberLink

2011-12-08 00:32 . 2011-12-08 00:34 -------- d-----w- c:\programdata\VirtualizedApplications

2011-12-07 13:27 . 2011-12-07 13:27 -------- d-----r- C:\MSOCache

2011-12-07 13:21 . 2011-12-15 16:00 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2011-12-05 05:25 . 2011-12-05 05:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2011-12-04 18:00 . 2011-12-04 18:00 -------- d-----w- c:\program files (x86)\IrfanView

2011-12-04 05:30 . 2011-12-04 05:30 -------- d-----w- c:\programdata\Premium

2011-12-04 05:30 . 2011-12-04 05:30 -------- d-----w- c:\programdata\InstallMate

2011-12-03 23:01 . 2011-12-03 23:01 -------- d-----w- c:\programdata\LogiShrd

2011-12-03 23:01 . 2011-12-03 23:01 -------- d-----w- c:\program files\Common Files\LogiShrd

2011-12-03 20:35 . 2011-12-03 20:35 -------- d-----w- c:\windows\SysWow64\Wat

2011-12-03 20:35 . 2011-12-03 20:35 -------- d-----w- c:\windows\system32\Wat

2011-12-03 17:08 . 2011-12-03 17:08 -------- d-----w- c:\program files (x86)\MSXML 4.0

2011-12-03 11:53 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-12-03 11:52 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-12-03 11:52 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-03 11:52 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-12-03 11:50 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-12-03 11:50 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll

2011-12-03 11:50 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-12-03 11:46 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-12-03 11:46 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-12-03 11:46 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-12-03 11:46 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-12-03 11:38 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-12-03 11:38 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-12-03 11:38 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-12-03 11:38 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-12-03 11:38 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-12-03 11:17 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-12-03 11:17 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-12-03 11:17 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-12-03 11:17 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-12-03 09:28 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F481493-0DAC-4388-802B-191EBAF6E9F7}\mpengine.dll

2011-12-03 04:11 . 2011-12-03 04:11 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2011-12-03 03:39 . 2010-02-04 16:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll

2011-12-03 03:39 . 2010-02-04 16:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll

2011-12-03 03:39 . 2010-02-04 16:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll

2011-12-03 03:39 . 2010-02-04 16:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll

2011-12-03 03:39 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2011-12-03 03:39 . 2007-04-05 00:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll

2011-12-03 03:39 . 2007-03-12 22:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll

2011-12-03 03:39 . 2011-12-03 03:39 -------- d-----w- c:\program files (x86)\Microsoft XNA

2011-12-03 01:44 . 2011-12-11 15:40 -------- d-----w- c:\program files (x86)\Common Files\Steam

2011-12-03 01:44 . 2011-12-22 23:54 -------- d-----w- c:\program files (x86)\Steam

2011-12-03 01:41 . 2011-12-03 01:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-03 01:41 . 2011-12-03 01:41 -------- d-----w- c:\windows\system32\Macromed

2011-12-03 01:35 . 2011-12-03 01:35 -------- d-----w- c:\programdata\Malwarebytes

2011-12-03 01:35 . 2011-12-03 01:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-03 01:35 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-03 00:49 . 2011-12-11 02:11 -------- d-----w- c:\users\VALIS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-03 08:44 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-11-10 11:54 . 2011-08-30 01:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-10-19 06:11 . 2011-10-19 06:11 31744 ----a-w- c:\windows\system32\drivers\usbrpm.sys

2011-10-19 05:31 . 2011-10-19 05:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-10-19 05:31 . 2011-10-19 05:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-10-19 05:31 . 2011-10-19 05:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-10-19 05:31 . 2011-10-19 05:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-10-19 05:31 . 2011-10-19 05:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-10-19 05:31 . 2011-10-19 05:31 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-10-19 05:31 . 2011-10-19 05:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-10-19 05:31 . 2011-10-19 05:31 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-10-19 05:31 . 2011-10-19 05:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-10-19 05:31 . 2011-10-19 05:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-10-19 05:31 . 2011-10-19 05:31 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-10-19 05:31 . 2011-10-19 05:31 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-10-19 05:31 . 2011-10-19 05:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-10-19 05:31 . 2011-10-19 05:31 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-10-19 05:31 . 2011-10-19 05:31 448512 ----a-w- c:\windows\system32\html.iec

2011-10-19 05:31 . 2011-10-19 05:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-10-19 05:31 . 2011-10-19 05:31 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-10-19 05:31 . 2011-10-19 05:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-10-19 05:31 . 2011-10-19 05:31 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-10-19 05:31 . 2011-10-19 05:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-10-19 05:31 . 2011-10-19 05:31 222208 ----a-w- c:\windows\system32\msls31.dll

2011-10-19 05:31 . 2011-10-19 05:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-10-19 05:31 . 2011-10-19 05:31 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-10-19 05:31 . 2011-10-19 05:31 160256 ----a-w- c:\windows\system32\wextract.exe

2011-10-19 05:31 . 2011-10-19 05:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-10-19 05:31 . 2011-10-19 05:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-10-19 05:31 . 2011-10-19 05:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-10-19 05:31 . 2011-10-19 05:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-10-19 05:31 . 2011-10-19 05:31 12288 ----a-w- c:\windows\system32\mshta.exe

2011-10-19 05:31 . 2011-10-19 05:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-10-19 05:31 . 2011-10-19 05:31 114176 ----a-w- c:\windows\system32\admparse.dll

2011-10-19 05:31 . 2011-10-19 05:31 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-10-19 05:31 . 2011-10-19 05:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-10-19 05:31 . 2011-10-19 05:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-03 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"combofix"="c:\combofix\CF13862.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

FF - ProfilePath - c:\users\VALIS\AppData\Roaming\Mozilla\Firefox\Profiles\sjyw0ah9.default\

FF - prefs.js: browser.startup.homepage - Google.com

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,

81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Completion time: 2011-12-22 19:09:20 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-23 01:09

.

Pre-Run: 411,273,875,456 bytes free

Post-Run: 411,250,630,656 bytes free

.

- - End Of File - - 2D64C85532ABB7772502BA0CF93C430A

And the DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by VALIS at 19:15:46 on 2011-12-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.4389 [GMT -6:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: Interfaces\{0A04A8FE-4085-42C0-B375-D1F513AB3BFB} : DhcpNameServer = 192.168.0.1 68.94.156.1

TCP: Interfaces\{C954445D-0A4F-4531-BC8F-0DEAFF825265} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{C954445D-0A4F-4531-BC8F-0DEAFF825265}\3416D60757370245F677E60213 : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{C954445D-0A4F-4531-BC8F-0DEAFF825265}\94E45445D234166656 : DhcpNameServer = 204.117.214.10 199.2.252.10 204.97.212.10

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\VALIS\AppData\Roaming\Mozilla\Firefox\Profiles\sjyw0ah9.default\

FF - prefs.js: browser.startup.homepage - Google.com

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-18 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-8-29 514232]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-18 2375168]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-12-23 01:14:30 -------- d-sh--w- C:\$RECYCLE.BIN

2011-12-23 00:27:54 98816 ----a-w- C:\Windows\sed.exe

2011-12-23 00:27:54 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-23 00:27:54 256000 ----a-w- C:\Windows\PEV.exe

2011-12-23 00:27:54 208896 ----a-w- C:\Windows\MBR.exe

2011-12-20 00:00:40 -------- d-----w- C:\Program Files (x86)\bitComposer Games

2011-12-19 23:45:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-12-19 23:45:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-12-19 23:45:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-12-19 23:45:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-12-19 23:45:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-12-19 23:45:58 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-12-19 23:45:58 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-12-19 23:44:46 -------- d-----w- C:\Users\VALIS\AppData\Local\Apple

2011-12-16 23:59:12 -------- d-----w- C:\Windows\WindowsMobile

2011-12-13 22:28:05 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-13 22:28:05 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-13 22:28:04 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-13 22:28:04 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-13 22:28:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-13 22:28:01 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-11 03:21:26 -------- d-----w- C:\_Exception1

2011-12-10 15:56:05 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-12-10 15:55:46 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-12-09 03:20:54 -------- d-----w- C:\Users\VALIS\AppData\Local\CyberLink

2011-12-08 00:32:31 -------- d-----w- C:\ProgramData\VirtualizedApplications

2011-12-07 13:24:14 -------- d-----w- C:\Users\VALIS\AppData\Local\CrashDumps

2011-12-07 13:22:41 -------- d-----w- C:\Users\VALIS\AppData\Roaming\SoftGrid Client

2011-12-07 13:22:41 -------- d-----w- C:\Users\VALIS\AppData\Local\SoftGrid Client

2011-12-07 13:21:12 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2011-12-07 13:20:59 -------- d-----w- C:\Users\VALIS\AppData\Roaming\TP

2011-12-07 00:26:21 -------- d-----w- C:\Users\VALIS\AppData\Local\Activision

2011-12-05 05:25:00 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro

2011-12-04 18:00:57 -------- d-----w- C:\Users\VALIS\AppData\Roaming\IrfanView

2011-12-04 18:00:57 -------- d-----w- C:\Program Files (x86)\IrfanView

2011-12-04 05:30:40 -------- d-----w- C:\ProgramData\Premium

2011-12-04 05:30:39 -------- d-----w- C:\ProgramData\InstallMate

2011-12-03 20:35:32 -------- d-----w- C:\Windows\SysWow64\Wat

2011-12-03 20:35:32 -------- d-----w- C:\Windows\System32\Wat

2011-12-03 17:08:23 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-12-03 16:37:47 -------- d-----w- C:\Users\VALIS\AppData\Local\dxhr

2011-12-03 16:37:06 -------- d-----w- C:\Users\VALIS\AppData\Local\28050

2011-12-03 11:53:55 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-12-03 11:52:12 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-12-03 11:52:11 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-12-03 11:52:11 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-12-03 11:50:59 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-12-03 11:50:32 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-12-03 11:50:32 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-12-03 11:46:42 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-12-03 11:46:42 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-12-03 11:46:42 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-12-03 11:46:42 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-12-03 11:38:46 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-12-03 11:38:46 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-12-03 11:38:46 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-12-03 11:38:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-12-03 11:38:46 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-12-03 11:17:48 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-12-03 11:17:48 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-12-03 11:17:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-12-03 11:17:48 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-12-03 09:28:17 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-12-03 09:28:09 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F481493-0DAC-4388-802B-191EBAF6E9F7}\mpengine.dll

2011-12-03 04:11:59 -------- d-----w- C:\Users\VALIS\AppData\Local\LogMeIn Hamachi

2011-12-03 04:11:45 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2011-12-03 03:39:22 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll

2011-12-03 03:39:22 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll

2011-12-03 03:39:21 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll

2011-12-03 03:39:21 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

2011-12-03 03:39:21 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll

2011-12-03 03:39:21 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll

2011-12-03 03:39:21 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll

2011-12-03 03:39:14 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2011-12-03 02:18:22 1660232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll

2011-12-03 01:44:29 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2011-12-03 01:44:27 -------- d-----w- C:\Program Files (x86)\Steam

2011-12-03 01:41:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-03 01:36:20 -------- d-----w- C:\Users\VALIS\AppData\Roaming\Malwarebytes

2011-12-03 01:35:25 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-03 01:35:22 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-03 01:35:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-03 00:59:34 -------- d-----w- C:\Users\VALIS\AppData\Local\AMD

2011-12-03 00:59:25 -------- d-----w- C:\Users\VALIS\AppData\Local\ATI

2011-12-03 00:58:24 -------- d-----w- C:\Users\VALIS\AppData\Roaming\Synaptics

2011-12-03 00:57:43 -------- d-----w- C:\Users\VALIS\AppData\Roaming\hpqlog

2011-12-03 00:57:38 -------- d-----w- C:\Users\VALIS\AppData\Local\RemEngine

2011-12-03 00:55:51 -------- d-----w- C:\Users\VALIS\AppData\Local\VirtualStore

2011-12-03 00:51:44 -------- d-----w- C:\Users\VALIS\AppData\Local\Hewlett-Packard

2011-12-03 00:51:31 -------- d-----w- C:\Users\VALIS\AppData\Local\Hewlett-Packard_Company

.

==================== Find3M ====================

.

2011-11-10 11:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-10-19 06:11:16 31744 ----a-w- C:\Windows\System32\drivers\usbrpm.sys

2011-10-19 05:33:55 0 ----a-w- C:\Windows\ativpsrm.bin

.

============= FINISH: 19:17:31.51 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

The first Combofix scan seemed to kill the PING.EXE process entirely, much to my (and my cpu's) relief. The ESET scan log removed a few trojans that I did not even know were on the computer. I ran a MBAM full scan, though, and the PUP.Bitminer.exe trojan is still there, in the same location on my PC. I posted the log last. As far as I know, that's the only remaining threat.

Here's the ESET scan log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

And the Security Check log:

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 30

Mozilla Firefox 8.0.1 Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

ESET ESET Online Scanner OnlineCmdLineScanner.exe

``````````End of Log````````````

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122308

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/23/2011 12:12:38 PM

mbam-log-2011-12-23 (12-12-25).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 325501

Time elapsed: 31 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> No action taken.

Link to post
Share on other sites

My apologies as well, I was out of town for the holiday. Here are the MBAM and Combofix logs:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.29.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

VALIS :: VALIS-HP [administrator]

12/29/2011 12:32:31 PM

mbam-log-2011-12-29 (12-32-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 175171

Time elapsed: 3 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ComboFix 11-12-29.04 - VALIS 12/29/2011 12:39:05.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.4144 [GMT -6:00]

Running from: c:\users\VALIS\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))

.

.

2011-12-29 18:51 . 2011-12-29 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-28 21:38 . 2011-12-28 21:38 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine

2011-12-28 21:37 . 2011-12-28 21:37 -------- d-----w- c:\program files\DivX

2011-12-28 21:37 . 2011-12-28 21:37 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared

2011-12-28 21:35 . 2011-12-28 21:38 -------- d-----w- c:\program files (x86)\DivX

2011-12-28 21:33 . 2011-12-28 21:38 -------- d-----w- c:\programdata\DivX

2011-12-28 04:32 . 2011-12-29 06:36 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-12-28 04:30 . 2011-12-29 06:36 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-12-28 04:30 . 2011-12-28 04:30 794408 ----a-w- c:\windows\SysWow64\Pbsvc.exe

2011-12-28 04:30 . 2011-12-28 04:30 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2011-12-28 04:29 . 2011-12-28 04:29 -------- d-----w- c:\program files (x86)\GameSpy

2011-12-28 03:06 . 2011-12-28 03:06 -------- d-----w- c:\programdata\Roxio

2011-12-26 20:53 . 2011-12-29 18:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-23 16:40 . 2011-12-23 16:40 -------- d-----w- c:\program files (x86)\ESET

2011-12-22 19:03 . 2011-12-22 19:03 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-12-20 00:00 . 2011-12-20 00:00 -------- d-----w- c:\program files (x86)\bitComposer Games

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-12-19 23:45 . 2011-12-19 23:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-12-19 23:45 . 2011-12-19 23:45 -------- d-----w- c:\program files (x86)\QuickTime

2011-12-19 23:45 . 2011-12-19 23:45 -------- d-----w- c:\programdata\Apple Computer

2011-12-19 23:44 . 2011-12-19 23:44 -------- d-----w- c:\program files (x86)\Common Files\Apple

2011-12-19 23:44 . 2011-12-19 23:44 -------- d-----w- c:\programdata\Apple

2011-12-19 23:44 . 2011-12-19 23:44 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-12-16 23:59 . 2011-12-17 00:00 -------- d-----w- c:\windows\WindowsMobile

2011-12-13 22:28 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-13 22:28 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-13 22:28 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-13 22:28 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-13 22:28 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-13 22:28 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-11 03:21 . 2011-12-11 03:30 -------- d-----w- C:\_Exception1

2011-12-10 15:56 . 2011-12-10 15:56 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-12-10 15:55 . 2011-12-11 04:03 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-09 03:21 . 2011-12-09 03:21 -------- d-----w- c:\programdata\CyberLink

2011-12-09 03:20 . 2011-12-09 03:20 -------- d-----w- c:\users\Public\CyberLink

2011-12-08 00:32 . 2011-12-08 00:34 -------- d-----w- c:\programdata\VirtualizedApplications

2011-12-07 13:27 . 2011-12-07 13:27 -------- d-----r- C:\MSOCache

2011-12-07 13:21 . 2011-12-15 16:00 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2011-12-05 05:25 . 2011-12-05 05:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2011-12-04 18:00 . 2011-12-04 18:00 -------- d-----w- c:\program files (x86)\IrfanView

2011-12-04 05:30 . 2011-12-04 05:30 -------- d-----w- c:\programdata\Premium

2011-12-04 05:30 . 2011-12-04 05:30 -------- d-----w- c:\programdata\InstallMate

2011-12-03 23:01 . 2011-12-03 23:01 -------- d-----w- c:\programdata\LogiShrd

2011-12-03 23:01 . 2011-12-03 23:01 -------- d-----w- c:\program files\Common Files\LogiShrd

2011-12-03 20:35 . 2011-12-03 20:35 -------- d-----w- c:\windows\SysWow64\Wat

2011-12-03 20:35 . 2011-12-03 20:35 -------- d-----w- c:\windows\system32\Wat

2011-12-03 17:08 . 2011-12-03 17:08 -------- d-----w- c:\program files (x86)\MSXML 4.0

2011-12-03 11:53 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-12-03 11:52 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-12-03 11:52 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-03 11:52 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-12-03 11:50 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-12-03 11:50 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll

2011-12-03 11:50 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-12-03 11:46 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-12-03 11:46 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-12-03 11:46 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-12-03 11:46 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-12-03 11:38 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-12-03 11:38 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-12-03 11:38 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-12-03 11:38 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-12-03 11:38 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-12-03 11:17 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-12-03 11:17 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-12-03 11:17 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-12-03 11:17 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-12-03 09:28 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F481493-0DAC-4388-802B-191EBAF6E9F7}\mpengine.dll

2011-12-03 04:11 . 2011-12-03 04:11 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2011-12-03 03:39 . 2010-02-04 16:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll

2011-12-03 03:39 . 2010-02-04 16:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll

2011-12-03 03:39 . 2010-02-04 16:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll

2011-12-03 03:39 . 2010-02-04 16:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll

2011-12-03 03:39 . 2009-03-09 21:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2011-12-03 03:39 . 2007-04-05 00:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll

2011-12-03 03:39 . 2007-03-12 22:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll

2011-12-03 03:39 . 2011-12-03 03:39 -------- d-----w- c:\program files (x86)\Microsoft XNA

2011-12-03 01:44 . 2011-12-11 15:40 -------- d-----w- c:\program files (x86)\Common Files\Steam

2011-12-03 01:44 . 2011-12-29 17:07 -------- d-----w- c:\program files (x86)\Steam

2011-12-03 01:41 . 2011-12-03 01:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-03 01:41 . 2011-12-03 01:41 -------- d-----w- c:\windows\system32\Macromed

2011-12-03 01:35 . 2011-12-03 01:35 -------- d-----w- c:\programdata\Malwarebytes

2011-12-03 01:35 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-03 00:49 . 2011-12-11 02:11 -------- d-----w- c:\users\VALIS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-03 08:44 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-11-10 11:54 . 2011-08-30 01:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\SysWow64\dpl100.dll

2011-10-19 06:11 . 2011-10-19 06:11 31744 ----a-w- c:\windows\system32\drivers\usbrpm.sys

2011-10-19 05:31 . 2011-10-19 05:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-10-19 05:31 . 2011-10-19 05:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-10-19 05:31 . 2011-10-19 05:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-10-19 05:31 . 2011-10-19 05:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-10-19 05:31 . 2011-10-19 05:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-10-19 05:31 . 2011-10-19 05:31 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-10-19 05:31 . 2011-10-19 05:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-10-19 05:31 . 2011-10-19 05:31 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-10-19 05:31 . 2011-10-19 05:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-10-19 05:31 . 2011-10-19 05:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-10-19 05:31 . 2011-10-19 05:31 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-10-19 05:31 . 2011-10-19 05:31 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-10-19 05:31 . 2011-10-19 05:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-10-19 05:31 . 2011-10-19 05:31 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-10-19 05:31 . 2011-10-19 05:31 448512 ----a-w- c:\windows\system32\html.iec

2011-10-19 05:31 . 2011-10-19 05:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-10-19 05:31 . 2011-10-19 05:31 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-10-19 05:31 . 2011-10-19 05:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-10-19 05:31 . 2011-10-19 05:31 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-10-19 05:31 . 2011-10-19 05:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-10-19 05:31 . 2011-10-19 05:31 222208 ----a-w- c:\windows\system32\msls31.dll

2011-10-19 05:31 . 2011-10-19 05:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-10-19 05:31 . 2011-10-19 05:31 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-10-19 05:31 . 2011-10-19 05:31 160256 ----a-w- c:\windows\system32\wextract.exe

2011-10-19 05:31 . 2011-10-19 05:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-10-19 05:31 . 2011-10-19 05:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-10-19 05:31 . 2011-10-19 05:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-10-19 05:31 . 2011-10-19 05:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-10-19 05:31 . 2011-10-19 05:31 12288 ----a-w- c:\windows\system32\mshta.exe

2011-10-19 05:31 . 2011-10-19 05:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-10-19 05:31 . 2011-10-19 05:31 114176 ----a-w- c:\windows\system32\admparse.dll

2011-10-19 05:31 . 2011-10-19 05:31 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-10-19 05:31 . 2011-10-19 05:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-10-19 05:31 . 2011-10-19 05:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-23_00.49.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2011-12-26 20:48 42846 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-12-29 17:08 38388 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-12-22 23:55 38388 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-12-02 08:02 . 2011-12-22 23:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-12-02 08:02 . 2011-12-28 21:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-12-02 08:02 . 2011-12-22 23:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-12-02 08:02 . 2011-12-28 21:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-12-28 21:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-12-22 23:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-12-28 04:29 . 2011-12-28 04:29 57344 c:\windows\Installer\{894084B6-BC69-43B7-BF06-B93AECFEA520}\NewShortcut8_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe

+ 2011-12-28 04:29 . 2011-12-28 04:29 57344 c:\windows\Installer\{894084B6-BC69-43B7-BF06-B93AECFEA520}\NewShortcut7_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe

+ 2011-12-28 04:29 . 2011-12-28 04:29 57344 c:\windows\Installer\{894084B6-BC69-43B7-BF06-B93AECFEA520}\Comrade.exe_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe

+ 2011-12-28 04:29 . 2011-12-28 04:29 57344 c:\windows\Installer\{894084B6-BC69-43B7-BF06-B93AECFEA520}\ARPPRODUCTICON.exe

+ 2011-12-28 04:29 . 2011-12-28 04:29 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2011-12-07 01:37 . 2011-12-28 07:24 3332 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-12-03 01:29 . 2011-12-29 17:08 9164 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-810365025-4187528024-1135758346-1001_UserData.bin

- 2011-12-23 00:44 . 2011-12-23 00:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-12-29 17:03 . 2011-12-29 17:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-12-29 17:03 . 2011-12-29 17:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-12-23 00:44 . 2011-12-23 00:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-12-28 04:29 . 2011-12-28 04:29 8854 c:\windows\Installer\{894084B6-BC69-43B7-BF06-B93AECFEA520}\UNINST_Uninstall_Com_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe

+ 2010-02-19 19:27 . 2010-02-19 19:27 843776 c:\windows\SysWOW64\divx_xx16.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27 839680 c:\windows\SysWOW64\divx_xx11.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\SysWOW64\divx_xx0c.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27 847872 c:\windows\SysWOW64\divx_xx0a.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\SysWOW64\divx_xx07.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27 720384 c:\windows\SysWOW64\DivX.dll

+ 2009-07-14 04:54 . 2011-12-29 17:03 524288 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-12-23 00:40 524288 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-12-03 02:48 . 2011-12-29 02:46 273646 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2011-12-29 17:08 660770 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-12-23 00:48 660770 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-12-29 17:08 121408 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-12-23 00:48 121408 c:\windows\system32\perfc009.dat

+ 2011-10-19 05:53 . 2011-12-29 09:01 744560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-10-19 05:53 . 2011-12-23 00:43 744560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2011-12-29 09:01 231572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-12-23 00:43 231572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-12-03 01:06 . 2011-12-20 05:27 808212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-810365025-4187528024-1135758346-1001-12288.dat

+ 2011-12-03 01:06 . 2011-12-29 09:01 808212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-810365025-4187528024-1135758346-1001-12288.dat

- 2011-12-20 00:15 . 2011-12-20 00:15 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

- 2009-07-14 04:54 . 2011-12-23 00:40 4489216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-12-29 17:03 4489216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-12-03 01:55 . 2011-12-23 18:22 1584984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-810365025-4187528024-1135758346-1001-4096.dat

+ 2011-12-28 04:29 . 2011-12-28 04:29 6985728 c:\windows\Installer\3185880.msi

+ 2011-07-26 18:36 . 2011-07-26 18:36 1629696 c:\windows\Installer\114a7fd.msi

+ 2011-12-28 04:29 . 2011-12-28 04:29 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-12-28 04:29 . 2011-12-28 04:29 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-20 00:15 . 2011-12-20 00:15 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-07-14 04:54 . 2011-12-23 00:40 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-12-29 17:03 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-12-03 01:55 . 2011-12-29 09:01 21799012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-810365025-4187528024-1135758346-1001-8192.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-03 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-26 c:\windows\Tasks\HPCeeScheduleForVALIS.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

FF - ProfilePath - c:\users\VALIS\AppData\Roaming\Mozilla\Firefox\Profiles\sjyw0ah9.default\

FF - prefs.js: browser.startup.homepage - Google.com

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,

81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-12-29 13:14:17

ComboFix-quarantined-files.txt 2011-12-29 19:14

ComboFix2.txt 2011-12-23 01:09

.

Pre-Run: 401,965,584,384 bytes free

Post-Run: 402,340,872,192 bytes free

.

- - End Of File - - 47EF6DF6132647E6B57216091B0639E2

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Reboot.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Run TFC by OldTimer to clear temporary files:

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Restart your computer.

Update Firefox via Help --> About Firefox. Ensure that you're using at least version 9.

Let me know what issues remain.

Link to post
Share on other sites

I removed all of those programs and, just to be sure, I ran a full scan of MBAM. Here is the log of the results:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.31.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

VALIS :: VALIS-HP [administrator]

12/31/2011 5:59:37 PM

mbam-log-2011-12-31 (17-59-37).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 306870

Time elapsed: 31 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

It looks like a couple rounds of Combofix and those other programs got the PUP.Bitminer trojan off of my computer. Thank you so much, you are a hero among men! I really, really appreciate it. I will get to engraving your likeness in Mt. Rushmore immediately.

Link to post
Share on other sites

  • Staff

Great news!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.