svchost.exe trojan.agent

[bruceypoo]

I keep getting notifications that MBAM auto-protection keeps blocking svchost.exe from accessing a potentially malicious site. I then ran a quick scan, and two things popped up, both of which are listed as "C:\Windows\svchost.exe (trojan.agent}"

I remove both of them after the scan finished, restarted, and the problem still persists (more blocking access and more svchost.exe trojans popping up in the scans).

The MBAM logs and the DDS.txt logs are copy-pasted below as well as attached.

Please help, I'm this close to simply reformatting and starting anew (unless that's what you'd recommend I do anyway).

thank you for your time!

MBAM Log

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.10.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Radium :: RADIUM-PC [administrator]

Protection: Enabled

1/10/2012 2:46:42 PM

mbam-log-2012-01-10 (14-46-42).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 181205

Time elapsed: 1 minute(s), 1 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 2944 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Radium at 14:48:40 on 2012-01-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16374.13588 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

E:\Benchmarks\Hi-Rez Studios\HiPatchService.exe

C:\Windows\system32\lxblcoms.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

E:\Playclaw\playclaw.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Windows Sidebar\sidebar.exe

E:\Steam\Steam.exe

C:\Program Files (x86)\RadeonPro\RadeonPro.exe

C:\Users\Radium\AppData\Roaming\Spotify\spotify.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\SearchFilterHost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyServer = 210.107.100.251:8080

mWinlogon: Userinit=userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Radium\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "E:\Steam\steam.exe" -silent

uRun: [EADM] "E:\Origin\Origin.exe" -AutoStart

uRun: [RadeonPro] "C:\Program Files (x86)\RadeonPro\RadeonPro.exe"

uRun: [spotify] "C:\Users\Radium\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

dRun: [smad] "C:\Windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe"

StartupFolder: C:\Users\Radium\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-explorer: HideSCAHealth = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\Microsoft Office\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\Microsoft Office\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{CE2EB4D9-1172-4ABA-BE49-B5075AD182C9} : DhcpNameServer = 75.75.76.76 75.75.75.75

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Radium\AppData\Roaming\Mozilla\Firefox\Profiles\jr4sf4nx.default\

FF - prefs.js: browser.startup.homepage - google.com/ig

FF - plugin: C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Amazon MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll

FF - plugin: C:\Users\Radium\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Benchmarks\Hi-Rez Studios\HiPatchService.exe [2011-12-1 8704]

R2 lxbl_device;lxbl_device;C:\Windows\system32\lxblcoms.exe -service --> C:\Windows\system32\lxblcoms.exe -service [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-28 652872]

R2 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2011-10-1 12800]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?]

R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?]

R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 WinRing0_1_2_0;WinRing0_1_2_0;E:\Playclaw\WinRing0x64.sys [2008-7-26 14544]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?]

S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-01-07 20:13:53 -------- d-----w- C:\TDSSKiller_Quarantine

2012-01-07 19:20:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-01-07 19:16:27 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78FA2367-D010-4DFB-9827-DAE9FDF9913E}\offreg.dll

2012-01-07 17:57:10 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78FA2367-D010-4DFB-9827-DAE9FDF9913E}\mpengine.dll

2012-01-07 04:55:36 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll

2012-01-07 04:55:36 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll

2012-01-07 04:55:35 -------- d-----w- C:\Program Files (x86)\BRS

2012-01-06 23:21:09 -------- d-----w- C:\Windows\System32\MpEngineStore

2012-01-06 05:06:38 20480 ------w- C:\Windows\svchost.exe

2012-01-02 04:38:04 -------- d-----w- C:\Users\Radium\.thumbnails

2012-01-02 04:37:35 -------- d-----w- C:\Users\Radium\.gimp-2.6

2012-01-02 04:02:50 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2011-12-31 08:42:18 -------- d-sh--w- C:\Users\Radium\AppData\Roaming\wyUpdate AU

2011-12-31 08:42:18 -------- d-----w- C:\Users\Radium\AppData\Roaming\System

2011-12-31 08:42:18 -------- d-----w- C:\Users\Radium\AppData\Local\Universe Sandbox

2011-12-30 11:05:32 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-30 11:05:32 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-30 11:05:32 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-30 11:05:32 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2011-12-29 23:30:50 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-12-29 23:30:50 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-12-29 23:30:50 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-12-29 23:30:50 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-12-29 23:30:50 -------- d-----w- C:\Program Files (x86)\OpenAL

2011-12-27 00:16:52 -------- d-----w- C:\Users\Radium\AppData\Local\Rockstar Games

2011-12-25 02:32:37 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-12-23 08:28:18 -------- d-----w- C:\dell

2011-12-23 08:17:02 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll

2011-12-23 08:17:02 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll

2011-12-23 08:17:02 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe

2011-12-23 08:17:02 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll

2011-12-23 08:17:02 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll

2011-12-23 08:17:02 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll

2011-12-23 08:17:01 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll

2011-12-23 08:04:04 -------- d-----r- C:\Program Files (x86)\Skype

2011-12-21 20:52:01 -------- d-----w- C:\Users\Radium\AppData\Local\PAYDAY

2011-12-21 20:51:19 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2011-12-21 01:13:16 -------- d-----w- C:\Users\Radium\AppData\Local\Spotify

2011-12-21 01:12:58 -------- d-----w- C:\Users\Radium\AppData\Roaming\Spotify

2011-12-19 02:56:28 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2011-12-14 16:52:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-14 16:52:56 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-14 16:52:55 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-14 16:52:55 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-14 16:52:54 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-14 16:52:54 2048 ----a-w- C:\Windows\System32\tzres.dll

.

==================== Find3M ====================

.

2012-01-09 04:48:55 281880 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-01-09 04:48:55 281880 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-01-09 04:48:31 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-01-03 03:34:29 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-12-23 08:32:46 75 --sh--r- C:\Windows\CT4CET.bin

2011-12-19 02:49:16 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-30 06:40:08 70656 ----a-w- C:\Windows\SysWow64\tmbvcm32.dll

2011-11-30 06:40:06 72704 ----a-w- C:\Windows\System32\tmbvcm64.dll

2011-11-17 21:43:26 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-10 03:45:30 10567680 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-11-10 03:39:50 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll

2011-11-10 03:39:44 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2011-11-10 03:39:36 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-11-10 03:39:32 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-11-10 03:39:22 17442304 ----a-w- C:\Windows\System32\amdocl64.dll

2011-11-10 03:38:40 14375936 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-11-10 03:20:50 25218048 ----a-w- C:\Windows\System32\atio6axx.dll

2011-11-10 03:17:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-11-10 03:16:56 774656 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-11-10 03:15:20 927232 ----a-w- C:\Windows\System32\aticfx64.dll

2011-11-10 03:12:24 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-11-10 03:12:10 516608 ----a-w- C:\Windows\System32\atieclxx.exe

2011-11-10 03:11:32 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-11-10 03:10:18 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-11-10 03:09:58 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-11-10 03:09:52 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-11-10 03:09:40 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-11-10 03:09:34 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-11-10 03:09:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-11-10 03:09:24 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-11-10 03:06:20 6077952 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-11-10 02:58:20 18996224 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-11-10 02:51:18 7405056 ----a-w- C:\Windows\System32\atidxx64.dll

2011-11-10 02:40:52 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-11-10 02:40:18 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-11-10 02:40:04 4061696 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-11-10 02:34:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-11-10 02:34:52 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-11-10 02:34:44 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-11-10 02:34:42 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-11-10 02:34:28 13552640 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-11-10 02:33:52 5852672 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-11-10 02:29:58 11300864 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-11-10 02:29:46 4200960 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-11-10 02:24:26 7439360 ----a-w- C:\Windows\System32\atiumd64.dll

2011-11-10 02:18:44 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-11-10 02:13:32 494592 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-11-10 02:13:22 348160 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-11-10 02:13:08 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-11-10 02:13:04 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-11-10 02:13:04 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-11-10 02:13:00 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-11-10 02:12:52 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-11-10 02:12:44 325632 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-11-10 02:11:54 41984 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-11-10 02:11:46 32256 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-11-10 02:11:40 39424 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-11-10 02:11:32 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-11-10 02:10:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 02:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll

2011-10-26 02:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll

2011-10-22 01:16:12 1843200 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll

2011-10-22 01:15:46 104448 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll

2011-10-22 01:12:32 2763264 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll

2011-10-22 01:07:42 125440 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll

2011-10-17 17:40:50 93712 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

.

============= FINISH: 14:48:55.13 ===============

mbam-log-2012-01-10 (14-46-42).txt

DDS.txt

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!