Infected with Trojan.Dropper.BCMiner?

[DZmaj]

Logs:

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by owner at 11:03:13 on 2012-08-09

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2814.1862 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\ltmoh\ltmoh.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Freecorder\FLVSrvc.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

uInternet Settings,ProxyOverride = <local>;*.local

uURLSearchHooks: H - No File

uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll

mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll

BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload

uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start

mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{3D5EF9AD-1D66-4E42-AA8B-BAE7DFE8201C} : DhcpNameServer = 64.71.255.198 64.71.255.253

TCP: Interfaces\{CC907B51-7004-40F9-A190-26134E8EF07B} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{CC907B51-7004-40F9-A190-26134E8EF07B}\34963736F61433337333 : DhcpNameServer = 192.168.2.1 192.168.1.1

TCP: Interfaces\{CC907B51-7004-40F9-A190-26134E8EF07B}\F42716E6765674962716666656 : DhcpNameServer = 192.168.2.1 192.168.1.1

TCP: Interfaces\{FED15C19-31D5-4FE4-857C-01BFA546B596} : DhcpNameServer = 192.168.4.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]

R2 CDMA Device Service;CDMA Device Service;c:\program files\samsung\usb drivers\26_via_driver2\x86\VIAService.exe [2011-9-20 63488]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-7-6 14088]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-8-25 77824]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-25 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-25 136176]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-11-10 97552]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-9-19 15872]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-9-20 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-9-20 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-9-20 136808]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-19 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-19 1343400]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2012-07-26 03:05:52 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes

2012-07-26 03:05:38 -------- d-----w- c:\programdata\Malwarebytes

2012-07-26 03:05:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-26 03:05:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-19 00:42:48 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-19 00:34:34 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-17 14:42:11 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9903fecd-c956-40b2-bf3d-e48dc27ad0a5}\offreg.dll

2012-07-17 14:10:12 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9903fecd-c956-40b2-bf3d-e48dc27ad0a5}\mpengine.dll

2012-07-13 16:28:59 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

.

==================== Find3M ====================

.

2012-06-26 07:02:38 45320 ----a-w- c:\windows\system32\MAMACExtract.dll

2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-29 07:38:50 330240 ----a-w- c:\windows\MASetupCaller.dll

.

============= FINISH: 11:04:19.90 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 9/19/2011 9:31:38 AM

System Uptime: 8/9/2012 8:45:58 AM (3 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: AMD Athlon X2 Dual-Core QL-62 | Socket M2/S1G1 | 2000/1800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 100 GiB total, 21.381 GiB free.

D: is FIXED (NTFS) - 6 GiB total, 5.593 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\TOS1901\2&DABA3FF&1

Manufacturer:

Name:

PNP Device ID: ACPI\TOS1901\2&DABA3FF&1

Service:

.

==== System Restore Points ===================

.

RP136: 8/5/2012 7:55:34 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Acrobat 9 Standard - English, FranÁais, Deutsch

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Drive CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Fonts All

Adobe Linguistics CS4

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Android Sync Manager WiFi

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

AutoCAD Architecture 2012 - English

AutoCAD Architecture 2012 Language Pack - English

Autodesk Content Service

Autodesk Material Library 2012

Autodesk Material Library Base Resolution Image Library 2012

Bonjour

Camera Assistant Software for Toshiba

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

ccc-core-static

ccc-utility

CCC Help English

Cisco Connect

Connect

FARO LS 1.1.406.58

Freecorder 5

Freecorder Toolbar

Google Chrome

Google SketchUp Pro 8

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Officejet 6500 E710a-f Basic Device Software

HP Officejet 6500 E710a-f Help

HP OrderReminder

HP Update

I.R.I.S. OCR

iTunes

kuler

LaserJet 1018

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MotioninJoy ds3 driver version 0.6.0004

PDF Settings CS4

Photoshop Camera Raw

ProFile

QBFC 10.0

QuickTime

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Seagate Dashboard

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

SixaxisPairTool 0.2.3

Skins

Skype Click to Call

Skypeô 5.5

Suite Shared Configuration CS4

Synaptics Pointing Device Driver

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Face Recognition

TOSHIBA Software Modem

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 2.0.1

Windows Media Player Firefox Plugin

WinRAR 4.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

8/9/2012 10:58:54 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/9/2012 10:58:54 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/7/2012 12:49:49 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/7/2012 12:49:49 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/7/2012 12:49:47 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/5/2012 9:30:09 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

FRST.exe

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-08-2012 02

Ran by SYSTEM at 09-08-2012 11:27:14

Running from G:\

Windows 7 Ultimate (X86) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated)

HKLM\...\Run: [] [x]

HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)

HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [417792 2008-08-14] (Chicony)

HKLM\...\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe [191552 2007-01-09] (Agere Systems)

HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)

HKLM\...\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [61440 2008-01-21] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-15] (Samsung Electronics Co., Ltd.)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)

HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM\...\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM\...\Run: [seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [79112 2010-07-06] ()

HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.)

HKLM\...\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run [167936 2011-03-24] (Applian Technologies, Inc.)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)

HKU\owner\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-15] ()

HKU\owner\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-09-25] (Google Inc.)

HKU\owner\...\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload [975800 2012-07-15] (Samsung)

HKU\owner\...\Run: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-01] (Google Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

================================ Services (Whitelisted) ==================

2 Autodesk Content Service; "C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] ()

2 CDMA Device Service; C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [63488 2011-08-02] ()

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)

3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1044816 2011-09-21] (Flexera Software, Inc.)

2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)

2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-07-06] (Memeo)

3 SmartFaceVWatchSrv; "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe" [77824 2008-08-25] (Toshiba)

3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

1 CSC; C:\Windows\System32\drivers\csc.sys [388096 2010-11-20] ()

3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [97552 2011-08-29] (MotioninJoy)

0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)

3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-05-10] (Apple Inc.)

3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [104648 2011-07-17] (MCCI Corporation)

3 sscdmdfl; C:\Windows\System32\DRIVERS\sscdmdfl.sys [14920 2011-07-17] (MCCI Corporation)

3 sscdmdm; C:\Windows\System32\DRIVERS\sscdmdm.sys [132424 2011-07-17] (MCCI Corporation)

3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2010-08-19] (Microsoft Corporation)

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-09 11:26 - 2012-08-09 11:27 - 00000000 ____D C:\FRST

2012-08-09 07:22 - 2012-08-09 07:19 - 00892864 ____A (Farbar) C:\FRST.exe

2012-08-09 07:07 - 2012-08-09 07:07 - 00008905 ____A C:\Users\owner\Desktop\Attach.txt

2012-08-09 07:06 - 2012-08-09 07:06 - 00013731 ____A C:\Users\owner\Desktop\DDS.txt

2012-08-09 07:02 - 2012-08-09 07:00 - 00607260 ____R (Swearware) C:\Users\owner\Desktop\dds.com

2012-08-09 07:02 - 2012-08-09 07:00 - 00607260 ____A (Swearware) C:\Users\owner\Desktop\dds.scr

2012-08-03 12:43 - 2008-02-28 14:33 - 12582912 ____N C:\Users\owner\Desktop\modem.bin

2012-08-03 12:37 - 2012-05-02 15:27 - 00000000 ____D C:\Users\owner\Desktop\Rooted CWM Kernel

2012-08-03 12:28 - 2012-08-03 12:29 - 52048746 ____A C:\Users\owner\Desktop\gapps-ics-20120429-signed.zip

2012-08-03 12:03 - 2012-08-03 12:07 - 142609566 ____A C:\Users\owner\Desktop\cm-9-20120803-NIGHTLY-galaxysmtd.zip

2012-08-03 11:54 - 2012-08-03 11:54 - 07397898 ____A C:\Users\owner\Desktop\Rooted CWM Kernel.7z

2012-08-01 07:05 - 2012-08-01 07:05 - 00002377 ____A C:\Users\owner\Desktop\Google Chrome.lnk

2012-08-01 07:04 - 2012-08-09 07:14 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4235833265-3032768108-358918657-1000UA.job

2012-08-01 07:04 - 2012-08-09 07:14 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4235833265-3032768108-358918657-1000Core.job

2012-08-01 07:04 - 2012-08-01 07:04 - 00739824 ____A (Google Inc.) C:\Users\owner\Downloads\ChromeSetup.exe

2012-07-25 19:05 - 2012-07-25 19:05 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-25 19:05 - 2012-07-25 19:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes

2012-07-25 19:05 - 2012-07-25 19:05 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-07-25 19:05 - 2012-07-25 19:05 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-07-25 19:05 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-25 19:04 - 2012-07-25 19:05 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-1.62.0.1300.exe

2012-07-18 16:42 - 2012-07-18 16:42 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-07-18 16:39 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-18 16:39 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-18 16:39 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-18 16:39 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-18 16:39 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-18 16:39 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-18 16:39 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-18 16:39 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-18 16:39 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-18 16:39 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-18 16:39 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-18 16:39 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-18 16:39 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-18 16:39 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-18 16:34 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-11 07:19 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-11 07:18 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-11 07:18 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-11 07:18 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-11 07:18 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-11 07:18 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-11 07:18 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-11 07:18 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-11 07:18 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-11 07:18 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-10 09:48 - 2012-07-10 09:48 - 00000000 ____D C:\Users\owner\Desktop\FIXES MY PHONE

2012-07-10 09:34 - 2012-07-10 09:39 - 147381284 ____A C:\Users\owner\Downloads\GT_I9000M_UGKG3_UGKG3_BMCKG3_Sbl.7z

2012-07-10 09:34 - 2012-07-10 09:34 - 00160881 ____A C:\Users\owner\Downloads\Odin v1.82_and_512.pit_513.pit_803.pit_files.7z

2012-07-10 09:14 - 2012-07-10 09:23 - 176814064 ____A C:\Users\owner\Downloads\I9000UGKG3_I9000BMCKG3_BMC.zip

2012-07-10 08:36 - 2012-07-10 08:36 - 00203676 ____A C:\Users\owner\Downloads\Odin3-v1.85.zip

2012-07-10 06:51 - 2012-07-10 06:51 - 06268229 ____A C:\Users\owner\Downloads\-a id='watch-headline-show-title' href='artistBilly_Talent.mp4

2012-07-10 06:49 - 2012-07-10 06:49 - 10197927 ____A C:\Users\owner\Downloads\Devil in a Midnight Mass (DEMO).mp4

============ 3 Months Modified Files ========================

2012-08-09 07:22 - 2011-09-25 17:38 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-09 07:19 - 2012-08-09 07:22 - 00892864 ____A (Farbar) C:\FRST.exe

2012-08-09 07:14 - 2012-08-01 07:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4235833265-3032768108-358918657-1000UA.job

2012-08-09 07:14 - 2012-08-01 07:04 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4235833265-3032768108-358918657-1000Core.job

2012-08-09 07:07 - 2012-08-09 07:07 - 00008905 ____A C:\Users\owner\Desktop\Attach.txt

2012-08-09 07:06 - 2012-08-09 07:06 - 00013731 ____A C:\Users\owner\Desktop\DDS.txt

2012-08-09 07:05 - 2011-09-25 17:38 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-09 07:04 - 2011-09-19 05:36 - 00782096 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-09 07:02 - 2009-07-13 20:39 - 00040569 ____A C:\Windows\setupact.log

2012-08-09 07:00 - 2012-08-09 07:02 - 00607260 ____R (Swearware) C:\Users\owner\Desktop\dds.com

2012-08-09 07:00 - 2012-08-09 07:02 - 00607260 ____A (Swearware) C:\Users\owner\Desktop\dds.scr

2012-08-07 08:57 - 2009-07-13 20:34 - 00014784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-07 08:57 - 2009-07-13 20:34 - 00014784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-07 08:49 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-03 12:51 - 2011-09-14 16:48 - 01861064 ____A C:\Windows\WindowsUpdate.log

2012-08-03 12:29 - 2012-08-03 12:28 - 52048746 ____A C:\Users\owner\Desktop\gapps-ics-20120429-signed.zip

2012-08-03 12:07 - 2012-08-03 12:03 - 142609566 ____A C:\Users\owner\Desktop\cm-9-20120803-NIGHTLY-galaxysmtd.zip

2012-08-03 11:54 - 2012-08-03 11:54 - 07397898 ____A C:\Users\owner\Desktop\Rooted CWM Kernel.7z

2012-08-01 07:05 - 2012-08-01 07:05 - 00002377 ____A C:\Users\owner\Desktop\Google Chrome.lnk

2012-08-01 07:04 - 2012-08-01 07:04 - 00739824 ____A (Google Inc.) C:\Users\owner\Downloads\ChromeSetup.exe

2012-07-26 05:48 - 2011-09-19 06:50 - 01581830 ____A C:\Windows\PFRO.log

2012-07-25 19:05 - 2012-07-25 19:05 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-25 19:05 - 2012-07-25 19:04 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup-1.62.0.1300.exe

2012-07-19 07:37 - 2009-07-13 20:33 - 02298104 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-18 16:39 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini

2012-07-18 16:35 - 2011-09-19 06:06 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-10 09:39 - 2012-07-10 09:34 - 147381284 ____A C:\Users\owner\Downloads\GT_I9000M_UGKG3_UGKG3_BMCKG3_Sbl.7z

2012-07-10 09:34 - 2012-07-10 09:34 - 00160881 ____A C:\Users\owner\Downloads\Odin v1.82_and_512.pit_513.pit_803.pit_files.7z

2012-07-10 09:23 - 2012-07-10 09:14 - 176814064 ____A C:\Users\owner\Downloads\I9000UGKG3_I9000BMCKG3_BMC.zip

2012-07-10 08:36 - 2012-07-10 08:36 - 00203676 ____A C:\Users\owner\Downloads\Odin3-v1.85.zip

2012-07-10 06:51 - 2012-07-10 06:51 - 06268229 ____A C:\Users\owner\Downloads\-a id='watch-headline-show-title' href='artistBilly_Talent.mp4

2012-07-10 06:49 - 2012-07-10 06:49 - 10197927 ____A C:\Users\owner\Downloads\Devil in a Midnight Mass (DEMO).mp4

2012-07-05 15:51 - 2012-07-05 15:51 - 01628450 ____A C:\Users\owner\Downloads\dandelion.apk

2012-07-05 15:50 - 2012-07-05 15:50 - 01344179 ____A C:\Users\owner\Downloads\bluesea.apk

2012-07-05 15:45 - 2012-07-05 15:45 - 00778419 ____A C:\Users\owner\Downloads\DeepSea (1).apk

2012-07-05 14:31 - 2012-07-05 14:31 - 00778419 ____A C:\Users\owner\Downloads\DeepSea.apk

2012-07-05 14:27 - 2012-07-05 14:27 - 00893936 ____A (Oracle Corporation) C:\Users\owner\Downloads\chromeinstall-7u5.exe

2012-07-03 09:46 - 2012-07-25 19:05 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-29 08:07 - 2012-06-29 08:06 - 04588050 ____A C:\Users\owner\Downloads\TSSv1.5.0.03.crk.ChelpuS.v.2.0..zip

2012-06-25 23:02 - 2011-07-26 13:26 - 00045320 ____A (MARKANY) C:\Windows\System32\MAMACExtract.dll

2012-06-11 18:40 - 2012-07-18 16:34 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 20:41 - 2012-07-11 07:19 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-05 21:05 - 2012-07-11 07:18 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 21:05 - 2012-07-11 07:18 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 21:03 - 2012-07-11 07:18 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-02 14:19 - 2012-06-19 06:01 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-19 06:01 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-19 06:01 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-19 06:01 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-19 06:01 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:12 - 2012-06-19 06:01 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:12 - 2012-06-19 06:01 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 11:19 - 2012-06-19 06:01 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 11:12 - 2012-06-19 06:01 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 01:07 - 2012-07-18 16:39 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 00:43 - 2012-07-18 16:39 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 00:33 - 2012-07-18 16:39 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 00:26 - 2012-07-18 16:39 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 00:25 - 2012-07-18 16:39 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 00:25 - 2012-07-18 16:39 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 00:23 - 2012-07-18 16:39 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 00:21 - 2012-07-18 16:39 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 00:20 - 2012-07-18 16:39 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 00:19 - 2012-07-18 16:39 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 00:19 - 2012-07-18 16:39 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 00:17 - 2012-07-18 16:39 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 00:16 - 2012-07-18 16:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 00:14 - 2012-07-18 16:39 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-01 20:45 - 2012-07-11 07:18 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 20:45 - 2012-07-11 07:18 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 20:40 - 2012-07-11 07:18 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 20:40 - 2012-07-11 07:18 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 20:39 - 2012-07-11 07:18 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-05-28 23:38 - 2011-07-26 13:26 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll

2012-05-23 10:57 - 2012-05-23 10:57 - 01433723 ____A C:\Users\owner\Downloads\i9300lwp.apk

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%

Total physical RAM: 2813.84 MB

Available physical RAM: 2392.05 MB

Total Pagefile: 2812.12 MB

Available Pagefile: 2392.48 MB

Total Virtual: 2047.88 MB

Available Virtual: 1970.3 MB

======================= Partitions =========================

1 Drive c: (S3A6748D004) (Fixed) (Total:99.55 GB) (Free:21.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: () (Fixed) (Total:5.69 GB) (Free:5.59 GB) NTFS

3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.33 GB) NTFS

5 Drive g: (USB) (Removable) (Total:3.65 GB) (Free:1.51 GB) FAT32

7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 111 GB 0 B

Disk 1 Online 3745 MB 0 B

Disk 2 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 1500 MB 1024 KB

Partition 2 Primary 99 GB 1501 MB

Partition 3 Primary 5826 MB 101 GB

Partition 4 Primary 5207 MB 106 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C S3A6748D004 NTFS Partition 99 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D NTFS Partition 5826 MB Healthy

==================================================================================

Disk: 0

Partition 4

Type : 17 (Suspicious Type)

Hidden: Yes

Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3741 MB 4032 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G USB FAT32 Removable 3741 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-07 09:15

======================= End Of Log ==========================

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[DZmaj]

I can't get ComboFix to work properly, it crashes after the the green bar reaches the end. I disabled everything I could.

mbam.txt

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.09.10

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

owner :: OWNER-PC5 [administrator]

8/9/2012 4:10:03 PM

mbam-log-2012-08-09 (16-10-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 200746

Time elapsed: 9 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[screen317]

Hi,

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com (ensure that the Save As type is "All Files").

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!