malwarebytes feels suppressed

teemos · May 19, 2013

mbam.exe caps itself at around 136,000 KB and then dies upon trying to open the program, start a scan, check for updates, etc

i haven't uninstalled it or reinstalled it yet

it still manages to stay alive on the task bar, and it starts up along with windows as i marked for when the program still worked

nothing abnormal seems to be happening outside of this

all other programs work fine to me

DDS log pasted, attach.txt is attached

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 1.6.0_39

Run by Darren at 17:58:42 on 2013-05-19

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.4525 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\AlienRespawn\sftservice.EXE

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Alienware\Command Center\AlienFusionService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files\Alienware\Command Center\AWCCServiceController.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\AlienRespawn\Toaster.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Darren\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe

C:\Users\Darren\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Users\Darren\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe

C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe

C:\Program Files\Alienware\Command Center\AlienFusionController.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\taskmgr.exe

C:\Users\Darren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\Darren\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://AlienwareArena.com

uDefault_Page_URL = hxxp://AlienwareArena.com

mWinlogon: Userinit = userinit.exe,

BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Google Update] "C:\Users\Darren\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [sanDiskSecureAccess_Manager.exe] C:\Users\Darren\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

uRun: [AdobeBridge] <no file>

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

mRun: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Darren\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEAGAT~1.LNK - C:\Users\Darren\AppData\Roaming\Leadertech\PowerRegister\Seagate NA03JM45 Product Registration.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AWMOUS~1.LNK - C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: C:\Windows\System32\cwalsp.dll

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

TCP: Interfaces\{C3528DA2-14BD-4FB1-BCE2-7748FC714D20} : DHCPNameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{C3528DA2-14BD-4FB1-BCE2-7748FC714D20}\3594F40514F4 : DHCPNameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{C3528DA2-14BD-4FB1-BCE2-7748FC714D20}\B4F6C6F6B6F697723702E4564777F627B6 : DHCPNameServer = 10.0.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\6wwz4bmn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.neopets.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Darren\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Users\Darren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-2 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-2 189936]

R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-6-27 25960]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-6-27 21616]

R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-11-1 21136]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-3-29 1025808]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-3-29 378432]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-27 98208]

R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-1-13 15296]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-3-29 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-3-29 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-16 46808]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 CwAltaService20;ContentWatch;C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe [2012-12-16 3074624]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-15 8704]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-27 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 701512]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-6-27 705856]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-18 378472]

R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-6-27 27760]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-6-27 175168]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-27 317440]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-6-27 76912]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-25 25928]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-27 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-27 181248]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]

S0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2011-6-27 25688]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s --> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]

S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-6-27 173656]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-5 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-4 1255736]

.

=============== Created Last 30 ================

.

2013-05-19 21:32:35 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5E7C660-EC09-45CE-A7EE-1FD5B9391690}\offreg.dll

2013-05-17 21:22:59 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5E7C660-EC09-45CE-A7EE-1FD5B9391690}\mpengine.dll

2013-05-15 19:00:19 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-15 19:00:19 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-15 19:00:19 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-15 19:00:06 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-15 19:00:03 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-15 19:00:03 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-15 19:00:02 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-15 18:59:54 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-15 18:59:54 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-05-15 18:59:53 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-13 21:16:40 -------- d-----r- C:\Program Files (x86)\Skype

2013-05-03 19:25:21 -------- d-----w- C:\Program Files (x86)\osu!

2013-05-03 19:24:37 -------- d-----w- C:\Users\Darren\AppData\Roaming\Downloaded Installations

2013-04-23 18:47:55 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

.

==================== Find3M ====================

.

2013-05-14 19:16:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-14 19:16:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr

2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-14 17:26:08 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-07 19:38:02 477616 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-07 19:38:02 473520 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 18:00:01.47 ===============

attach.txt

Maniac · May 20, 2013

Hello teemos and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall this application: µTorrent

Step 2

Follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=10138&view=findpost&p=417798

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

Download on the desktop RogueKiller
Quit all programs
Start RogueKiller.exe
Wait until Prescan has finished ...
Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
RogueKiller log

teemos · May 20, 2013

Step 1: Uninstalled successfully.

Step 2: Completed.

Step 3: mbam.exe memory caps and the process then closes shortly after. Sorry. It's still actively giving the messages that it is outdated and that it is blocking IP addresses occasionally in the toolbar.

Step 4:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Darren [Admin rights]

Mode : Scan -- Date : 05/20/2013 14:53:05

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[TASK][sUSP PATH] {6251E707-3411-4EE0-81AD-D8085A3D5AD4} : msiexec.exe /package "C:\Users\Darren\Desktop\apploc.msi" [x] -> FOUND

[TASK][sUSP PATH] Seagate NA03JM45 Product Registration (Darren) : C:\Users\Darren\AppData\Roaming\Leadertech\PowerRegister\Seagate NA03JM45 Product Registration.exe /remind /language=ENU /SRNM="NA03JM45" /BRND="Seagate" /BDSR="Seagate NA03JM45" /loadsrnm="NA03JM45" [x] -> FOUND

[sTARTUP][sUSP PATH] Seagate NA03JM45 Product Registration.lnk @Darren : C:\Users\Darren\AppData\Roaming\Leadertech\PowerRegister\Seagate NA03JM45 Product Registration.exe [x] -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEKT-75PVMT0 +++++

--- User ---

[MBR] 0c17b86b46b61e632d95e70d3504a0ec

[bSP] cd51bbb1c9a2e4fe25833053a4543bfa : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 20158 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41365504 | Size: 285046 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05202013_02d1453.txt >>

RKreport[1]_S_05202013_02d1453.txt

Maniac · May 20, 2013

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

teemos · May 21, 2013

I have the log now, except now I cannot connect to the internet. (name resolution error) There is no problem found in the network diagnosis, and I can't seem to find out how to repair it. Oh, and mbam.exe now his 194,000kb and dies two seconds later, not even opening the window.

Maniac · May 21, 2013

Please post the log file.

teemos · May 21, 2013

had to transfer this over

ComboFix 13-05-20.01 - Darren 05/20/2013 20:27:27.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5230 [GMT -4:00]

Running from: c:\users\Darren\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\programdata\Roaming

c:\windows\apppatch\AppLoc.exe

c:\windows\SysWow64\frapsvid.dll

.

((((((((((((((((((((((((( Files Created from 2013-04-21 to 2013-05-21 )))))))))))))))))))))))))))))))

.

2013-05-21 00:39 . 2013-05-21 00:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-05-21 00:39 . 2013-05-21 00:39 -------- d-----w- c:\users\TEST\AppData\Local\temp

2013-05-17 21:22 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5E7C660-EC09-45CE-A7EE-1FD5B9391690}\mpengine.dll

2013-05-15 19:00 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 19:00 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 19:00 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-15 19:00 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-15 19:00 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-15 19:00 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-15 19:00 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-15 19:00 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-15 19:00 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-15 18:59 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-15 18:59 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-15 18:59 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-05-13 21:16 . 2013-05-13 21:16 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-05-13 21:16 . 2013-05-13 21:16 -------- d-----r- c:\program files (x86)\Skype

2013-05-03 19:25 . 2013-05-21 00:20 -------- d-----w- c:\program files (x86)\osu!

2013-05-03 19:24 . 2013-05-03 19:24 -------- d-----w- c:\users\Darren\AppData\Roaming\Downloaded Installations

2013-04-23 18:47 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-19 21:10 . 2011-08-11 17:04 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-17 00:35 . 2011-03-28 23:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-14 19:16 . 2012-04-04 01:36 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-14 19:16 . 2011-07-03 03:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-09 08:59 . 2013-03-02 11:42 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-05-09 08:59 . 2013-03-02 11:41 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-09 08:59 . 2012-03-29 19:04 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-05-09 08:59 . 2012-03-29 19:04 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-05-09 08:59 . 2012-03-29 19:04 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-05-09 08:59 . 2012-03-29 19:04 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-05-09 08:59 . 2012-03-29 19:04 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-05-09 08:59 . 2012-03-29 19:04 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-09 08:58 . 2012-03-29 19:04 41664 ----a-w- c:\windows\avastSS.scr

2013-05-09 08:58 . 2011-08-03 03:53 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-05-02 06:06 . 2011-08-03 04:04 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-14 17:27 . 2013-04-14 17:27 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-04-14 17:27 . 2013-04-14 17:27 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-04-14 17:27 . 2013-04-14 17:27 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-04-14 17:27 . 2013-04-14 17:27 81408 ----a-w- c:\windows\system32\icardie.dll

2013-04-14 17:27 . 2013-04-14 17:27 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-04-14 17:27 . 2013-04-14 17:27 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-04-14 17:27 . 2013-04-14 17:27 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-04-14 17:27 . 2013-04-14 17:27 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-04-14 17:27 . 2013-04-14 17:27 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-04-14 17:27 . 2013-04-14 17:27 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-04-14 17:27 . 2013-04-14 17:27 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-04-14 17:27 . 2013-04-14 17:27 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-04-14 17:27 . 2013-04-14 17:27 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-04-14 17:27 . 2013-04-14 17:27 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-04-14 17:27 . 2013-04-14 17:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-04-14 17:27 . 2013-04-14 17:27 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-04-14 17:27 . 2013-04-14 17:27 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-04-14 17:27 . 2013-04-14 17:27 441856 ----a-w- c:\windows\system32\html.iec

2013-04-14 17:27 . 2013-04-14 17:27 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-04-14 17:27 . 2013-04-14 17:27 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-04-14 17:27 . 2013-04-14 17:27 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-04-14 17:27 . 2013-04-14 17:27 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-14 17:27 . 2013-04-14 17:27 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-04-14 17:27 . 2013-04-14 17:27 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-04-14 17:27 . 2013-04-14 17:27 235008 ----a-w- c:\windows\system32\url.dll

2013-04-14 17:27 . 2013-04-14 17:27 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-04-14 17:27 . 2013-04-14 17:27 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-04-14 17:27 . 2013-04-14 17:27 216064 ----a-w- c:\windows\system32\msls31.dll

2013-04-14 17:27 . 2013-04-14 17:27 197120 ----a-w- c:\windows\system32\msrating.dll

2013-04-14 17:27 . 2013-04-14 17:27 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-04-14 17:27 . 2013-04-14 17:27 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-04-14 17:27 . 2013-04-14 17:27 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-04-14 17:27 . 2013-04-14 17:27 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-04-14 17:27 . 2013-04-14 17:27 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-14 17:27 . 2013-04-14 17:27 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-04-14 17:27 . 2013-04-14 17:27 149504 ----a-w- c:\windows\system32\occache.dll

2013-04-14 17:27 . 2013-04-14 17:27 144896 ----a-w- c:\windows\system32\wextract.exe

2013-04-14 17:27 . 2013-04-14 17:27 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-04-14 17:27 . 2013-04-14 17:27 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-04-14 17:27 . 2013-04-14 17:27 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-04-14 17:27 . 2013-04-14 17:27 13824 ----a-w- c:\windows\system32\mshta.exe

2013-04-14 17:27 . 2013-04-14 17:27 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-04-14 17:27 . 2013-04-14 17:27 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-04-14 17:27 . 2013-04-14 17:27 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-04-14 17:27 . 2013-04-14 17:27 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-04-14 17:27 . 2013-04-14 17:27 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-04-14 17:27 . 2013-04-14 17:27 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-04-14 17:27 . 2013-04-14 17:27 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-04-14 17:27 . 2013-04-14 17:27 102912 ----a-w- c:\windows\system32\inseng.dll

2013-04-14 17:26 . 2013-04-14 17:26 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-04-14 17:26 . 2013-04-14 17:26 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-04-14 17:26 . 2013-04-14 17:26 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-04-14 17:26 . 2013-04-14 17:26 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-04-14 17:26 . 2013-04-14 17:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-04-14 17:26 . 2013-04-14 17:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-04-14 17:26 . 2013-04-14 17:26 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-04-14 17:26 . 2013-04-14 17:26 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-04-14 17:26 . 2013-04-14 17:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-04-14 17:26 . 2013-04-14 17:26 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-04-14 17:26 . 2013-04-14 17:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-04-14 17:26 . 2013-04-14 17:26 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-04-14 17:26 . 2013-04-14 17:26 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-04-14 17:26 . 2013-04-14 17:26 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-04-14 17:26 . 2013-04-14 17:26 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-14 17:26 . 2013-04-14 17:26 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-04-14 17:26 . 2013-04-14 17:26 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-04-14 17:26 . 2013-04-14 17:26 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-04-14 17:26 . 2013-04-14 17:26 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-04-14 17:26 . 2013-04-14 17:26 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-04-14 17:26 . 2013-04-14 17:26 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}]

2012-11-11 21:36 617344 ----a-w- c:\program files (x86)\Coupon Companion\Coupon Companion.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Darren\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Darren\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Darren\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-05-18 1636264]

"SanDiskSecureAccess_Manager.exe"="c:\users\Darren\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2012-05-06 30705792]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-01-13 1348976]

"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2010-08-19 487562]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

c:\users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Seagate NA03JM45 Product Registration.lnk - c:\users\Darren\AppData\Roaming\Leadertech\PowerRegister\Seagate NA03JM45 Product Registration.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AWMouseCI.lnk - c:\program files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe [2009-6-25 831488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2010-12-27 25688]

R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-01-13 15296]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-04-19 161384]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-02-01 173656]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-04 1255736]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-11 25960]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2011-02-01 98208]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]

S2 CwAltaService20;ContentWatch;c:\program files (x86)\ContentWatch\Internet Protection\cwsvc.exe [2012-02-09 3074624]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-10-26 8704]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-01-13 705856]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-27 27760]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-14 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-26 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-01 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-01 181248]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:16]

.

2013-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-486139842-2871301840-973405881-1002Core.job

- c:\users\Darren\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-26 21:08]

.

2013-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-486139842-2871301840-973405881-1002UA.job

- c:\users\Darren\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-26 21:08]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Darren\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Darren\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Darren\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Darren\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-02-18 312936]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-01 6602856]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-02-01 2186856]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 703088]

"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-01-13 13256]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-04-22 130576]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-26 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-26 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-26 418840]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-01-24 477600]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://AlienwareArena.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB

FF - ProfilePath - c:\users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\6wwz4bmn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.neopets.com/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-LogMeIn Hamachi Ui - c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Action Replay Code Manager_is1 - c:\users\Darren\Desktop\Hax\Action Replay Code Manager\unins000.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe

AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\AlienRespawn\Toaster.exe

.

**************************************************************************

.

Completion time: 2013-05-20 20:53:31 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-21 00:53

.

Pre-Run: 19,991,146,496 bytes free

Post-Run: 20,802,404,352 bytes free

.

- - End Of File - - CDCF0EC6DA1D0C352746200AB7DBF4

Maniac · May 21, 2013

Please post the content of C:\QooBox\ComboFix-quarantined-files.txt

teemos · May 21, 2013

2013-05-21 00:52:19 . 2013-05-21 00:52:19 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat

2013-05-21 00:52:17 . 2013-05-21 00:52:17 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat

2013-05-21 00:52:13 . 2013-05-21 00:52:13 377 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat

2013-05-21 00:51:50 . 2013-05-21 00:51:50 192 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-LogMeIn Hamachi Ui.reg.dat

2013-05-21 00:51:47 . 2013-05-21 00:51:47 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-AdobeBridge.reg.dat

2013-05-21 00:51:45 . 2013-05-21 00:51:45 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat

2013-05-21 00:36:28 . 2013-05-21 00:36:28 12,281 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2013-05-21 00:25:00 . 2013-05-21 00:25:00 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

2012-08-30 13:18:00 . 2012-08-30 13:18:00 65,536 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\frapsvid.dll.vir

2007-11-07 12:44:20 . 2007-11-07 12:44:20 855,040 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir

2003-06-13 21:23:06 . 2003-06-13 21:23:06 50,176 ----a-w- C:\Qoobox\Quarantine\C\Windows\AppPatch\AppLoc.exe.vir

Maniac · May 22, 2013

ComboFix was created a restore point. Please restore your system to it:

http://windows.microsoft.com/en-US/windows7/products/features/system-restore

teemos · May 22, 2013

Done

Maniac · May 22, 2013

Do you still have a problem with your internet connection?

teemos · May 22, 2013

Internet works. MBAM is back to where it started. I think reinstalling it might fix it at this point.

Maniac · May 22, 2013

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

teemos · May 22, 2013

The mbam home window won't open no matter how many times I try. The process shows up and dies, the exact same thing that has been happening already.

Maniac · May 26, 2013

Are you still with me?

teemos · May 26, 2013

Was waiting for a response. I can't scan if the mbam home window never opens. I'd like to be clear to uninstall and reinstall if no more options are available.

Maniac · May 26, 2013

Download and run mbam-clean.exe from here
It will ask to restart your computer, please allow it to do so very important
After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
- Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
- Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
  Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

teemos · May 26, 2013

yeah im sorry i have no idea what's going on anymore

i reinstalled mbam successfully but the process still dies shortly after i open it

this also applies to a game launcher for another process for some reason

i'm not sure if this is malware or some faulty system setting

Maniac · May 26, 2013

Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
[*]Check "YES, I accept the Terms of Use."
[*]Click the Start button.
[*]Accept any security warnings from your browser.
[*]Under Scan Settings, check "Scan Archives" and "Remove found threats"
[*]Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
[*]When the scan completes, click List Threats
[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
[*]Click the Back button.
[*]Click the Finish button.

teemos · May 27, 2013

C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined

C:\Program Files (x86)\Coupon Companion\Uninstall.exe Win32/Toolbar.CrossRider.B application cleaned by deleting - quarantined

C:\Users\Darren\Downloads\cbsidlm-tr1_5-JoyToKey-75220348.exe multiple threats cleaned by deleting - quarantined

C:\Users\Darren\Downloads\cnet2_GOMVIDEOCONVERTERSETUP_ENG_EXE.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

Maniac · May 27, 2013

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

teemos · May 29, 2013

http://gyazo.com/503...ae007e10666.png

I think the process gets stuck up there. I don't even get a window for it.

Not sure if it has anything to do with the attached error. I think it might, seeing as this is the only window that showed up when the kaspersky symbol appeared in the toolbar.

Maniac · May 29, 2013

Manually delete it and download again with another browser.

teemos · June 1, 2013

No threats were detected in the full scan,

malwarebytes feels suppressed

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information