Jump to content

Computer Infected with Unknown Rootkit/Trojan

eklypze77
 Share

Recommended Posts

eklypze77

eklypze77

Posted
Posted

My desktop computer has been infected for about a month now, however even though I had suspected it earlier I have not looked into it until recently as unusual things kept happening on my computer. My main e-mail had been compromised somehow and everyday my e-mail would be subscribed to about 20 different websites saying "welcome to <site goes here>!". I figured at first someone had just sold my e-mail, however then GMail had showed me a warning message that both my e-mail accounts had an unusual visitor trying to login, thus I changed my passwords. Then today, I received replies from many random ad posters on Kijiji showing that someone on my e-mail account had been insulting random ad users on Kijiji.

I have scanned with Spybot S&D, Malwarebytes Anti-Malware and Avast! (free) but to no avail.

Here are my computer specs:

Intel Pentium Dual Core E2140 @ 1.60GHz

4GB RAM

ATI HD4830 Video Card

Windows 7 Professional 64-bit SP1

=========================================

DDS Log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by eklypze at 18:05:34 on 2012-07-09

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.1932 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\DFX\DFX.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\AIMP3\AIMP3.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Windows\system32\msiexec.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DFX.lnk - C:\Program Files (x86)\DFX\DFX.exe

uPolicies-explorer: NoInstrumentation = 1

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 64.71.255.198

TCP: Interfaces\{0EDCCCD1-230B-4DA4-A86C-51E1B66A202B} : DhcpNameServer = 192.168.42.129

TCP: Interfaces\{3DAF2287-36E2-412F-9495-3280E96BF2E9} : DhcpNameServer = 64.71.255.198

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO-X64: IDM Helper - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\eklypze\AppData\Roaming\Mozilla\Firefox\Profiles\dphu13kg.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.digg.com

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-25 44768]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 HOSTNT;HOSTNT;\??\C:\Windows\system32\drivers\hostnt.sys --> C:\Windows\system32\drivers\hostnt.sys [?]

R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-13 654408]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-6-23 793048]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 250056]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]

S3 Grand;SafeNet GrandDog USB Driver;C:\Windows\system32\DRIVERS\GrandUsb.sys --> C:\Windows\system32\DRIVERS\GrandUsb.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\system32\DRIVERS\hcwhdpvr.sys --> C:\Windows\system32\DRIVERS\hcwhdpvr.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam 600(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-4-11 155344]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2072-04-03 18:13:14 607296 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll

2012-07-09 21:51:01 -------- d-----w- C:\ProgramData\Sophos

2012-07-09 19:21:38 -------- d-----w- C:\Users\eklypze\AppData\Local\{B4EAC9C0-519C-4924-B1F0-2BC578FE0BEC}

2012-07-09 19:21:19 -------- d-----w- C:\Users\eklypze\AppData\Local\{08E67D78-D0B3-4758-A0F1-9BA40B4A52D6}

2012-07-09 05:08:01 -------- d-----w- C:\Users\eklypze\AppData\Local\{C0C50388-A6C5-4E7F-BB44-BCBB94F218C6}

2012-07-09 05:07:48 -------- d-----w- C:\Users\eklypze\AppData\Local\{D5D0911E-507C-44D9-9B96-401C5F9668D1}

2012-07-08 05:15:43 -------- d-----w- C:\Program Files (x86)\psx emulation cheater

2012-07-06 17:06:14 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CACF47A0-F368-4AED-8B74-EC77111331F4}\mpengine.dll

2012-07-05 02:43:17 -------- d-----w- C:\ePSXe

2012-07-04 19:50:49 -------- d-----w- C:\Users\eklypze\AppData\Local\{27BC4F2D-6A70-4972-B278-0192C6412C57}

2012-07-04 19:50:26 -------- d-----w- C:\Users\eklypze\AppData\Local\{57B7337A-B6AC-4C24-94DB-D14226378D3E}

2012-07-04 12:17:58 -------- d-----w- C:\Users\eklypze\AppData\Local\{4315E75F-DEA1-4009-90A2-F60E2D28F5F6}

2012-07-03 19:42:03 -------- d-----w- C:\Users\eklypze\AppData\Local\SKIDROW

2012-07-03 18:17:25 -------- d-----w- C:\Program Files (x86)\Wizards of the Coast LLC

2012-07-03 14:46:06 -------- d-----w- C:\Users\eklypze\AppData\Local\{2AC5985C-63AB-4A5C-AB06-FD8E3078D916}

2012-07-03 14:45:37 -------- d-----w- C:\Users\eklypze\AppData\Local\{E883100D-6BDC-478F-9646-9C23F2F467F1}

2012-07-02 23:19:28 388096 ----a-r- C:\Users\eklypze\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-02 23:19:28 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-02 23:02:16 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-02 22:36:33 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-07-02 22:36:27 -------- d-----w- C:\Users\eklypze\AppData\Local\{CFE31036-FFBD-428D-A319-39B5CDB7DD43}

2012-07-02 22:36:05 -------- d-----w- C:\Users\eklypze\AppData\Local\{300EE4F7-6F56-4CFB-B57B-EB32BC57B17F}

2012-06-30 09:56:00 -------- d---a-w- C:\.Trash-1000

2012-06-30 05:36:37 -------- d-----w- C:\Users\eklypze\AppData\Local\{70950305-7D6C-47A9-A534-A33CFBC955A7}

2012-06-30 05:36:18 -------- d-----w- C:\Users\eklypze\AppData\Local\{D0555DD9-44AB-46BA-9A51-05218F907C05}

2012-06-29 14:58:50 -------- d-----w- C:\Users\eklypze\AppData\Local\{3A88C100-7A8F-4218-A26C-774EB0A4D933}

2012-06-29 14:58:35 -------- d-----w- C:\Users\eklypze\AppData\Local\{6D68A244-C0E2-479C-AA6B-2517234976CD}

2012-06-25 09:51:26 86016 ----a-w- C:\Windows\unvise32.exe

2012-06-25 09:51:23 -------- d-----w- C:\Program Files (x86)\New Khmer Dictionary

2012-06-23 11:01:05 -------- d-----w- C:\Users\eklypze\AppData\Local\Macromedia

2012-06-23 08:23:34 -------- d-----w- C:\Users\eklypze\AppData\Local\{6C13AC6D-1B49-4A1F-AF28-2FD0A380093F}

2012-06-23 08:23:15 -------- d-----w- C:\Users\eklypze\AppData\Local\{642F1873-878E-4711-B1BB-CC9441E7F755}

2012-06-23 08:02:07 -------- d-----w- C:\Users\eklypze\AppData\Roaming\Registry Mechanic

2012-06-23 07:52:06 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx

2012-06-23 07:52:06 512472 ----a-w- C:\Windows\SysWow64\msxml.dll

2012-06-23 07:52:06 40408 ----a-w- C:\Windows\System32\CleanMFT64.exe

2012-06-23 07:52:06 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx

2012-06-23 07:52:06 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx

2012-06-23 07:52:05 658432 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2012-06-23 07:52:00 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-06-23 07:51:58 -------- d-----w- C:\Program Files (x86)\PC Tools Registry Mechanic

2012-06-23 07:39:08 -------- d-----w- C:\Program Files\CCleaner

2012-06-22 08:41:16 4141056 ----a-w- C:\Windows\eyeQ Screen Saver.scr

2012-06-22 08:41:06 -------- d-----w- C:\Program Files (x86)\Infinite Mind LC

2012-06-21 22:51:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 22:50:51 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 22:50:24 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 22:50:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-19 04:06:21 -------- d-----w- C:\Windows\AutoKMS

2012-06-19 04:06:03 151552 ----a-w- C:\Windows\KMSEmulator.exe

2012-06-14 07:00:59 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-14 03:39:38 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-14 02:28:04 -------- d-----w- C:\Users\eklypze\AppData\Roaming\Malwarebytes

2012-06-14 02:27:57 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-14 02:27:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-14 02:27:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-13 20:49:20 -------- d-----w- C:\Users\eklypze\AppData\Local\{2014224D-D963-4DC4-9435-112A4E1720B5}

2012-06-13 20:49:08 -------- d-----w- C:\Users\eklypze\AppData\Local\{38DD09DC-A00C-491F-ADC7-261C3405513C}

2012-06-13 08:48:42 -------- d-----w- C:\Users\eklypze\AppData\Local\{2DBCB872-BF1D-4894-A2F6-D8665879B078}

2012-06-13 08:48:20 -------- d-----w- C:\Users\eklypze\AppData\Local\{761FBD4C-59DE-4587-BA30-E2C0ED61FD50}

2012-06-12 20:47:52 -------- d-----w- C:\Users\eklypze\AppData\Local\{46B2AD01-EC22-474E-A95A-8CE3D9341EA7}

2012-06-12 20:47:26 -------- d-----w- C:\Users\eklypze\AppData\Local\{EB1DD11C-D6F0-4578-B792-A3C87EB9DFB7}

2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-11 11:07:02 -------- d-----w- C:\Users\eklypze\AppData\Local\{40E8C195-0C46-4FF7-AE3E-1B61562374E6}

2012-06-11 11:06:39 -------- d-----w- C:\Users\eklypze\AppData\Local\{F5B36A44-0C95-4E1B-849D-32EB5974C22E}

2012-06-10 21:39:41 -------- d-----w- C:\Users\eklypze\AppData\Local\{B1075305-E4A3-47D6-94C3-A76AD090FB26}

2012-06-10 21:39:14 -------- d-----w- C:\Users\eklypze\AppData\Local\{06963192-B7C9-41E9-BB9D-8C78BE5A1594}

2012-06-10 08:57:43 -------- d-----w- C:\Users\eklypze\AppData\Local\{3CBC207D-9566-43A5-9140-6CFA66B68E2C}

2012-06-10 08:57:21 -------- d-----w- C:\Users\eklypze\AppData\Local\{ADADB028-B250-4168-A4F2-0CA063FA6950}

.

==================== Find3M ====================

.

2012-06-23 10:20:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 10:20:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 18:09:07.36 ===============

=========================================

Hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:13:18 PM, on 7/9/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\DFX\DFX.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

C:\Program Files (x86)\AIMP3\AIMP3.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: DFX.lnk = C:\Program Files (x86)\DFX\DFX.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.53\bin\mysqld.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9087 bytes

=====================================================

Catchme

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

=====================================================

MBR

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601

device: opened successfully

user: error reading MBR

error: Read The handle is invalid.

kernel: error reading MBR

================================================

Combofix

ComboFix 12-07-08.02 - eklypze 07/09/2012 18:20:33.1.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.1814 [GMT -4:00]

Running from: c:\users\eklypze\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\eklypze\AppData\Local\assembly\tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))

.

.

2072-04-03 18:13 . 2008-03-21 19:46 607296 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll

2012-07-09 22:31 . 2012-07-09 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-09 21:51 . 2012-07-09 21:51 -------- d-----w- c:\programdata\Sophos

2012-07-08 05:15 . 2012-07-08 05:15 -------- d-----w- c:\program files (x86)\psx emulation cheater

2012-07-05 02:43 . 2012-07-08 01:07 -------- d-----w- C:\ePSXe

2012-07-03 19:42 . 2012-07-03 19:42 -------- d-----w- c:\users\eklypze\AppData\Local\SKIDROW

2012-07-03 18:17 . 2012-07-03 18:17 -------- d-----w- c:\program files (x86)\Wizards of the Coast LLC

2012-07-02 23:19 . 2012-07-02 23:19 388096 ----a-r- c:\users\eklypze\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-02 23:19 . 2012-07-02 23:19 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-02 23:02 . 2012-07-02 23:02 -------- d-----w- c:\program files (x86)\AMD APP

2012-07-02 22:36 . 2012-07-02 22:36 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-06-30 09:56 . 2012-06-30 09:56 -------- d---a-w- C:\.Trash-1000

2012-06-25 09:51 . 1999-12-17 14:13 86016 ----a-w- c:\windows\unvise32.exe

2012-06-25 09:51 . 2012-06-25 09:51 -------- d-----w- c:\program files (x86)\New Khmer Dictionary

2012-06-23 11:01 . 2012-06-23 11:01 -------- d-----w- c:\users\eklypze\AppData\Local\Macromedia

2012-06-23 08:02 . 2012-06-23 08:11 -------- d-----w- c:\users\eklypze\AppData\Roaming\Registry Mechanic

2012-06-23 07:52 . 2011-10-25 17:44 512472 ----a-w- c:\windows\SysWow64\msxml.dll

2012-06-23 07:52 . 2011-10-25 17:44 40408 ----a-w- c:\windows\system32\CleanMFT64.exe

2012-06-23 07:52 . 2008-04-02 20:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx

2012-06-23 07:52 . 2008-04-02 20:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx

2012-06-23 07:52 . 2008-04-02 20:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx

2012-06-23 07:52 . 2008-09-18 02:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX

2012-06-23 07:52 . 2012-06-23 07:52 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-06-23 07:51 . 2012-06-23 08:11 -------- d-----w- c:\program files (x86)\PC Tools Registry Mechanic

2012-06-23 07:39 . 2012-06-23 07:40 -------- d-----w- c:\program files\CCleaner

2012-06-22 08:41 . 2002-02-20 18:22 4141056 ----a-w- c:\windows\eyeQ Screen Saver.scr

2012-06-22 08:41 . 2012-06-22 08:41 -------- d-----w- c:\program files (x86)\Infinite Mind LC

2012-06-21 22:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 22:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 22:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 22:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 22:50 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 22:50 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 22:50 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 22:50 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 22:50 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-19 04:06 . 2012-06-19 08:40 -------- d-----w- c:\windows\AutoKMS

2012-06-19 04:06 . 2012-07-09 22:33 151552 ----a-w- c:\windows\KMSEmulator.exe

2012-06-14 07:00 . 2012-05-18 01:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-14 03:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 02:28 . 2012-06-14 02:28 -------- d-----w- c:\users\eklypze\AppData\Roaming\Malwarebytes

2012-06-14 02:27 . 2012-06-14 02:27 -------- d-----w- c:\programdata\Malwarebytes

2012-06-14 02:27 . 2012-06-14 02:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-14 02:27 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 10:20 . 2012-04-07 16:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 10:20 . 2011-06-03 05:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-31 04:04 . 2012-07-06 17:06 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CACF47A0-F368-4AED-8B74-EC77111331F4}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-14 880496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-06 251392]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

DFX.lnk - c:\program files (x86)\DFX\DFX.exe [2012-1-5 1055656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-04-18 13352]

R3 Grand;SafeNet GrandDog USB Driver;c:\windows\system32\DRIVERS\GrandUsb.sys [2012-03-17 76968]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2010-06-23 189952]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech Webcam 600(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-21 1255736]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 HOSTNT;HOSTNT;c:\windows\system32\drivers\hostnt.sys [2012-03-17 13864]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-10-25 793048]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]

S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-20 12032]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-23 270912]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 10:20]

.

2012-07-09 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-06-19 04:06]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 04:19]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 04:19]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 64.71.255.198

FF - ProfilePath - c:\users\eklypze\AppData\Roaming\Mozilla\Firefox\Profiles\dphu13kg.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.digg.com

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-890855550-491439906-2208292099-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):56,46,49,a0,13,2e,95,a6,15,ac,c9,dd,54,4a,d7,27,7c,f4,2a,a2,df,

73,4f,5d,4b,0b,4b,9f,64,70,4c,cf,fa,ee,a0,73,53,6e,2b,96,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-890855550-491439906-2208292099-1001_Classes\Wow6432Node\CLSID\{7f595465-0110-49ce-9d63-d0e8bb95ed7c}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000067

"Therad"=dword:0000001c

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

c:\program files (x86)\Razer\DeathAdder\razertra.exe

c:\program files (x86)\Razer\DeathAdder\razerofa.exe

.

**************************************************************************

.

Completion time: 2012-07-09 18:41:13 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-09 22:41

.

Pre-Run: 39,698,935,808 bytes free

Post-Run: 39,860,686,848 bytes free

.

- - End Of File - - 3B945E916B9DD3DAA24C44B5260B39B6

Thanks in advance.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites
eklypze77

eklypze77

Posted
  • Author
Posted

Thank you for your prompt reply. I have attached the information you have requested below.

Malwarebytes Anti-Malware Log

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.10.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

eklypze :: EKLYPZE-PC [administrator]

Protection: Disabled

7/9/2012 10:35:53 PM

mbam-log-2012-07-09 (22-35-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 263882

Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by eklypze at 22:41:12 on 2012-07-09

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2181 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\AIMP3\AIMP3.exe

C:\Program Files (x86)\DFX\DFX.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DFX.lnk - C:\Program Files (x86)\DFX\DFX.exe

uPolicies-explorer: NoInstrumentation = 1

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 64.71.255.198

TCP: Interfaces\{0EDCCCD1-230B-4DA4-A86C-51E1B66A202B} : DhcpNameServer = 192.168.42.129

TCP: Interfaces\{3DAF2287-36E2-412F-9495-3280E96BF2E9} : DhcpNameServer = 64.71.255.198

TCP: Interfaces\{9091A477-5E59-4F3B-861D-D5A5BD816DFB} : DhcpNameServer = 64.71.255.198

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO-X64: IDM Helper - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\eklypze\AppData\Roaming\Mozilla\Firefox\Profiles\dphu13kg.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.digg.com

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-25 44768]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 HOSTNT;HOSTNT;\??\C:\Windows\system32\drivers\hostnt.sys --> C:\Windows\system32\drivers\hostnt.sys [?]

R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-13 654408]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-6-23 793048]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 250056]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]

S3 Grand;SafeNet GrandDog USB Driver;C:\Windows\system32\DRIVERS\GrandUsb.sys --> C:\Windows\system32\DRIVERS\GrandUsb.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\system32\DRIVERS\hcwhdpvr.sys --> C:\Windows\system32\DRIVERS\hcwhdpvr.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam 600(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-4-11 155344]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2072-04-03 18:13:14 607296 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll

2012-07-09 22:34:00 -------- d-----w- C:\$RECYCLE.BIN

2012-07-09 22:17:36 208896 ----a-w- C:\Windows\MBR.exe

2012-07-09 22:17:35 98816 ----a-w- C:\Windows\sed.exe

2012-07-09 22:17:35 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-09 22:17:35 256000 ----a-w- C:\Windows\PEV.exe

2012-07-09 21:51:01 -------- d-----w- C:\ProgramData\Sophos

2012-07-09 19:21:38 -------- d-----w- C:\Users\eklypze\AppData\Local\{B4EAC9C0-519C-4924-B1F0-2BC578FE0BEC}

2012-07-09 19:21:19 -------- d-----w- C:\Users\eklypze\AppData\Local\{08E67D78-D0B3-4758-A0F1-9BA40B4A52D6}

2012-07-09 05:08:01 -------- d-----w- C:\Users\eklypze\AppData\Local\{C0C50388-A6C5-4E7F-BB44-BCBB94F218C6}

2012-07-09 05:07:48 -------- d-----w- C:\Users\eklypze\AppData\Local\{D5D0911E-507C-44D9-9B96-401C5F9668D1}

2012-07-08 05:15:43 -------- d-----w- C:\Program Files (x86)\psx emulation cheater

2012-07-06 17:06:14 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CACF47A0-F368-4AED-8B74-EC77111331F4}\mpengine.dll

2012-07-05 02:43:17 -------- d-----w- C:\ePSXe

2012-07-04 19:50:49 -------- d-----w- C:\Users\eklypze\AppData\Local\{27BC4F2D-6A70-4972-B278-0192C6412C57}

2012-07-04 19:50:26 -------- d-----w- C:\Users\eklypze\AppData\Local\{57B7337A-B6AC-4C24-94DB-D14226378D3E}

2012-07-04 12:17:58 -------- d-----w- C:\Users\eklypze\AppData\Local\{4315E75F-DEA1-4009-90A2-F60E2D28F5F6}

2012-07-03 19:42:03 -------- d-----w- C:\Users\eklypze\AppData\Local\SKIDROW

2012-07-03 18:17:25 -------- d-----w- C:\Program Files (x86)\Wizards of the Coast LLC

2012-07-03 14:46:06 -------- d-----w- C:\Users\eklypze\AppData\Local\{2AC5985C-63AB-4A5C-AB06-FD8E3078D916}

2012-07-03 14:45:37 -------- d-----w- C:\Users\eklypze\AppData\Local\{E883100D-6BDC-478F-9646-9C23F2F467F1}

2012-07-02 23:19:28 388096 ----a-r- C:\Users\eklypze\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-02 23:19:28 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-02 23:02:16 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-02 22:36:33 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-07-02 22:36:27 -------- d-----w- C:\Users\eklypze\AppData\Local\{CFE31036-FFBD-428D-A319-39B5CDB7DD43}

2012-07-02 22:36:05 -------- d-----w- C:\Users\eklypze\AppData\Local\{300EE4F7-6F56-4CFB-B57B-EB32BC57B17F}

2012-06-30 09:56:00 -------- d---a-w- C:\.Trash-1000

2012-06-30 05:36:37 -------- d-----w- C:\Users\eklypze\AppData\Local\{70950305-7D6C-47A9-A534-A33CFBC955A7}

2012-06-30 05:36:18 -------- d-----w- C:\Users\eklypze\AppData\Local\{D0555DD9-44AB-46BA-9A51-05218F907C05}

2012-06-29 14:58:50 -------- d-----w- C:\Users\eklypze\AppData\Local\{3A88C100-7A8F-4218-A26C-774EB0A4D933}

2012-06-29 14:58:35 -------- d-----w- C:\Users\eklypze\AppData\Local\{6D68A244-C0E2-479C-AA6B-2517234976CD}

2012-06-25 09:51:26 86016 ----a-w- C:\Windows\unvise32.exe

2012-06-25 09:51:23 -------- d-----w- C:\Program Files (x86)\New Khmer Dictionary

2012-06-23 11:01:05 -------- d-----w- C:\Users\eklypze\AppData\Local\Macromedia

2012-06-23 08:23:34 -------- d-----w- C:\Users\eklypze\AppData\Local\{6C13AC6D-1B49-4A1F-AF28-2FD0A380093F}

2012-06-23 08:23:15 -------- d-----w- C:\Users\eklypze\AppData\Local\{642F1873-878E-4711-B1BB-CC9441E7F755}

2012-06-23 08:02:07 -------- d-----w- C:\Users\eklypze\AppData\Roaming\Registry Mechanic

2012-06-23 07:52:06 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx

2012-06-23 07:52:06 512472 ----a-w- C:\Windows\SysWow64\msxml.dll

2012-06-23 07:52:06 40408 ----a-w- C:\Windows\System32\CleanMFT64.exe

2012-06-23 07:52:06 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx

2012-06-23 07:52:06 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx

2012-06-23 07:52:05 658432 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2012-06-23 07:52:00 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-06-23 07:51:58 -------- d-----w- C:\Program Files (x86)\PC Tools Registry Mechanic

2012-06-23 07:39:08 -------- d-----w- C:\Program Files\CCleaner

2012-06-22 08:41:16 4141056 ----a-w- C:\Windows\eyeQ Screen Saver.scr

2012-06-22 08:41:06 -------- d-----w- C:\Program Files (x86)\Infinite Mind LC

2012-06-21 22:51:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 22:50:51 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 22:50:24 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 22:50:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-19 04:06:21 -------- d-----w- C:\Windows\AutoKMS

2012-06-19 04:06:03 151552 ----a-w- C:\Windows\KMSEmulator.exe

2012-06-14 07:00:59 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-14 03:39:38 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-14 02:28:04 -------- d-----w- C:\Users\eklypze\AppData\Roaming\Malwarebytes

2012-06-14 02:27:57 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-14 02:27:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-14 02:27:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-13 20:49:20 -------- d-----w- C:\Users\eklypze\AppData\Local\{2014224D-D963-4DC4-9435-112A4E1720B5}

2012-06-13 20:49:08 -------- d-----w- C:\Users\eklypze\AppData\Local\{38DD09DC-A00C-491F-ADC7-261C3405513C}

2012-06-13 08:48:42 -------- d-----w- C:\Users\eklypze\AppData\Local\{2DBCB872-BF1D-4894-A2F6-D8665879B078}

2012-06-13 08:48:20 -------- d-----w- C:\Users\eklypze\AppData\Local\{761FBD4C-59DE-4587-BA30-E2C0ED61FD50}

2012-06-12 20:47:52 -------- d-----w- C:\Users\eklypze\AppData\Local\{46B2AD01-EC22-474E-A95A-8CE3D9341EA7}

2012-06-12 20:47:26 -------- d-----w- C:\Users\eklypze\AppData\Local\{EB1DD11C-D6F0-4578-B792-A3C87EB9DFB7}

2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-11 11:07:02 -------- d-----w- C:\Users\eklypze\AppData\Local\{40E8C195-0C46-4FF7-AE3E-1B61562374E6}

2012-06-11 11:06:39 -------- d-----w- C:\Users\eklypze\AppData\Local\{F5B36A44-0C95-4E1B-849D-32EB5974C22E}

2012-06-10 21:39:41 -------- d-----w- C:\Users\eklypze\AppData\Local\{B1075305-E4A3-47D6-94C3-A76AD090FB26}

2012-06-10 21:39:14 -------- d-----w- C:\Users\eklypze\AppData\Local\{06963192-B7C9-41E9-BB9D-8C78BE5A1594}

2012-06-10 08:57:43 -------- d-----w- C:\Users\eklypze\AppData\Local\{3CBC207D-9566-43A5-9140-6CFA66B68E2C}

2012-06-10 08:57:21 -------- d-----w- C:\Users\eklypze\AppData\Local\{ADADB028-B250-4168-A4F2-0CA063FA6950}

.

==================== Find3M ====================

.

2012-06-23 10:20:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 10:20:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 22:45:10.30 ===============

Link to post
Share on other sites
eklypze77

eklypze77

Posted
  • Author
Posted

Combofix.txt

ComboFix 12-07-10.01 - eklypze 07/10/2012 15:56:39.3.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2589 [GMT -4:00]

Running from: c:\users\eklypze\Downloads\[ 1RK REMOVAL ]\Combofix\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))

.

.

2072-04-03 18:13 . 2008-03-21 19:46 607296 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll

2012-07-10 20:06 . 2012-07-10 20:06 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp

2012-07-10 20:06 . 2012-07-10 20:06 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-07-10 20:06 . 2012-07-10 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-10 20:06 . 2012-07-10 20:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-07-09 21:51 . 2012-07-09 21:51 -------- d-----w- c:\programdata\Sophos

2012-07-08 05:15 . 2012-07-08 05:15 -------- d-----w- c:\program files (x86)\psx emulation cheater

2012-07-05 02:43 . 2012-07-08 01:07 -------- d-----w- C:\ePSXe

2012-07-03 19:42 . 2012-07-03 19:42 -------- d-----w- c:\users\eklypze\AppData\Local\SKIDROW

2012-07-03 18:17 . 2012-07-03 18:17 -------- d-----w- c:\program files (x86)\Wizards of the Coast LLC

2012-07-02 23:19 . 2012-07-02 23:19 388096 ----a-r- c:\users\eklypze\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-02 23:19 . 2012-07-02 23:19 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-02 23:02 . 2012-07-02 23:02 -------- d-----w- c:\program files (x86)\AMD APP

2012-07-02 22:36 . 2012-07-02 22:36 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-06-30 09:56 . 2012-06-30 09:56 -------- d---a-w- C:\.Trash-1000

2012-06-25 09:51 . 1999-12-17 14:13 86016 ----a-w- c:\windows\unvise32.exe

2012-06-25 09:51 . 2012-06-25 09:51 -------- d-----w- c:\program files (x86)\New Khmer Dictionary

2012-06-23 11:01 . 2012-06-23 11:01 -------- d-----w- c:\users\eklypze\AppData\Local\Macromedia

2012-06-23 08:02 . 2012-06-23 08:11 -------- d-----w- c:\users\eklypze\AppData\Roaming\Registry Mechanic

2012-06-23 07:52 . 2011-10-25 17:44 512472 ----a-w- c:\windows\SysWow64\msxml.dll

2012-06-23 07:52 . 2011-10-25 17:44 40408 ----a-w- c:\windows\system32\CleanMFT64.exe

2012-06-23 07:52 . 2008-04-02 20:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx

2012-06-23 07:52 . 2008-04-02 20:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx

2012-06-23 07:52 . 2008-04-02 20:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx

2012-06-23 07:52 . 2008-09-18 02:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX

2012-06-23 07:52 . 2012-06-23 07:52 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-06-23 07:51 . 2012-06-23 08:11 -------- d-----w- c:\program files (x86)\PC Tools Registry Mechanic

2012-06-23 07:39 . 2012-06-23 07:40 -------- d-----w- c:\program files\CCleaner

2012-06-22 08:41 . 2002-02-20 18:22 4141056 ----a-w- c:\windows\eyeQ Screen Saver.scr

2012-06-22 08:41 . 2012-06-22 08:41 -------- d-----w- c:\program files (x86)\Infinite Mind LC

2012-06-21 22:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 22:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 22:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 22:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 22:50 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 22:50 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 22:50 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 22:50 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 22:50 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-19 04:06 . 2012-06-19 08:40 -------- d-----w- c:\windows\AutoKMS

2012-06-19 04:06 . 2012-07-10 20:08 151552 ----a-w- c:\windows\KMSEmulator.exe

2012-06-14 07:00 . 2012-05-18 01:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-14 03:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 02:28 . 2012-06-14 02:28 -------- d-----w- c:\users\eklypze\AppData\Roaming\Malwarebytes

2012-06-14 02:27 . 2012-06-14 02:27 -------- d-----w- c:\programdata\Malwarebytes

2012-06-14 02:27 . 2012-06-14 02:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-14 02:27 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 10:20 . 2012-04-07 16:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 10:20 . 2011-06-03 05:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-31 04:04 . 2012-07-06 17:06 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CACF47A0-F368-4AED-8B74-EC77111331F4}\mpengine.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-09_22.34.08 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-07-09 22:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-10 20:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-09 22:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-10 20:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-09 22:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-10 20:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-21 03:55 . 2012-07-10 20:09 52748 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-10 20:09 41938 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-21 02:52 . 2012-07-10 20:09 17360 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-890855550-491439906-2208292099-1001_UserData.bin

- 2012-07-09 22:33 . 2012-07-09 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-10 20:07 . 2012-07-10 20:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-10 20:07 . 2012-07-10 20:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-09 22:33 . 2012-07-09 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-07-09 22:31 495608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-10 20:06 495608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-02-21 09:25 . 2012-07-10 20:06 2894680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-02-21 09:25 . 2012-07-09 22:31 2894680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-02-21 09:25 . 2012-07-10 19:36 39584852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-890855550-491439906-2208292099-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-14 880496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-06 251392]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

DFX.lnk - c:\program files (x86)\DFX\DFX.exe [2012-1-5 1055656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-04-18 13352]

R3 Grand;SafeNet GrandDog USB Driver;c:\windows\system32\DRIVERS\GrandUsb.sys [2012-03-17 76968]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2010-06-23 189952]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech Webcam 600(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-21 1255736]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 HOSTNT;HOSTNT;c:\windows\system32\drivers\hostnt.sys [2012-03-17 13864]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-10-25 793048]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]

S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-20 12032]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-23 270912]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 10:20]

.

2012-07-10 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-06-19 04:06]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 04:19]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 04:19]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 64.71.255.198

FF - ProfilePath - c:\users\eklypze\AppData\Roaming\Mozilla\Firefox\Profiles\dphu13kg.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.digg.com

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-890855550-491439906-2208292099-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):56,46,49,a0,13,2e,95,a6,15,ac,c9,dd,54,4a,d7,27,7c,f4,2a,a2,df,

73,4f,5d,4b,0b,4b,9f,64,70,4c,cf,fa,ee,a0,73,53,6e,2b,96,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-890855550-491439906-2208292099-1001_Classes\Wow6432Node\CLSID\{7f595465-0110-49ce-9d63-d0e8bb95ed7c}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000067

"Therad"=dword:0000001c

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

c:\program files (x86)\Razer\DeathAdder\razertra.exe

c:\program files (x86)\Razer\DeathAdder\razerofa.exe

.

**************************************************************************

.

Completion time: 2012-07-10 16:17:40 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-10 20:17

ComboFix2.txt 2012-07-09 22:41

.

Pre-Run: 38,662,471,680 bytes free

Post-Run: 38,645,923,840 bytes free

.

- - End Of File - - 30ACF336C57436FF7AA29B2DA55010BB

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by eklypze at 16:26:28 on 2012-07-10

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2681 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\DFX\DFX.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DFX.lnk - C:\Program Files (x86)\DFX\DFX.exe

uPolicies-explorer: NoInstrumentation = 1

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 64.71.255.198

TCP: Interfaces\{0EDCCCD1-230B-4DA4-A86C-51E1B66A202B} : DhcpNameServer = 192.168.42.129

TCP: Interfaces\{3DAF2287-36E2-412F-9495-3280E96BF2E9} : DhcpNameServer = 64.71.255.198

TCP: Interfaces\{9091A477-5E59-4F3B-861D-D5A5BD816DFB} : DhcpNameServer = 64.71.255.198

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO-X64: IDM Helper - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\eklypze\AppData\Roaming\Mozilla\Firefox\Profiles\dphu13kg.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.digg.com

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-25 44768]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 HOSTNT;HOSTNT;\??\C:\Windows\system32\drivers\hostnt.sys --> C:\Windows\system32\drivers\hostnt.sys [?]

R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-13 654408]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-6-23 793048]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 250056]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]

S3 Grand;SafeNet GrandDog USB Driver;C:\Windows\system32\DRIVERS\GrandUsb.sys --> C:\Windows\system32\DRIVERS\GrandUsb.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\system32\DRIVERS\hcwhdpvr.sys --> C:\Windows\system32\DRIVERS\hcwhdpvr.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam 600(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-4-11 155344]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2072-04-03 18:13:14 607296 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll

2012-07-09 22:17:36 208896 ----a-w- C:\Windows\MBR.exe

2012-07-09 22:17:35 98816 ----a-w- C:\Windows\sed.exe

2012-07-09 22:17:35 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-09 22:17:35 256000 ----a-w- C:\Windows\PEV.exe

2012-07-09 21:51:01 -------- d-----w- C:\ProgramData\Sophos

2012-07-09 19:21:38 -------- d-----w- C:\Users\eklypze\AppData\Local\{B4EAC9C0-519C-4924-B1F0-2BC578FE0BEC}

2012-07-09 19:21:19 -------- d-----w- C:\Users\eklypze\AppData\Local\{08E67D78-D0B3-4758-A0F1-9BA40B4A52D6}

2012-07-09 05:08:01 -------- d-----w- C:\Users\eklypze\AppData\Local\{C0C50388-A6C5-4E7F-BB44-BCBB94F218C6}

2012-07-09 05:07:48 -------- d-----w- C:\Users\eklypze\AppData\Local\{D5D0911E-507C-44D9-9B96-401C5F9668D1}

2012-07-08 05:15:43 -------- d-----w- C:\Program Files (x86)\psx emulation cheater

2012-07-06 17:06:14 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CACF47A0-F368-4AED-8B74-EC77111331F4}\mpengine.dll

2012-07-05 02:43:17 -------- d-----w- C:\ePSXe

2012-07-04 19:50:49 -------- d-----w- C:\Users\eklypze\AppData\Local\{27BC4F2D-6A70-4972-B278-0192C6412C57}

2012-07-04 19:50:26 -------- d-----w- C:\Users\eklypze\AppData\Local\{57B7337A-B6AC-4C24-94DB-D14226378D3E}

2012-07-04 12:17:58 -------- d-----w- C:\Users\eklypze\AppData\Local\{4315E75F-DEA1-4009-90A2-F60E2D28F5F6}

2012-07-03 19:42:03 -------- d-----w- C:\Users\eklypze\AppData\Local\SKIDROW

2012-07-03 18:17:25 -------- d-----w- C:\Program Files (x86)\Wizards of the Coast LLC

2012-07-03 14:46:06 -------- d-----w- C:\Users\eklypze\AppData\Local\{2AC5985C-63AB-4A5C-AB06-FD8E3078D916}

2012-07-03 14:45:37 -------- d-----w- C:\Users\eklypze\AppData\Local\{E883100D-6BDC-478F-9646-9C23F2F467F1}

2012-07-02 23:19:28 388096 ----a-r- C:\Users\eklypze\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-02 23:19:28 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-02 23:02:16 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-02 22:36:33 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-07-02 22:36:27 -------- d-----w- C:\Users\eklypze\AppData\Local\{CFE31036-FFBD-428D-A319-39B5CDB7DD43}

2012-07-02 22:36:05 -------- d-----w- C:\Users\eklypze\AppData\Local\{300EE4F7-6F56-4CFB-B57B-EB32BC57B17F}

2012-06-30 09:56:00 -------- d---a-w- C:\.Trash-1000

2012-06-30 05:36:37 -------- d-----w- C:\Users\eklypze\AppData\Local\{70950305-7D6C-47A9-A534-A33CFBC955A7}

2012-06-30 05:36:18 -------- d-----w- C:\Users\eklypze\AppData\Local\{D0555DD9-44AB-46BA-9A51-05218F907C05}

2012-06-29 14:58:50 -------- d-----w- C:\Users\eklypze\AppData\Local\{3A88C100-7A8F-4218-A26C-774EB0A4D933}

2012-06-29 14:58:35 -------- d-----w- C:\Users\eklypze\AppData\Local\{6D68A244-C0E2-479C-AA6B-2517234976CD}

2012-06-25 09:51:26 86016 ----a-w- C:\Windows\unvise32.exe

2012-06-25 09:51:23 -------- d-----w- C:\Program Files (x86)\New Khmer Dictionary

2012-06-23 11:01:05 -------- d-----w- C:\Users\eklypze\AppData\Local\Macromedia

2012-06-23 08:23:34 -------- d-----w- C:\Users\eklypze\AppData\Local\{6C13AC6D-1B49-4A1F-AF28-2FD0A380093F}

2012-06-23 08:23:15 -------- d-----w- C:\Users\eklypze\AppData\Local\{642F1873-878E-4711-B1BB-CC9441E7F755}

2012-06-23 08:02:07 -------- d-----w- C:\Users\eklypze\AppData\Roaming\Registry Mechanic

2012-06-23 07:52:06 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx

2012-06-23 07:52:06 512472 ----a-w- C:\Windows\SysWow64\msxml.dll

2012-06-23 07:52:06 40408 ----a-w- C:\Windows\System32\CleanMFT64.exe

2012-06-23 07:52:06 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx

2012-06-23 07:52:06 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx

2012-06-23 07:52:05 658432 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2012-06-23 07:52:00 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-06-23 07:51:58 -------- d-----w- C:\Program Files (x86)\PC Tools Registry Mechanic

2012-06-23 07:39:08 -------- d-----w- C:\Program Files\CCleaner

2012-06-22 08:41:16 4141056 ----a-w- C:\Windows\eyeQ Screen Saver.scr

2012-06-22 08:41:06 -------- d-----w- C:\Program Files (x86)\Infinite Mind LC

2012-06-21 22:51:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 22:50:51 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 22:50:24 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 22:50:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-19 04:06:21 -------- d-----w- C:\Windows\AutoKMS

2012-06-19 04:06:03 151552 ----a-w- C:\Windows\KMSEmulator.exe

2012-06-14 07:00:59 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-14 03:39:38 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-14 02:28:04 -------- d-----w- C:\Users\eklypze\AppData\Roaming\Malwarebytes

2012-06-14 02:27:57 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-14 02:27:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-14 02:27:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-13 20:49:20 -------- d-----w- C:\Users\eklypze\AppData\Local\{2014224D-D963-4DC4-9435-112A4E1720B5}

2012-06-13 20:49:08 -------- d-----w- C:\Users\eklypze\AppData\Local\{38DD09DC-A00C-491F-ADC7-261C3405513C}

2012-06-13 08:48:42 -------- d-----w- C:\Users\eklypze\AppData\Local\{2DBCB872-BF1D-4894-A2F6-D8665879B078}

2012-06-13 08:48:20 -------- d-----w- C:\Users\eklypze\AppData\Local\{761FBD4C-59DE-4587-BA30-E2C0ED61FD50}

2012-06-12 20:47:52 -------- d-----w- C:\Users\eklypze\AppData\Local\{46B2AD01-EC22-474E-A95A-8CE3D9341EA7}

2012-06-12 20:47:26 -------- d-----w- C:\Users\eklypze\AppData\Local\{EB1DD11C-D6F0-4578-B792-A3C87EB9DFB7}

2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-11 11:07:02 -------- d-----w- C:\Users\eklypze\AppData\Local\{40E8C195-0C46-4FF7-AE3E-1B61562374E6}

2012-06-11 11:06:39 -------- d-----w- C:\Users\eklypze\AppData\Local\{F5B36A44-0C95-4E1B-849D-32EB5974C22E}

2012-06-10 21:39:41 -------- d-----w- C:\Users\eklypze\AppData\Local\{B1075305-E4A3-47D6-94C3-A76AD090FB26}

2012-06-10 21:39:14 -------- d-----w- C:\Users\eklypze\AppData\Local\{06963192-B7C9-41E9-BB9D-8C78BE5A1594}

.

==================== Find3M ====================

.

2012-06-23 10:20:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 10:20:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 16:29:05.05 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi,

Please see:

Forum Piracy Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you&#39;re using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It&#39;s likely why your issue began in the first place.</pre>

Link to post
Share on other sites
eklypze77

eklypze77

Posted
  • Author
Posted

Read and understood. However, being that the computer I am using is shared, it is difficult for me to identify exactly what it is that is that I should be removing that would allow me an opportunity to receive assistance with the critical condition of my computer system now.

At this point, could you please guide me the right direction or am I better off reformatting my system?

Thanks.

Link to post
Share on other sites
eklypze77

eklypze77

Posted
  • Author
Posted

Hi, sorry for the late reply. I am still here. I have removed uTorrent as you've requested, as a result I have posted my new DDS log below.

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by eklypze at 19:39:51 on 2012-07-20

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2541 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files (x86)\DFX\DFX.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\AIMP3\AIMP3.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DFX.lnk - C:\Program Files (x86)\DFX\DFX.exe

uPolicies-explorer: NoInstrumentation = 1

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 64.71.255.198

TCP: Interfaces\{0EDCCCD1-230B-4DA4-A86C-51E1B66A202B} : DhcpNameServer = 192.168.42.129

TCP: Interfaces\{8136BC26-B61C-48B2-9A69-7F29B4E22F97} : DhcpNameServer = 64.71.255.198

TCP: Interfaces\{9091A477-5E59-4F3B-861D-D5A5BD816DFB} : DhcpNameServer = 64.71.255.198

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO-X64: IDM Helper - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\eklypze\AppData\Roaming\Mozilla\Firefox\Profiles\dphu13kg.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.digg.com

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-25 44768]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 HOSTNT;HOSTNT;\??\C:\Windows\system32\drivers\hostnt.sys --> C:\Windows\system32\drivers\hostnt.sys [?]

R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-13 654408]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-6-23 793048]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 250056]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]

S3 Grand;SafeNet GrandDog USB Driver;C:\Windows\system32\DRIVERS\GrandUsb.sys --> C:\Windows\system32\DRIVERS\GrandUsb.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-30 136176]

S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\system32\DRIVERS\hcwhdpvr.sys --> C:\Windows\system32\DRIVERS\hcwhdpvr.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam 600(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-4-11 155344]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2072-04-03 18:13:14 607296 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll

2012-07-20 19:23:35 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C0B8E05-0BC7-4BD3-9269-C4B55867D4BC}\mpengine.dll

2012-07-12 21:24:57 -------- d-----w- C:\Users\eklypze\AppData\Local\Research In Motion

2012-07-12 21:24:56 -------- d-----w- C:\Users\eklypze\AppData\Roaming\Research In Motion

2012-07-12 21:06:03 -------- d-----w- C:\ProgramData\Research In Motion

2012-07-12 20:17:39 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM

2012-07-11 07:05:13 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 05:52:13 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 05:52:13 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 05:52:12 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 05:52:11 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-11 05:52:11 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-11 05:52:11 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-11 05:52:02 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-07-11 05:52:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-07-11 05:52:01 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-07-11 05:52:01 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-07-11 05:52:00 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-07-11 05:52:00 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-07-11 03:27:31 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-07-10 22:42:46 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-09 22:17:36 208896 ----a-w- C:\Windows\MBR.exe

2012-07-09 22:17:35 98816 ----a-w- C:\Windows\sed.exe

2012-07-09 22:17:35 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-09 22:17:35 256000 ----a-w- C:\Windows\PEV.exe

2012-07-09 21:51:01 -------- d-----w- C:\ProgramData\Sophos

2012-07-09 19:21:38 -------- d-----w- C:\Users\eklypze\AppData\Local\{B4EAC9C0-519C-4924-B1F0-2BC578FE0BEC}

2012-07-09 19:21:19 -------- d-----w- C:\Users\eklypze\AppData\Local\{08E67D78-D0B3-4758-A0F1-9BA40B4A52D6}

2012-07-09 05:08:01 -------- d-----w- C:\Users\eklypze\AppData\Local\{C0C50388-A6C5-4E7F-BB44-BCBB94F218C6}

2012-07-09 05:07:48 -------- d-----w- C:\Users\eklypze\AppData\Local\{D5D0911E-507C-44D9-9B96-401C5F9668D1}

2012-07-08 05:15:43 -------- d-----w- C:\Program Files (x86)\psx emulation cheater

2012-07-05 02:43:17 -------- d-----w- C:\ePSXe

2012-07-04 19:50:49 -------- d-----w- C:\Users\eklypze\AppData\Local\{27BC4F2D-6A70-4972-B278-0192C6412C57}

2012-07-04 19:50:26 -------- d-----w- C:\Users\eklypze\AppData\Local\{57B7337A-B6AC-4C24-94DB-D14226378D3E}

2012-07-04 12:17:58 -------- d-----w- C:\Users\eklypze\AppData\Local\{4315E75F-DEA1-4009-90A2-F60E2D28F5F6}

2012-07-03 19:42:03 -------- d-----w- C:\Users\eklypze\AppData\Local\SKIDROW

2012-07-03 18:17:25 -------- d-----w- C:\Program Files (x86)\Wizards of the Coast LLC

2012-07-03 14:46:06 -------- d-----w- C:\Users\eklypze\AppData\Local\{2AC5985C-63AB-4A5C-AB06-FD8E3078D916}

2012-07-03 14:45:37 -------- d-----w- C:\Users\eklypze\AppData\Local\{E883100D-6BDC-478F-9646-9C23F2F467F1}

2012-07-02 23:19:28 388096 ----a-r- C:\Users\eklypze\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-02 23:19:28 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-02 23:02:16 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-02 22:36:33 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-07-02 22:36:27 -------- d-----w- C:\Users\eklypze\AppData\Local\{CFE31036-FFBD-428D-A319-39B5CDB7DD43}

2012-07-02 22:36:05 -------- d-----w- C:\Users\eklypze\AppData\Local\{300EE4F7-6F56-4CFB-B57B-EB32BC57B17F}

2012-06-30 09:56:00 -------- d---a-w- C:\.Trash-1000

2012-06-30 05:36:37 -------- d-----w- C:\Users\eklypze\AppData\Local\{70950305-7D6C-47A9-A534-A33CFBC955A7}

2012-06-30 05:36:18 -------- d-----w- C:\Users\eklypze\AppData\Local\{D0555DD9-44AB-46BA-9A51-05218F907C05}

2012-06-29 14:58:50 -------- d-----w- C:\Users\eklypze\AppData\Local\{3A88C100-7A8F-4218-A26C-774EB0A4D933}

2012-06-29 14:58:35 -------- d-----w- C:\Users\eklypze\AppData\Local\{6D68A244-C0E2-479C-AA6B-2517234976CD}

2012-06-25 09:51:26 86016 ----a-w- C:\Windows\unvise32.exe

2012-06-25 09:51:23 -------- d-----w- C:\Program Files (x86)\New Khmer Dictionary

2012-06-23 11:01:05 -------- d-----w- C:\Users\eklypze\AppData\Local\Macromedia

2012-06-23 08:23:34 -------- d-----w- C:\Users\eklypze\AppData\Local\{6C13AC6D-1B49-4A1F-AF28-2FD0A380093F}

2012-06-23 08:23:15 -------- d-----w- C:\Users\eklypze\AppData\Local\{642F1873-878E-4711-B1BB-CC9441E7F755}

2012-06-23 08:02:07 -------- d-----w- C:\Users\eklypze\AppData\Roaming\Registry Mechanic

2012-06-23 07:52:06 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx

2012-06-23 07:52:06 512472 ----a-w- C:\Windows\SysWow64\msxml.dll

2012-06-23 07:52:06 40408 ----a-w- C:\Windows\System32\CleanMFT64.exe

2012-06-23 07:52:06 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx

2012-06-23 07:52:06 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx

2012-06-23 07:52:05 658432 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2012-06-23 07:52:00 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-06-23 07:51:58 -------- d-----w- C:\Program Files (x86)\PC Tools Registry Mechanic

2012-06-23 07:39:08 -------- d-----w- C:\Program Files\CCleaner

2012-06-22 08:41:16 4141056 ----a-w- C:\Windows\eyeQ Screen Saver.scr

2012-06-22 08:41:06 -------- d-----w- C:\Program Files (x86)\Infinite Mind LC

2012-06-21 22:51:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 22:50:51 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 22:50:24 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 22:50:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-12 18:20:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 18:20:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 19:44:11.41 ===============

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.