no idea how to resolve this

[funkycam]

found something called czw1tgmahe.exe

first noticed because of audio adverts running in the back ground.

it is listed on virscan :

http://f.virscan.org/czw1tgmahe.exe.html

cannot remove it even though I am admin.

malawarebytes freezes everytime it tries to scan the folder where czw1tgmahe is located (C:\Users\myname).

combo fix won't install.

tend micro host is missing so windows security won'tr load.

task manager won't load (says pcwum is missing but it's there)

for a while the computer said it was not an authorized windows machine, but it is.

Usb ports stopped working.

rkill wouldn't load, then when i tried the variants it didn't stop anything running.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Cam at 17:05:21 on 2012-06-17

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3318.1838 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe

D:\Program Files\Dell\Reader 2.1\DVMExportService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Flux\Services\FluxB.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Spotify\Data\SpotifyWebHelper.exe

C:\Users\Cam\czw1tgmahe.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

C:\Program Files\Flux\Services\FluxA.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

C:\Windows\system32\conhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"

uRun: [czw1tgmahe] c:\users\cam\czw1tgmahe.exe

mRun: [<NO NAME>]

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [DellBtrEvent] d:\program files\dell\reader 2.1\DellBtrEvent.exe

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\cam\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\cam\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\cam\appdata\roaming\micros~1\windows\startm~1\programs\startup\gnotif~1.lnk - c:\program files\google\gmail notifier\gnotify.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{142BA2D5-FDCA-4926-B863-6249A4A5D086} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{142BA2D5-FDCA-4926-B863-6249A4A5D086}\0554544535 : DhcpNameServer = 10.128.128.128

TCP: Interfaces\{142BA2D5-FDCA-4926-B863-6249A4A5D086}\343434C4942425142595 : DhcpNameServer = 10.36.80.14 10.36.80.13

TCP: Interfaces\{F8144255-E2AC-41E8-A449-27014E063D36} : DhcpNameServer = 4.2.2.2 8.8.8.8

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

LSA: Authentication Packages = msv1_0 wvauth

.

============= SERVICES / DRIVERS ===============

.

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-12-12 17072]

R1 DVMIO;DVMIO;d:\program files\dell\reader 2.1\dvmio.sys [2010-5-4 18320]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-12-12 81920]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2011-8-31 948736]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2011-6-3 102672]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-23 812448]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-23 27040]

R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 388464]

R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-9-19 87368]

R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.1\DVMExportService.exe [2010-5-4 327680]

R2 FluxA;FluxA;c:\program files\flux\services\FluxA.exe [2012-1-14 5588992]

R2 FluxB;FluxB;c:\program files\flux\services\FluxB.exe [2012-1-14 2903040]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-12-12 13592]

R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-12-12 60928]

R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2012-2-1 214896]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-12-12 59904]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]

R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-12-12 42672]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-12-12 274472]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-12 33320]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-12 144576]

R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-12-12 33832]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-1-6 268968]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-12-12 125696]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-8-3 7517696]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-4-22 139368]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-14 136176]

S2 PaceLicenseDServices;PACE License Services;c:\program files\common files\pace\services\licenseservices\LDSvc.exe [2011-9-8 2932224]

S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-10 230928]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-10 36368]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-12 134144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-14 136176]

S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [2010-11-3 21112]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-17 40776]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-1-25 20864]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-1-25 23808]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-12-12 48640]

S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-12-12 38912]

S3 rspAux;rspAux;c:\windows\system32\drivers\rspAux32.sys [2011-4-20 19000]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008]

S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-15 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-06-17 23:34:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-06-17 22:04:51 -------- d-----w- c:\users\cam\appdata\roaming\Malwarebytes

2012-06-17 22:04:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-17 22:04:48 -------- d-----w- c:\programdata\Malwarebytes

2012-06-17 22:04:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-17 07:23:00 -------- d-----w- c:\program files\ESET

2012-06-16 23:01:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-06-16 23:01:24 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-06-16 17:39:48 -------- d-----w- c:\users\cam\appdata\roaming\TuneUp Software

2012-06-16 17:38:59 -------- d-----w- c:\programdata\TuneUp Software

2012-06-16 17:38:27 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-06-16 17:38:27 -------- d--h--w- c:\programdata\Common Files

2012-06-16 17:35:53 -------- d-----w- c:\program files\iPod

2012-06-16 17:33:32 -------- d-----w- c:\program files\Bonjour

2012-06-15 23:50:07 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-15 21:49:01 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e4abc293-0507-4704-a92d-546a51bce0da}\mpengine.dll

2012-06-14 20:29:37 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-06-13 13:33:45 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 13:33:42 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-13 13:33:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 13:33:41 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 13:33:41 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 13:33:41 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-06-13 13:33:41 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 13:33:37 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 13:33:37 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 13:33:37 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 05:05:42 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8c90a9f6-57e5-4d49-a4d3-d046be466f16}\gapaengine.dll

2012-06-09 00:47:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-01 14:06:48 163048 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10141.bin

2012-05-31 18:45:00 -------- d-----w- c:\users\cam\appdata\local\webkit

2012-05-31 01:14:13 -------- d-----w- c:\users\cam\appdata\local\fontconfig

2012-05-31 01:14:12 -------- d-----w- c:\users\cam\appdata\local\gegl-0.2

2012-05-31 01:14:12 -------- d-----w- c:\users\cam\.gimp-2.8

2012-05-31 01:06:22 -------- d-----w- c:\program files\GIMP 2

.

==================== Find3M ====================

.

2012-06-09 00:47:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-09 21:36:10 1420 ----a-w- c:\windows\system32\privatedata.dll

2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-21 03:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

============= FINISH: 17:09:04.18 ===============

thanks!

Cam

Attach.txt

[funkycam]

also system restore is disabled

[Maniac]

Hello Cam and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=181018entry181018

http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=417944entry417944

Next:

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

[funkycam]

thanks for the suggestions

security essentials will not work. it is red & says "security essentials isn't monitoring your pc because the program's service stopped. You should restart it now."

So settings cannot be edited. It did work prior to this problem though because it says my last scan was 6 10 12.

I unistalled malawarebytes in safe mode but when i reinstalled it froze the the same place: the C\User folder where that czw1tgmahe.exe is located.

re chkdsk, Computer says "you do not have sufficient rights to check this drive" when i try to do it

[Maniac]

Don't install or uninstall anything especially Malwarebytes' Anti-Malware that makes our job much difficult.

Follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=85715&view=findpost&p=434003

Finally, post the log file in your next reply with a new fresh DDS log file. Please perform these actions in Normal mode, not in Safe Mode.

[funkycam]

Thanks Maniac, i am a little confused though: your first link in the above post (http://forums.malwar...18)took me to a post that said to uninstall malaware bytes in safe mode & that's why i did it.

The new link you just posted describes a workaround for installing malaware bytes, but i have it installed & it runs, it just freezes after about 4 minutes when it gets to that folder i mentioned, so it's not possible to get a log.

[Maniac]

I just want from you to add it in exclusions, just that. From you I learned that you uninstall it, so I gave you a link to install it again.

Now, try to run Malwarebytes' Anti-Malware on this way and let me know if is freeze again:

http://forums.malwarebytes.org/index.php?showtopic=85715&view=findpost&p=434002

[funkycam]

So it tried all of the Chameleon options. some loaded, some didn't, all of those that loaded froze when scanning the folder where czw1tgmahe.exe

is located.

Incidentally czw1tgmahe.exe's icon has changed to an open suitcase full of money & if it is mouse overed it says GreatRollPlayer toshiba, but I am still unable to delete it.

[Maniac]

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[funkycam]

combofix kept freezing about 2/3rds of the way into installing. Eventually I left it for hours & it installed, restarted & then took around 4 hours to run & finish.

here is the log

ComboFix 12-06-19.03 - Cam 06/19/2012 12:28:42.3.4 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3318.2568 [GMT -7:00]

Running from: c:\users\Cam\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\fd17601b57783611.sys

.

Infected copy of c:\windows\system32\Drivers\Volsnap.sys was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy3_!Windows!System32!drivers!volsnap.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_fd17601b57783611

-------\Service_fd17601b57783611

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 20:26 . 2012-06-19 22:06 -------- d-----w- c:\users\Cam\AppData\Local\temp

2012-06-19 20:26 . 2012-06-19 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-19 01:04 . 2012-06-19 01:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-06-18 23:47 . 2012-06-19 01:04 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-06-18 18:51 . 2012-06-19 01:23 -------- d-----w- c:\users\Cam\AppData\Roaming\Skype

2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----w- c:\program files\Common Files\Skype

2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----r- c:\program files\Skype

2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----w- c:\programdata\Skype

2012-06-18 13:04 . 2012-06-18 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-18 13:04 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-17 22:04 . 2012-06-17 22:04 -------- d-----w- c:\users\Cam\AppData\Roaming\Malwarebytes

2012-06-17 22:04 . 2012-06-17 22:04 -------- d-----w- c:\programdata\Malwarebytes

2012-06-17 07:23 . 2012-06-17 07:23 -------- d-----w- c:\program files\ESET

2012-06-16 23:01 . 2012-06-17 07:14 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-06-16 23:01 . 2012-06-16 23:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-06-16 17:39 . 2012-06-16 17:39 -------- d-----w- c:\users\Cam\AppData\Roaming\TuneUp Software

2012-06-16 17:38 . 2012-06-16 17:40 -------- d-----w- c:\programdata\TuneUp Software

2012-06-16 17:38 . 2012-06-16 17:38 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-06-16 17:38 . 2012-06-16 17:38 -------- d--h--w- c:\programdata\Common Files

2012-06-16 17:35 . 2012-06-16 17:35 -------- d-----w- c:\program files\iPod

2012-06-16 17:33 . 2012-06-16 17:33 -------- d-----w- c:\program files\Bonjour

2012-06-16 17:08 . 2012-06-16 17:08 -------- d-----w- c:\program files\Apple Software Update

2012-06-15 23:50 . 2012-06-15 23:50 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-15 23:40 . 2012-06-15 23:40 34304 ----a-w- c:\users\Cam\czw1tgmahe.exe

2012-06-15 21:49 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ABC293-0507-4704-A92D-546A51BCE0DA}\mpengine.dll

2012-06-14 20:29 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-13 13:33 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 13:33 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-13 13:33 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 13:33 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 13:33 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 05:05 . 2012-02-11 01:36 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C90A9F6-57E5-4D49-A4D3-D046BE466F16}\gapaengine.dll

2012-06-09 00:47 . 2012-06-09 00:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-01 14:06 . 2012-06-01 14:06 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-31 18:45 . 2012-05-31 18:45 -------- d-----w- c:\users\Cam\AppData\Local\webkit

2012-05-31 01:14 . 2012-05-31 01:14 -------- d-----w- c:\users\Cam\AppData\Local\fontconfig

2012-05-31 01:14 . 2012-05-31 19:38 -------- d-----w- c:\users\Cam\.gimp-2.8

2012-05-31 01:14 . 2012-05-31 01:14 -------- d-----w- c:\users\Cam\AppData\Local\gegl-0.2

2012-05-31 01:06 . 2012-05-31 01:07 -------- d-----w- c:\program files\GIMP 2

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-19 22:05 . 2011-03-14 21:34 0 ----a-w- c:\users\Cam\AppData\Local\WavXMapDrive.bat

2012-06-09 00:47 . 2011-05-18 19:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-17 22:35 . 2012-06-14 10:02 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 01:05 . 2012-06-13 13:33 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-05-01 04:44 . 2012-06-13 13:33 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-26 04:45 . 2012-06-13 13:33 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45 . 2012-06-13 13:33 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41 . 2012-06-13 13:33 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-31 04:39 . 2012-05-10 03:41 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-10 03:41 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 10:23 . 2012-05-10 03:41 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-05-11 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1099088]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]

"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-26 495708]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]

"DellBtrEvent"="d:\program files\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-04 147456]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-08 293992]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Cam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 828704]

Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Users^Cam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gnotify.exe - Shortcut.lnk]

path=c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gnotify.exe - Shortcut.lnk

backup=c:\windows\pss\gnotify.exe - Shortcut.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\czw1tgmahe]

2012-06-15 23:40 34304 ----a-w- c:\users\Cam\czw1tgmahe.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-06-08 02:17 17425072 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 243712]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6016]

R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]

S1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.1\dvmio.sys [2010-05-04 18320]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-26 81920]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 948736]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 102672]

S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448]

S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-09-19 87368]

S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-01-11 274472]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]

S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-10-30 33832]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2011-07-20 268968]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - TMWFP

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:46]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-MsMpSvc

AddRemove-{1FE1972E-3748-4B05-9B22-26515DD5AE83}_is1 - c:\programdata\Valhalla DSP

AddRemove-{2475C131-DF8D-4276-85B0-A41443C6071F}_is1 - c:\programdata\Valhalla DSP

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(672)

c:\windows\system32\wvauth.DLL

c:\program files\Wave Systems Corp\Common\CryptoManager.dll

c:\windows\system32\tcg15.dll

c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll

c:\windows\system32\wclient14.dll

c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll

.

- - - - - - - > 'Explorer.exe'(6832)

c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\IDT\WDM\STacSV.exe

c:\program files\NVIDIA Corporation\Display\NvXDSync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\conhost.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Flux\Services\FluxB.exe

c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Motorola\MotoHelper\MotoHelperService.exe

c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe

c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe

c:\program files\Common Files\PACE\Services\LicenseServices\LDSvc.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Flux\Services\FluxA.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe

c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

c:\windows\system32\conhost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\DellTPad\Apntex.exe

c:\windows\system32\conhost.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe

c:\windows\system32\conhost.exe

c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Common Files\Java\Java Update\jusched.exe

c:\windows\system32\DllHost.exe

c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2012-06-19 15:15:01 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-19 22:14

.

Pre-Run: 14,390,034,432 bytes free

Post-Run: 68,863,291,392 bytes free

.

- - End Of File - - B7DB3964AD882114F89DDF1F731EA997

[Maniac]

I'm sorry about that, but I'm on my way, almost kill it.

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. My suggestion is to uninstall Trend Micro Client/Server Security Agent and to keep Microsoft Security Essentials.

Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=111292

Collect::[8]
c:\users\Cam\czw1tgmahe.exe

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[funkycam]

here it is:

ComboFix 12-06-19.03 - Cam 06/19/2012 15:51:53.4.4 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3318.1924 [GMT -7:00]

Running from: c:\users\Cam\Downloads\ComboFix.exe

Command switches used :: c:\users\Cam\Downloads\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Cam\czw1tgmahe.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 23:00 . 2012-06-19 23:01 -------- d-----w- c:\users\Cam\AppData\Local\temp

2012-06-19 23:00 . 2012-06-19 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-19 22:46 . 2012-06-19 22:46 -------- d-----w- c:\users\Cam\AppData\Local\Wave Systems Corp

2012-06-19 01:04 . 2012-06-19 01:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-06-18 23:47 . 2012-06-19 01:04 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-06-18 18:51 . 2012-06-19 01:23 -------- d-----w- c:\users\Cam\AppData\Roaming\Skype

2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----w- c:\program files\Common Files\Skype

2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----r- c:\program files\Skype

2012-06-18 18:51 . 2012-06-18 18:51 -------- d-----w- c:\programdata\Skype

2012-06-18 13:04 . 2012-06-18 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-18 13:04 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-17 22:04 . 2012-06-17 22:04 -------- d-----w- c:\users\Cam\AppData\Roaming\Malwarebytes

2012-06-17 22:04 . 2012-06-17 22:04 -------- d-----w- c:\programdata\Malwarebytes

2012-06-17 07:23 . 2012-06-17 07:23 -------- d-----w- c:\program files\ESET

2012-06-16 23:01 . 2012-06-17 07:14 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-06-16 23:01 . 2012-06-16 23:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-06-16 17:39 . 2012-06-16 17:39 -------- d-----w- c:\users\Cam\AppData\Roaming\TuneUp Software

2012-06-16 17:38 . 2012-06-16 17:40 -------- d-----w- c:\programdata\TuneUp Software

2012-06-16 17:38 . 2012-06-16 17:38 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-06-16 17:38 . 2012-06-16 17:38 -------- d--h--w- c:\programdata\Common Files

2012-06-16 17:35 . 2012-06-16 17:35 -------- d-----w- c:\program files\iPod

2012-06-16 17:33 . 2012-06-16 17:33 -------- d-----w- c:\program files\Bonjour

2012-06-16 17:08 . 2012-06-16 17:08 -------- d-----w- c:\program files\Apple Software Update

2012-06-15 23:50 . 2012-06-15 23:50 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-15 21:49 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4ABC293-0507-4704-A92D-546A51BCE0DA}\mpengine.dll

2012-06-14 20:29 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-13 13:33 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 13:33 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-13 13:33 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 13:33 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-06-13 13:33 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 13:33 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 13:33 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 13:33 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 13:33 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 13:33 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 05:05 . 2012-02-11 01:36 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C90A9F6-57E5-4D49-A4D3-D046BE466F16}\gapaengine.dll

2012-06-09 00:47 . 2012-06-09 00:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-01 14:06 . 2012-06-01 14:06 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-31 18:45 . 2012-05-31 18:45 -------- d-----w- c:\users\Cam\AppData\Local\webkit

2012-05-31 01:14 . 2012-05-31 01:14 -------- d-----w- c:\users\Cam\AppData\Local\fontconfig

2012-05-31 01:14 . 2012-05-31 19:38 -------- d-----w- c:\users\Cam\.gimp-2.8

2012-05-31 01:14 . 2012-05-31 01:14 -------- d-----w- c:\users\Cam\AppData\Local\gegl-0.2

2012-05-31 01:06 . 2012-05-31 01:07 -------- d-----w- c:\program files\GIMP 2

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-19 22:05 . 2011-03-14 21:34 0 ----a-w- c:\users\Cam\AppData\Local\WavXMapDrive.bat

2012-06-09 00:47 . 2011-05-18 19:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-31 04:39 . 2012-05-10 03:41 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-10 03:41 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 10:23 . 2012-05-10 03:41 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Cam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2010-03-29 18:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-05-11 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]

"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-26 495708]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]

"DellBtrEvent"="d:\program files\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-04 147456]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-08 293992]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Cam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 828704]

Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Users^Cam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gnotify.exe - Shortcut.lnk]

path=c:\users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gnotify.exe - Shortcut.lnk

backup=c:\windows\pss\gnotify.exe - Shortcut.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-06-08 02:17 17425072 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 243712]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6016]

R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]

S1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.1\dvmio.sys [2010-05-04 18320]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-26 81920]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 948736]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 102672]

S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448]

S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-09-19 87368]

S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-01-11 274472]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]

S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-10-30 33832]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2011-07-20 268968]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - TmFilter

*Deregistered* - VSApiNt

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:46]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-14 22:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-czw1tgmahe - c:\users\Cam\czw1tgmahe.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(672)

c:\windows\system32\wvauth.DLL

c:\program files\Wave Systems Corp\Common\CryptoManager.dll

c:\windows\system32\tcg15.dll

c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\Tsp1.dll

c:\windows\system32\wclient14.dll

c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll

.

Completion time: 2012-06-19 16:02:31

ComboFix-quarantined-files.txt 2012-06-19 23:02

ComboFix2.txt 2012-06-19 22:15

.

Pre-Run: 68,937,404,416 bytes free

Post-Run: 68,749,496,320 bytes free

.

- - End Of File - - 5806640F5C64F54726FB37F398FF9391

[Maniac]

Please compress this folder: C:\Qoobox

http://windows.microsoft.com/en-us/windows7/compress-and-uncompress-files-zip-files

Next, upload it in www.mediafire.com for example and send me a download link via PM.

Thanks!

[funkycam]

pm-ed

[Maniac]

Thank you!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[funkycam]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=bcbab8eefc7d824891916fc506a709d4

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-17 06:34:17

# local_time=2012-06-17 11:34:17 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 46847893 46847893 0 0

# compatibility_mode=5893 16776574 66 94 18485712 91462798 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=1061256

# found=0

# cleaned=0

# scan_time=40050

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=bcbab8eefc7d824891916fc506a709d4

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-06-20 01:48:45

# local_time=2012-06-19 06:48:45 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 18716263 91693349 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=401625

# found=10

# cleaned=10

# scan_time=8367

C:\Qoobox\Quarantine\C\Users\Cam\czw1tgmahe.exe.vir a variant of Win32/Kryptik.AGJE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\Cam\_czw1tgmahe_.exe.zip a variant of Win32/Kryptik.AGJE trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\Installer\{12997293-8348-e77c-d05b-b2ec2a434415}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\Installer\{12997293-8348-e77c-d05b-b2ec2a434415}\U\800000cb.@.vir probably a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Cam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\dfdb890-463e81bb multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Cam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\63b79c71-44bef710 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Cam\Dropbox\for maniac\Qoobox.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVGQTWLG\celebritybabycraze_com[1].htm JS/Kryptik.PH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1JCEE9L\celebritybabycraze_com[1].htm JS/Kryptik.PH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8ZAEWVE\cute-sleepy-kittens-meowing[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

[Maniac]

Good!

Please uninstall ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, uninstall ESET Online Scanner and manually delete DDS.

It is important to update your Java software:

UPDATE JAVA

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

1. Please download JavaRa to your desktop.
   • Click the Download button next to Windows Binary (.zip) Version 1.1.6. to download JavaRA and unzip it to its own folder.

[*]Run JavaRa.exe

[*]Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.

[*]Open JavaRa.exe again and select Search For Updates.

[*]Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[funkycam]

Thanks so much for your help. You are a lifesaver

Does the papypal donation go directly to you? answer this in a pm if you need to

BTW it would be worth letting folks know that sometimes combofix takes hours to run if things are really bad...

[Maniac]

Yes, although registered from my father.

Yes, everything depends on the state of the system, so sometimes take longer. The important is end result!

You're welcome!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!