infected - malwarebytes keeps blocking outbound ips

[SnappleDan]

Hello,

I've been having this problem for the last 2-3 days it seems. I ran a few malware scanners but nothing picks anything up. attached is my latest malware bytes log along with the 2 files that are requested.

Attach.txt

DDS.txt

mbam-log-2012-06-18 (11-09-20).txt

[screen317]

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

[SnappleDan]

hello screen317

MBAM log

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.18.06

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Dan :: DAN-PC [administrator]

7/19/2012 9:46:54 PM

mbam-log-2012-07-19 (21-46-54).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 243819

Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

----------------------------------

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1

Run by Dan at 21:59:33 on 2012-07-19

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3999.2543 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe

C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe

C:\Program Files (x86)\Expat Shield\bin\hsswd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Windows\SysWOW64\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

TCP: DhcpNameServer = 20.17.157.15 20.17.157.16

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\16474777966696 : DhcpNameServer = 192.168.5.1

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\5484D27457563747 : DhcpNameServer = 192.168.254.4

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\74C656E677F6F646 : DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\74C656E677F6F6463313 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\7796E67666F6F647 : DhcpNameServer = 148.74.252.7 148.74.252.8

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\E4544574541425 : DhcpNameServer = 10.1.10.1

TCP: Interfaces\{4565F866-6864-4D76-A3DF-92E6C88AE1DF} : DhcpNameServer = 20.17.157.15 20.17.157.16

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\igbv66k0.default\

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2012-1-17 331608]

R2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-1-4 363336]

R2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat --> C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat [?]

R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-3-21 68928]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-5-26 442656]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 hcw10cir;Hauppauge CIR Receiver;C:\Windows\system32\drivers\hcw10cir.sys --> C:\Windows\system32\drivers\hcw10cir.sys [?]

S3 DaShenAudio_simple;DaShen Audio Filter Driver (DaShen Copyright);C:\Windows\system32\drivers\DaShenAudio.sys --> C:\Windows\system32\drivers\DaShenAudio.sys [?]

S3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\EXPATTrayService.exe [2012-1-17 77520]

S3 hcw10bda;Hauppauge Cx2310x WinTV Capture;C:\Windows\system32\drivers\hcw10bda.sys --> C:\Windows\system32\drivers\hcw10bda.sys [?]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]

.

=============== Created Last 30 ================

.

2012-07-20 01:46:48 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF4FCD03-21F7-4A96-9F98-4BFCB9E6B12C}\mpengine.dll

2012-07-20 01:46:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-20 01:46:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-18 13:45:19 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-18 09:51:39 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-17 15:20:10 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-07-17 15:11:59 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-07-17 15:11:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-07-17 15:11:13 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-17 15:11:11 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-16 17:38:01 -------- d-----w- C:\Mountain_of_Ice

2012-07-16 16:59:48 -------- d-----w- C:\Mysterious_Life_of_Caves

2012-07-11 14:47:10 -------- d-----w- C:\Program Files\Synaptics

2012-07-11 14:46:37 -------- d-----w- C:\swsetup

2012-07-10 14:25:15 -------- d-----w- C:\THE_LOTTERY

2012-07-10 13:34:22 -------- d-----w- C:\HOW_TO_DIE_IN_OREGON

2012-07-08 02:55:57 -------- d-----w- C:\Users\Dan\AppData\Local\WBFSManager

2012-07-08 02:54:13 -------- d-----w- C:\Program Files\WBFS

2012-07-03 17:22:37 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{077C8753-F108-4350-A634-621BC64657B2}\gapaengine.dll

2012-07-03 14:24:45 -------- d-----w- C:\Program Files\Handbrake

2012-06-29 13:26:23 -------- d-----w- C:\Users\Dan\AppData\Local\Adobe

2012-06-26 17:37:00 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-06-26 17:37:00 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-06-26 17:37:00 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-06-26 17:36:04 -------- d-----w- C:\Program Files\iPod

2012-06-26 17:36:02 -------- d-----w- C:\Program Files\iTunes

2012-06-26 17:36:02 -------- d-----w- C:\Program Files (x86)\iTunes

2012-06-26 15:54:27 -------- d-sh--w- C:\$RECYCLE.BIN

2012-06-26 12:02:22 -------- d-----w- C:\Users\Dan\AppData\Roaming\QuickScan

2012-06-25 11:46:13 -------- d-----w- C:\Users\Dan\AppData\Local\Macromedia

2012-06-24 20:10:23 -------- d-----w- C:\Program Files (x86)\ESET

2012-06-22 19:50:25 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-21 05:19:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 05:19:34 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 05:19:19 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 05:19:18 36864 ----a-w- C:\Windows\System32\wuapp.exe

.

==================== Find3M ====================

.

2012-07-18 20:29:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-18 20:29:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-16 04:37:59 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-06-16 04:37:59 839096 ----a-w- C:\Windows\System32\deployJava1.dll

2012-06-16 01:04:40 188943 ----a-w- C:\Windows\SysWow64\mrjibjbgw.exe

2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-28 16:59:10 1799168 ----a-w- C:\Windows\SysWow64\mprdin.dll

2012-05-23 13:25:43 726016 ----a-w- C:\Windows\SysWow64\7z.dll

2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

.

============= FINISH: 22:01:41.50 ===============

[screen317]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[SnappleDan]

Combofix log

ComboFix 12-07-20.02 - Dan 07/20/2012 16:28:00.7.1 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3999.2874 [GMT -4:00]

Running from: c:\users\Dan\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))

.

.

2012-07-20 20:42 . 2012-07-20 20:42 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-07-20 20:42 . 2012-07-20 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-20 20:42 . 2012-07-20 20:42 -------- d-----w- c:\users\Daniel\AppData\Local\temp

2012-07-20 16:18 . 2012-07-20 16:18 192512 ----a-w- c:\windows\SysWow64\ivphlrskk.exe

2012-07-20 14:46 . 2012-07-20 14:46 192512 ----a-w- c:\windows\SysWow64\rscmht.exe

2012-07-20 13:20 . 2012-07-20 13:20 192512 ----a-w- c:\windows\SysWow64\vuujpv.exe

2012-07-20 11:58 . 2012-07-20 11:58 192512 ----a-w- c:\windows\SysWow64\amsrkbnob.exe

2012-07-20 10:35 . 2012-07-20 10:35 189952 ----a-w- c:\windows\SysWow64\afxujqpxu.exe

2012-07-20 09:10 . 2012-07-20 09:10 189952 ----a-w- c:\windows\SysWow64\npbfqht.exe

2012-07-20 07:46 . 2012-07-20 07:46 189952 ----a-w- c:\windows\SysWow64\bgejqajwh.exe

2012-07-20 06:22 . 2012-07-20 06:22 189952 ----a-w- c:\windows\SysWow64\moxnpv.exe

2012-07-20 04:58 . 2012-07-20 04:58 189952 ----a-w- c:\windows\SysWow64\omcfdwfi.exe

2012-07-20 01:46 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF4FCD03-21F7-4A96-9F98-4BFCB9E6B12C}\mpengine.dll

2012-07-20 01:46 . 2012-07-20 01:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-20 01:46 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-18 13:45 . 2012-07-18 13:45 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-18 13:45 . 2012-07-18 13:45 -------- d-----w- c:\program files (x86)\Oracle

2012-07-18 13:44 . 2012-07-18 13:44 -------- d-----w- c:\program files (x86)\Java

2012-07-18 09:51 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-17 15:20 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-07-17 15:11 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-07-17 15:11 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-07-17 15:11 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-17 15:11 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-16 17:38 . 2012-07-16 17:38 -------- d-----w- C:\Mountain_of_Ice

2012-07-16 16:59 . 2012-07-16 16:59 -------- d-----w- C:\Mysterious_Life_of_Caves

2012-07-11 14:47 . 2012-07-11 14:47 -------- d-----w- c:\program files\Synaptics

2012-07-11 14:46 . 2012-07-11 14:46 -------- d-----w- C:\swsetup

2012-07-10 14:25 . 2012-07-10 14:25 -------- d-----w- C:\THE_LOTTERY

2012-07-10 13:34 . 2012-07-10 13:34 -------- d-----w- C:\HOW_TO_DIE_IN_OREGON

2012-07-08 02:55 . 2012-07-08 02:55 -------- d-----w- c:\users\Dan\AppData\Local\WBFSManager

2012-07-08 02:54 . 2012-07-08 02:54 -------- d-----w- c:\program files\WBFS

2012-07-03 17:22 . 2012-02-11 03:33 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{077C8753-F108-4350-A634-621BC64657B2}\gapaengine.dll

2012-07-03 14:24 . 2012-07-03 14:24 -------- d-----w- c:\program files\Handbrake

2012-06-29 13:26 . 2012-06-29 13:26 -------- d-----w- c:\users\Dan\AppData\Local\Adobe

2012-06-26 17:37 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-06-26 17:37 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-06-26 17:37 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\program files\iPod

2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\program files\iTunes

2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\program files (x86)\iTunes

2012-06-26 16:00 . 2012-06-26 16:00 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-06-26 16:00 . 2012-06-26 16:00 -------- d-----w- c:\program files\Common Files\Apple

2012-06-26 12:02 . 2012-06-26 12:02 -------- d-----w- c:\users\Dan\AppData\Roaming\QuickScan

2012-06-25 11:46 . 2012-06-25 11:46 -------- d-----w- c:\users\Dan\AppData\Local\Macromedia

2012-06-24 20:10 . 2012-06-24 20:10 -------- d-----w- c:\program files (x86)\ESET

2012-06-22 19:50 . 2012-06-22 19:50 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-21 05:19 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 05:19 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 05:19 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 05:19 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 05:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 05:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 05:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 05:19 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 05:19 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-18 20:29 . 2012-04-09 11:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-18 20:29 . 2011-08-17 16:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-17 15:13 . 2011-01-03 05:09 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-06 02:06 . 2011-01-03 05:47 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-16 04:38 . 2012-06-16 04:38 268720 ----a-w- c:\windows\system32\javaws.exe

2012-06-16 04:38 . 2012-06-16 04:38 189360 ----a-w- c:\windows\system32\javaw.exe

2012-06-16 04:38 . 2012-06-16 04:38 188840 ----a-w- c:\windows\system32\java.exe

2012-06-16 04:37 . 2012-06-16 04:38 955840 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-16 04:37 . 2011-01-03 05:48 839096 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-28 16:59 . 2012-05-28 16:59 1799168 ----a-w- c:\windows\SysWow64\mprdin.dll

2012-05-23 13:25 . 2012-05-23 13:25 726016 ----a-w- c:\windows\SysWow64\7z.dll

2012-05-15 03:56 . 2012-06-18 03:45 1197568 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 03:52 . 2012-06-18 03:45 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-15 03:08 . 2012-06-18 03:45 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-04 10:52 . 2012-06-18 03:45 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:08 . 2012-06-18 03:45 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08 . 2012-06-18 03:45 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-28 03:50 . 2012-06-18 03:43 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:34 . 2012-06-18 03:46 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:34 . 2012-06-18 03:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:28 . 2012-06-18 03:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2012-06-18_12.55.56 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-03-08 13:53 . 2011-11-17 05:35 96768 c:\windows\SysWOW64\sspicli.dll

+ 2012-07-17 15:12 . 2012-06-02 04:42 96768 c:\windows\SysWOW64\sspicli.dll

+ 2012-07-17 15:12 . 2012-06-02 04:48 22016 c:\windows\SysWOW64\secur32.dll

- 2012-03-08 13:53 . 2011-11-17 05:39 22016 c:\windows\SysWOW64\secur32.dll

- 2009-07-14 04:54 . 2012-06-18 12:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-20 20:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-06-18 12:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-20 20:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-18 12:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-20 20:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-03 12:44 . 2012-07-20 20:48 36766 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-20 19:50 41940 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-01-03 12:44 . 2012-07-20 19:50 16218 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1673223263-37901431-4082015536-1001_UserData.bin

- 2012-04-13 14:44 . 2009-05-18 17:17 34152 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspiWDM.sys

+ 2012-06-26 17:37 . 2009-05-18 17:17 34152 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspiWDM.sys

+ 2009-07-14 05:30 . 2012-07-11 14:47 86016 c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:30 . 2012-04-30 15:45 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2012-04-25 16:11 . 2012-04-25 16:11 52736 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_509d7a31d0ee45f2\usbaapl64.sys

+ 2012-03-26 18:50 . 2012-03-26 18:50 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_bf785db627c6d127\netaapl64.sys

+ 2012-06-21 20:05 . 2011-06-26 00:56 33888 c:\windows\system32\DriverStore\FileRepository\appliand.inf_amd64_neutral_0c48234b04f54702\appliand.sys

- 2012-03-08 13:53 . 2011-11-17 07:17 95088 c:\windows\system32\drivers\ksecdd.sys

+ 2012-07-17 15:12 . 2012-06-02 05:38 95088 c:\windows\system32\drivers\ksecdd.sys

- 2011-01-03 08:02 . 2012-06-18 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-03 08:02 . 2012-07-20 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-03 08:02 . 2012-06-18 04:14 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-01-03 08:02 . 2012-07-20 19:45 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-20 19:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-18 04:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-07-18 03:54 64448 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-01-03 06:56 . 2012-07-20 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-03 06:56 . 2012-06-18 12:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-03 06:56 . 2012-06-18 12:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-03 06:56 . 2012-07-20 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-03 14:09 . 2012-07-17 15:19 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

+ 2011-01-03 14:09 . 2012-07-17 15:19 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe

+ 2011-01-03 14:09 . 2012-07-17 15:19 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-06-26 16:00 . 2012-06-26 16:00 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe

+ 2012-07-20 20:46 . 2012-07-20 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-18 12:54 . 2012-06-18 12:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-20 20:46 . 2012-07-20 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-18 12:54 . 2012-06-18 12:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 19:13 . 2009-07-14 19:13 107816 c:\windows\SysWOW64\SynTPCOM.dll

- 2011-10-14 08:35 . 2011-10-14 08:35 107816 c:\windows\SysWOW64\SynTPCOM.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 206120 c:\windows\SysWOW64\SynCtrl.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 169256 c:\windows\SysWOW64\SynCOM.dll

+ 2012-07-17 15:12 . 2012-06-02 04:48 225280 c:\windows\SysWOW64\schannel.dll

- 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll

+ 2012-07-17 15:12 . 2012-06-02 04:47 219136 c:\windows\SysWOW64\ncrypt.dll

+ 2012-07-18 20:29 . 2012-07-18 20:29 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe

+ 2012-07-18 20:29 . 2012-07-18 20:29 465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll

+ 2012-06-23 05:31 . 2012-06-23 05:31 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe

+ 2012-04-09 11:50 . 2012-07-18 20:29 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-07-18 13:44 . 2012-07-06 02:06 227760 c:\windows\SysWOW64\javaws.exe

+ 2012-07-18 13:44 . 2012-07-18 13:44 174064 c:\windows\SysWOW64\javaw.exe

+ 2012-07-18 13:44 . 2012-07-18 13:44 174064 c:\windows\SysWOW64\java.exe

+ 2004-05-26 12:37 . 2004-05-26 12:37 719872 c:\windows\SysWOW64\devil.dll

+ 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\SysWOW64\avisynth.dll

+ 2011-01-12 16:33 . 2012-07-07 13:24 242590 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-01-03 12:39 . 2012-07-20 03:45 311234 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 19:13 . 2009-07-14 19:13 147752 c:\windows\system32\SynTPCo4.dll

- 2010-05-28 03:29 . 2010-05-28 03:29 147752 c:\windows\system32\SynTPCo4.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 203560 c:\windows\system32\SynTPAPI.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 260904 c:\windows\system32\SynCtrl.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 395048 c:\windows\system32\SynCOM.dll

- 2012-03-08 13:53 . 2011-11-17 07:10 340992 c:\windows\system32\schannel.dll

+ 2012-07-17 15:12 . 2012-06-02 05:27 340992 c:\windows\system32\schannel.dll

+ 2009-07-14 02:36 . 2012-07-19 19:50 662942 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-06-18 04:00 662942 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-19 19:50 122738 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-06-18 04:00 122738 c:\windows\system32\perfc009.dat

- 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll

+ 2012-07-17 15:12 . 2012-06-02 05:27 307200 c:\windows\system32\ncrypt.dll

+ 2012-07-18 20:29 . 2012-07-18 20:29 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe

+ 2012-07-18 20:29 . 2012-07-18 20:29 512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.dll

+ 2012-06-23 05:31 . 2012-06-23 05:31 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_262_Plugin.exe

+ 2012-06-26 17:37 . 2008-04-17 16:12 126312 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspi64.dll

- 2012-04-13 14:44 . 2008-04-17 16:12 126312 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspi64.dll

- 2012-04-13 14:44 . 2008-04-17 16:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspi.dll

+ 2012-06-26 17:37 . 2008-04-17 16:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_B60A2DA9F47E0A7F3329B57AA751F1789961A8BE\x64\GEARAspi.dll

+ 2009-07-14 05:30 . 2012-07-11 14:47 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-04-30 15:42 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2012-07-11 14:47 143360 c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:30 . 2012-04-30 15:45 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 19:13 . 2009-07-14 19:13 337192 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\Tutorial.exe

+ 2009-07-14 19:13 . 2009-07-14 19:13 247080 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynZMetr.exe

+ 2009-07-14 19:13 . 2009-07-14 19:13 120616 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPHelper.exe

+ 2009-07-14 19:13 . 2009-07-14 19:13 107816 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPCOM32.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 120104 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPCOM.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 147752 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPCo4.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 203560 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPAPI.dll

+ 2009-07-14 19:16 . 2009-07-14 19:16 273456 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTP.sys

+ 2009-07-14 19:12 . 2009-07-14 19:12 238888 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynMood.exe

+ 2009-07-14 19:13 . 2009-07-14 19:13 197928 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynISDLL.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 206120 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynCtrl32.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 260904 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynCtrl.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 169256 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynCOM32.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 395048 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynCOM.dll

+ 2009-07-14 19:12 . 2009-07-14 19:12 149800 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\InstNT.exe

+ 2009-07-14 19:16 . 2009-07-14 19:16 273456 c:\windows\system32\drivers\SynTP.sys

- 2012-03-08 13:53 . 2011-11-17 07:17 152432 c:\windows\system32\drivers\ksecpkg.sys

+ 2012-07-17 15:12 . 2012-06-02 05:38 152432 c:\windows\system32\drivers\ksecpkg.sys

+ 2012-07-17 15:12 . 2012-06-02 05:37 459216 c:\windows\system32\drivers\cng.sys

+ 2012-07-17 15:12 . 2012-04-24 05:59 182272 c:\windows\system32\cryptsvc.dll

+ 2012-07-17 15:12 . 2012-04-24 05:59 140288 c:\windows\system32\cryptnet.dll

+ 2011-06-28 14:01 . 2012-07-10 12:46 770744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-07-20 18:08 429216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-06-18 12:54 429216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-07-18 13:45 . 2012-07-18 13:45 179200 c:\windows\Installer\4c9f721.msi

+ 2012-07-18 13:44 . 2012-07-18 13:44 461312 c:\windows\Installer\4c9f71a.msi

+ 2011-01-03 14:09 . 2012-07-17 15:19 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2011-01-03 14:09 . 2012-07-17 15:19 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2011-01-03 14:09 . 2012-07-17 15:19 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2011-01-03 14:09 . 2012-07-17 15:19 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe

+ 2011-01-03 14:09 . 2012-07-17 15:19 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

+ 2011-01-03 14:09 . 2012-07-17 15:19 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

+ 2012-06-26 17:37 . 2012-06-26 17:37 380928 c:\windows\Installer\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}\iTunesIco.exe

- 2012-04-13 14:44 . 2012-04-13 14:44 380928 c:\windows\Installer\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}\iTunesIco.exe

+ 2012-04-04 16:38 . 2012-04-04 16:38 787560 c:\windows\Downloaded Program Files\qsax64.dll

+ 2012-07-17 15:12 . 2012-06-06 05:09 1389568 c:\windows\SysWOW64\msxml6.dll

+ 2012-07-17 15:12 . 2012-06-06 05:09 1236992 c:\windows\SysWOW64\msxml3.dll

+ 2012-06-23 05:31 . 2012-06-23 05:31 9459912 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

+ 2012-06-23 05:31 . 2012-06-23 05:31 1535176 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

+ 2012-07-17 15:12 . 2012-04-24 04:47 1156608 c:\windows\SysWOW64\crypt32.dll

+ 2012-07-17 15:12 . 2012-06-06 05:50 2003968 c:\windows\system32\msxml6.dll

+ 2012-07-17 15:12 . 2012-06-06 05:50 1880064 c:\windows\system32\msxml3.dll

+ 2009-07-14 04:45 . 2012-07-17 15:25 4907816 c:\windows\system32\FNTCACHE.DAT

- 2009-07-14 04:45 . 2012-06-18 04:16 4907816 c:\windows\system32\FNTCACHE.DAT

+ 2012-04-25 16:11 . 2012-04-25 16:11 4547944 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_509d7a31d0ee45f2\usbaaplrc.dll

+ 2008-07-08 14:55 . 2008-07-08 14:55 1490656 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\WdfCoInstaller01007.dll

+ 2009-07-14 19:13 . 2009-07-14 19:13 8056616 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPRes.dll

+ 2009-07-14 19:12 . 2009-07-14 19:12 1815848 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPEnh.exe

+ 2009-07-14 19:13 . 2009-07-14 19:13 1526568 c:\windows\system32\DriverStore\FileRepository\synpd.inf_amd64_neutral_dfa572168d4f7a89\SynTPCpl.dll

+ 2012-03-26 18:51 . 2012-03-26 18:51 1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_bf785db627c6d127\wdfcoinstaller01009.dll

+ 2012-07-17 15:12 . 2012-04-24 05:59 1460224 c:\windows\system32\crypt32.dll

- 2009-07-14 04:45 . 2012-06-18 04:16 3607983 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-07-17 15:28 3607983 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2012-04-05 21:27 . 2012-04-05 21:27 2323456 c:\windows\Installer\5393d.msi

+ 2012-06-20 06:00 . 2012-06-20 06:00 3461120 c:\windows\Installer\1e2c5861.msp

+ 2011-01-03 14:09 . 2012-07-17 15:19 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

+ 2011-01-03 14:09 . 2012-07-17 15:19 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

+ 2011-01-03 14:09 . 2012-07-17 15:19 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2011-01-03 14:09 . 2012-07-17 15:19 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe

- 2011-01-03 14:09 . 2012-06-18 04:03 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2012-07-17 15:12 . 2012-06-09 04:46 12868608 c:\windows\SysWOW64\shell32.dll

+ 2009-07-14 02:34 . 2012-07-20 20:01 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2012-07-17 15:12 . 2012-06-09 05:30 14165504 c:\windows\system32\shell32.dll

+ 2012-06-23 05:31 . 2012-06-23 05:31 12310216 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll

+ 2012-01-18 22:49 . 2012-01-18 22:49 44700672 c:\windows\Installer\c9988.msi

+ 2012-05-24 22:34 . 2012-05-24 22:34 11071488 c:\windows\Installer\53937.msi

+ 2012-05-31 05:47 . 2012-05-31 05:47 20403200 c:\windows\Installer\5392d.msi

+ 2012-07-18 13:43 . 2012-07-18 13:43 17379840 c:\windows\Installer\4c9f716.msi

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]

2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 hcw10cir;Hauppauge CIR Receiver;c:\windows\system32\drivers\hcw10cir.sys [2010-05-10 46080]

R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]

R3 DaShenAudio_simple;DaShen Audio Filter Driver (DaShen Copyright);c:\windows\system32\drivers\DaShenAudio.sys [2012-01-13 33816]

R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2012-01-17 77520]

R3 hcw10bda;Hauppauge Cx2310x WinTV Capture;c:\windows\system32\drivers\hcw10bda.sys [2010-12-09 641920]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-05-26 351136]

R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-05-26 4186528]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Smport;Smport;c:\windows\system32\Smport.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-07 254528]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2012-01-17 331608]

S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-01-04 363336]

S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2012-01-04 329544]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-05-26 442656]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]

2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 20.17.157.15 20.17.157.16

FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\igbv66k0.default\

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2012-07-20 17:12:24 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-20 21:12

ComboFix.txt 2012-07-20 17:40

.

Pre-Run: 113,639,874,560 bytes free

Post-Run: 113,755,795,456 bytes free

.

- - End Of File - - F7D928CC899EE39BE1D014A0121AAA95

---------------------------------------------

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1

Run by Dan at 17:13:17 on 2012-07-20

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3999.2769 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe

C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe

C:\Program Files (x86)\Expat Shield\bin\hsswd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Windows\SysWOW64\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\notepad.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

TCP: DhcpNameServer = 20.17.157.15 20.17.157.16

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\16474777966696 : DhcpNameServer = 192.168.5.1

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\5484D27457563747 : DhcpNameServer = 192.168.254.4

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\74C656E677F6F646 : DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\74C656E677F6F6463313 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\7796E67666F6F647 : DhcpNameServer = 148.74.252.7 148.74.252.8

TCP: Interfaces\{324537A2-C2DB-428E-9A74-62DF84F128D6}\E4544574541425 : DhcpNameServer = 10.1.10.1

TCP: Interfaces\{4565F866-6864-4D76-A3DF-92E6C88AE1DF} : DhcpNameServer = 20.17.157.15 20.17.157.16

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\igbv66k0.default\

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2012-1-17 331608]

R2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-1-4 363336]

R2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat --> C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-19 655944]

R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-3-21 68928]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-5-26 442656]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 hcw10cir;Hauppauge CIR Receiver;C:\Windows\system32\drivers\hcw10cir.sys --> C:\Windows\system32\drivers\hcw10cir.sys [?]

S3 DaShenAudio_simple;DaShen Audio Filter Driver (DaShen Copyright);C:\Windows\system32\drivers\DaShenAudio.sys --> C:\Windows\system32\drivers\DaShenAudio.sys [?]

S3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\EXPATTrayService.exe [2012-1-17 77520]

S3 hcw10bda;Hauppauge Cx2310x WinTV Capture;C:\Windows\system32\drivers\hcw10bda.sys --> C:\Windows\system32\drivers\hcw10bda.sys [?]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]

.

=============== Created Last 30 ================

.

2012-07-20 16:18:06 192512 ----a-w- C:\Windows\SysWow64\ivphlrskk.exe

2012-07-20 14:46:58 192512 ----a-w- C:\Windows\SysWow64\rscmht.exe

2012-07-20 13:20:25 192512 ----a-w- C:\Windows\SysWow64\vuujpv.exe

2012-07-20 11:58:21 192512 ----a-w- C:\Windows\SysWow64\amsrkbnob.exe

2012-07-20 10:35:02 189952 ----a-w- C:\Windows\SysWow64\afxujqpxu.exe

2012-07-20 09:10:42 189952 ----a-w- C:\Windows\SysWow64\npbfqht.exe

2012-07-20 07:46:28 189952 ----a-w- C:\Windows\SysWow64\bgejqajwh.exe

2012-07-20 06:22:16 189952 ----a-w- C:\Windows\SysWow64\moxnpv.exe

2012-07-20 04:58:17 189952 ----a-w- C:\Windows\SysWow64\omcfdwfi.exe

2012-07-20 01:46:48 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF4FCD03-21F7-4A96-9F98-4BFCB9E6B12C}\mpengine.dll

2012-07-20 01:46:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-20 01:46:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-18 13:45:19 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-18 09:51:39 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-17 15:20:10 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-07-17 15:11:59 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-07-17 15:11:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-07-17 15:11:13 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-17 15:11:11 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-16 17:38:01 -------- d-----w- C:\Mountain_of_Ice

2012-07-16 16:59:48 -------- d-----w- C:\Mysterious_Life_of_Caves

2012-07-11 14:47:10 -------- d-----w- C:\Program Files\Synaptics

2012-07-11 14:46:37 -------- d-----w- C:\swsetup

2012-07-10 14:25:15 -------- d-----w- C:\THE_LOTTERY

2012-07-10 13:34:22 -------- d-----w- C:\HOW_TO_DIE_IN_OREGON

2012-07-08 02:55:57 -------- d-----w- C:\Users\Dan\AppData\Local\WBFSManager

2012-07-08 02:54:13 -------- d-----w- C:\Program Files\WBFS

2012-07-03 17:22:37 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{077C8753-F108-4350-A634-621BC64657B2}\gapaengine.dll

2012-07-03 14:24:45 -------- d-----w- C:\Program Files\Handbrake

2012-06-29 13:26:23 -------- d-----w- C:\Users\Dan\AppData\Local\Adobe

2012-06-26 17:37:00 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-06-26 17:37:00 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-06-26 17:37:00 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-06-26 17:36:04 -------- d-----w- C:\Program Files\iPod

2012-06-26 17:36:02 -------- d-----w- C:\Program Files\iTunes

2012-06-26 17:36:02 -------- d-----w- C:\Program Files (x86)\iTunes

2012-06-26 12:02:22 -------- d-----w- C:\Users\Dan\AppData\Roaming\QuickScan

2012-06-25 11:46:13 -------- d-----w- C:\Users\Dan\AppData\Local\Macromedia

2012-06-24 20:10:23 -------- d-----w- C:\Program Files (x86)\ESET

2012-06-22 19:50:25 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-21 05:19:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 05:19:34 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 05:19:19 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 05:19:18 36864 ----a-w- C:\Windows\System32\wuapp.exe

.

==================== Find3M ====================

.

2012-07-18 20:29:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-18 20:29:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-16 04:37:59 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-06-16 04:37:59 839096 ----a-w- C:\Windows\System32\deployJava1.dll

2012-06-16 01:04:40 188943 ----a-w- C:\Windows\SysWow64\mrjibjbgw.exe

2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-28 16:59:10 1799168 ----a-w- C:\Windows\SysWow64\mprdin.dll

2012-05-23 13:25:43 726016 ----a-w- C:\Windows\SysWow64\7z.dll

2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

.

============= FINISH: 17:15:09.08 ===============

[screen317]

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

[SnappleDan]

ETES log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

------------------------------------------------------------------------------------

Check up Log

Results of screen317's Security Check version 0.99.43

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

JavaFX 2.1.1

Java 7 Update 5

Adobe Reader X 10.0.1 Adobe Reader out of Date!

Mozilla Firefox (14.0.1)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 3%

````````````````````End of Log``````````````````````

My PC:

Everything seems back to normal i haven't noticed any weird attempted connections and malwarebytes isn't blocking anything anymore..I know my IE is out of date but I rarely/never use it only in situations like this where I needed to in order to run that program

[SnappleDan]

I take that back, this morning malwarebytes blocked another attempt to access some site

[screen317]

Hi,

Please go to VirusTotal, and upload the following file(s) for analysis:

c:\windows\SysWow64\amsrkbnob.exe

c:\windows\SysWow64\afxujqpxu.exe

Post the results in your reply.

Also zip up that file and attach it to your reply.

[SnappleDan]

sorry but I can't find those files anywhere in the syswow64 folder nor on my pc for that matter. I attached a screenshot of my syswow64 folder at where the 2 files should be. Just so happens to be when I was taking that screenshot malwarebytes blocked another ip so I included it in the picture as well. Should I do another etes scan?

[screen317]

Hi,

Strange. Please grab a fresh copy of ComboFix, run it, and post its log.

[SnappleDan]

ComboFix 12-07-26.03 - Dan 07/25/2012 16:06:49.8.1 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3999.2338 [GMT -4:00]

Running from: c:\users\Dan\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))

.

.

2012-07-25 20:20 . 2012-07-25 20:20 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-07-25 20:20 . 2012-07-25 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-25 20:20 . 2012-07-25 20:20 -------- d-----w- c:\users\Daniel\AppData\Local\temp

2012-07-25 11:48 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18B8B528-6249-4560-9B32-CA07F0506B4A}\mpengine.dll

2012-07-24 13:40 . 2012-07-24 13:40 -------- d-----w- c:\users\Dan\AppData\Local\Diagnostics

2012-07-24 07:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-20 01:46 . 2012-07-20 01:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-20 01:46 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-18 13:45 . 2012-07-18 13:45 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-18 13:45 . 2012-07-18 13:45 -------- d-----w- c:\program files (x86)\Oracle

2012-07-18 13:44 . 2012-07-18 13:44 -------- d-----w- c:\program files (x86)\Java

2012-07-17 15:20 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-07-17 15:11 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-07-17 15:11 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-07-17 15:11 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-17 15:11 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-16 17:38 . 2012-07-16 17:38 -------- d-----w- C:\Mountain_of_Ice

2012-07-16 16:59 . 2012-07-16 16:59 -------- d-----w- C:\Mysterious_Life_of_Caves

2012-07-11 14:47 . 2012-07-11 14:47 -------- d-----w- c:\program files\Synaptics

2012-07-11 14:46 . 2012-07-11 14:46 -------- d-----w- C:\swsetup

2012-07-10 14:25 . 2012-07-10 14:25 -------- d-----w- C:\THE_LOTTERY

2012-07-10 13:34 . 2012-07-10 13:34 -------- d-----w- C:\HOW_TO_DIE_IN_OREGON

2012-07-08 02:55 . 2012-07-08 02:55 -------- d-----w- c:\users\Dan\AppData\Local\WBFSManager

2012-07-08 02:54 . 2012-07-08 02:54 -------- d-----w- c:\program files\WBFS

2012-07-03 17:22 . 2012-02-11 03:33 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{077C8753-F108-4350-A634-621BC64657B2}\gapaengine.dll

2012-07-03 14:24 . 2012-07-03 14:24 -------- d-----w- c:\program files\Handbrake

2012-06-29 13:26 . 2012-06-29 13:26 -------- d-----w- c:\users\Dan\AppData\Local\Adobe

2012-06-26 17:37 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-06-26 17:37 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-06-26 17:37 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\program files\iPod

2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\program files\iTunes

2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\program files (x86)\iTunes

2012-06-26 16:00 . 2012-06-26 16:00 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-06-26 16:00 . 2012-06-26 16:00 -------- d-----w- c:\program files\Common Files\Apple

2012-06-26 12:02 . 2012-06-26 12:02 -------- d-----w- c:\users\Dan\AppData\Roaming\QuickScan

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-18 20:29 . 2012-04-09 11:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-18 20:29 . 2011-08-17 16:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-17 15:13 . 2011-01-03 05:09 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-06 02:06 . 2011-01-03 05:47 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-16 04:38 . 2012-06-16 04:38 268720 ----a-w- c:\windows\system32\javaws.exe

2012-06-16 04:38 . 2012-06-16 04:38 189360 ----a-w- c:\windows\system32\javaw.exe

2012-06-16 04:38 . 2012-06-16 04:38 188840 ----a-w- c:\windows\system32\java.exe

2012-06-16 04:37 . 2012-06-16 04:38 955840 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-16 04:37 . 2011-01-03 05:48 839096 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-02 22:19 . 2012-06-21 05:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 05:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 05:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 05:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 05:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 05:19 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 05:19 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-21 05:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-21 05:19 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-23 13:25 . 2012-05-23 13:25 726016 ----a-w- c:\windows\SysWow64\7z.dll

2012-05-15 03:56 . 2012-06-18 03:45 1197568 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 03:52 . 2012-06-18 03:45 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-05-15 03:08 . 2012-06-18 03:45 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-04 10:52 . 2012-06-18 03:45 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:08 . 2012-06-18 03:45 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08 . 2012-06-18 03:45 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-28 03:50 . 2012-06-18 03:43 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2012-07-20_20.47.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-07-25 20:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-20 20:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-20 20:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-25 20:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-20 20:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-25 20:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-07-22 03:43 41940 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2012-07-20 19:50 41940 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-01-03 12:44 . 2012-07-22 03:43 16384 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1673223263-37901431-4082015536-1001_UserData.bin

- 2009-07-14 05:30 . 2012-07-11 14:47 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2012-07-22 04:51 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2008-05-06 20:06 . 2008-05-06 20:06 14464 c:\windows\system32\DriverStore\FileRepository\wdcsam.inf_amd64_neutral_782a203832146fb2\wdcsam64.sys

+ 2008-05-06 20:06 . 2008-05-06 20:06 14464 c:\windows\system32\drivers\wdcsam64.sys

- 2011-01-03 08:02 . 2012-07-20 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-03 08:02 . 2012-07-25 07:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-03 08:02 . 2012-07-25 07:38 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-01-03 08:02 . 2012-07-20 19:45 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-20 19:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-25 07:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-03 06:56 . 2012-07-25 20:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-03 06:56 . 2012-07-20 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-03 06:56 . 2012-07-25 20:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-01-03 06:56 . 2012-07-20 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-07-20 20:46 . 2012-07-20 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-25 20:24 . 2012-07-25 20:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-20 20:46 . 2012-07-20 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-25 20:24 . 2012-07-25 20:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-01-03 12:39 . 2012-07-25 19:54 311742 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-07-25 15:56 662942 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-07-19 19:50 662942 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-07-19 19:50 122738 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-07-25 15:56 122738 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:30 . 2012-07-22 04:51 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-07-11 14:47 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-07-11 14:47 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:30 . 2012-07-22 04:51 143360 c:\windows\system32\DriverStore\infstor.dat

- 2011-06-28 14:01 . 2012-07-10 12:46 770744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-06-28 14:01 . 2012-07-25 20:24 770744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-07-25 20:24 429216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-07-20 18:08 429216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 02:34 . 2012-07-25 11:59 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2009-07-14 02:34 . 2012-07-20 20:01 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]

2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 hcw10cir;Hauppauge CIR Receiver;c:\windows\system32\drivers\hcw10cir.sys [2010-05-10 46080]

R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]

R3 DaShenAudio_simple;DaShen Audio Filter Driver (DaShen Copyright);c:\windows\system32\drivers\DaShenAudio.sys [2012-01-13 33816]

R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2012-01-17 77520]

R3 hcw10bda;Hauppauge Cx2310x WinTV Capture;c:\windows\system32\drivers\hcw10bda.sys [2010-12-09 641920]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-05-26 351136]

R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-05-26 4186528]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Smport;Smport;c:\windows\system32\Smport.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-07 254528]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2012-01-17 331608]

S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-01-04 363336]

S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2012-01-04 329544]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-05-26 442656]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]

2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 20.17.157.15 20.17.157.16

FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\igbv66k0.default\

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2012-07-25 16:43:15 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-25 20:43

ComboFix2.txt 2012-07-20 21:12

ComboFix3.txt 2012-06-26 13:27

ComboFix4.txt 2012-06-18 19:22

ComboFix5.txt 2012-07-25 20:05

.

Pre-Run: 111,397,294,080 bytes free

Post-Run: 111,813,627,904 bytes free

.

- - End Of File - - 749FC8357C15595B954B22824EF132C4

[screen317]

Hi,

Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.
  

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Adobe Reader X 10.0.1

Restart your computer.

Get the latest version of Adobe Reader.

Post a protection log from MBAM please.

[SnappleDan]

todays log is nearly blank cause I haven't been online but its here

2012/07/26 20:54:28 -0400 DAN-PC Dan MESSAGE Starting protection

2012/07/26 20:54:30 -0400 DAN-PC Dan MESSAGE Protection started successfully

2012/07/26 20:54:33 -0400 DAN-PC Dan MESSAGE Starting IP protection

2012/07/26 20:54:37 -0400 DAN-PC Dan MESSAGE IP Protection started successfully

I'm posting a snip of yesterdays log when it kept blocking ips

2012/07/25 14:02:24 -0400 DAN-PC Dan IP-BLOCK 112.175.243.24 (Type: outgoing, Port: 52651, Process: svchost.exe)

2012/07/25 14:08:26 -0400 DAN-PC Dan IP-BLOCK 112.175.243.22 (Type: outgoing, Port: 52671, Process: svchost.exe)

2012/07/25 14:14:28 -0400 DAN-PC Dan IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 52689, Process: svchost.exe)

2012/07/25 14:20:30 -0400 DAN-PC Dan IP-BLOCK 112.175.243.24 (Type: outgoing, Port: 52721, Process: svchost.exe)

2012/07/25 14:26:39 -0400 DAN-PC Dan IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 52743, Process: svchost.exe)

[screen317]

Hi,

I am consulting with my colleagues and will be back with you as soon as possible.

[screen317]

Hi,

Run the AVG Rescue CD as described here please:

http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=68967

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!