Possible Infection. MWB blocking outgoing svchost connections

[cmrsimon]

a recent connection attempt by svchost to 5.61.45.152 was blocked.

 

here are the two logs

 

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.51.2
Run by king at 17:01:41 on 2014-01-26
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8169.6362 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Samsung\Samsung Link\utils\MetaExtractor.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge] <no file>
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{439D77F7-99EC-458F-9669-8F9E06EEA991} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{CE74DD25-4B21-4BFF-AD14-C8BE23267D41} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\king\AppData\Roaming\Mozilla\Firefox\Profiles\86zpfiax.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2013-11-01 11:41; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2012-6-6 317136]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\System32\drivers\MDPMGRNT.SYS [2013-12-27 32464]
R0 MDRAID;MacDrive RAID Bus Driver;C:\Windows\System32\drivers\MDRAID.SYS [2012-6-11 187120]
R0 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-12-9 74432]
R1 BSMEM;BSMEM;C:\Windows\System32\drivers\BSMEM.sys [2013-11-16 29344]
R1 CBDisk;CBDisk;C:\Windows\System32\drivers\CBDisk.sys [2013-12-27 70344]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2014-1-9 44744]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [2013-12-21 404360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-12-18 920872]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-12-18 555304]
R2 mastfat;FAT12/16/32 File System Driver;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-26 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-26 701512]
R2 Samsung Link Service;Samsung Link Service;C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [2013-12-8 609632]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-9-10 160944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-3-2 165688]
R3 BTHprint;Microsoft Bluetooth Printer Class;C:\Windows\System32\drivers\BTHPRINT.SYS [2009-7-13 67072]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-11-1 598808]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-11-1 39976]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-26 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-28 769168]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-10-13 39080]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2013-10-16 143016]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-11-13 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-1-26 91352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-28 20992]
S3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-12-9 129472]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-29 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-28 1255736]
S4 MacDrive9Service;MacDrive 9 service;C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [2012-5-21 178176]
S4 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2013-11-20 32960]
.
=============== Created Last 30 ================
.
2014-01-27 00:39:42    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-27 00:38:38    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-26 23:12:38    --------    d-----w-    C:\Users\king\AppData\Roaming\VOWSoft
2014-01-26 22:46:06    --------    d-----w-    C:\Users\king\AppData\Roaming\Malwarebytes
2014-01-26 22:45:58    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-26 22:45:58    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-01-26 22:45:58    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-26 22:45:51    --------    d-----w-    C:\Users\king\AppData\Local\Programs
2014-01-26 22:36:26    1354240    ----a-w-    C:\Windows\System32\mastfat.dll
2014-01-26 16:11:54    --------    d-----w-    C:\Program Files (x86)\VOWSoft iPod Software
2014-01-26 15:48:20    --------    d-----w-    C:\ProgramData\Xilisoft
2014-01-26 14:58:15    --------    d-----w-    C:\ProgramData\TenorShare
2014-01-24 22:23:03    --------    d-----w-    C:\ProgramData\TrueCrypt
2014-01-24 22:21:19    231376    ----a-w-    C:\Windows\System32\drivers\truecrypt.sys
2014-01-24 11:09:36    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E4C47307-57F6-4D52-BED0-8EC351D07493}\mpengine.dll
2014-01-18 09:21:48    --------    d-----w-    C:\Users\king\AppData\Local\SidasAutoCarryRebornUpdat
2014-01-17 23:48:44    --------    d-----w-    C:\Users\king\AppData\Roaming\BoL
2014-01-15 01:32:07    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-13 03:03:03    --------    d-----w-    C:\Program Files (x86)\Elaborate Bytes
2014-01-12 11:25:42    --------    d-----w-    C:\Windows\SysWow64\Hotspot Shield
2014-01-10 06:20:24    44744    ----a-w-    C:\Windows\System32\drivers\hssdrv6.sys
2014-01-10 06:18:15    --------    d-----w-    C:\ProgramData\Hotspot Shield
2014-01-10 06:17:47    --------    d-----w-    C:\Program Files (x86)\Hotspot Shield
2014-01-10 06:17:45    --------    d-----w-    C:\Users\king\AppData\Roaming\Hotspot Shield
.
==================== Find3M  ====================
.
2014-01-02 05:45:39    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-02 05:45:39    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-18 14:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-21 04:37:43    74432    ----a-w-    C:\Windows\System32\drivers\RzFilter.sys
2013-11-21 04:37:43    129472    ----a-w-    C:\Windows\System32\drivers\RzDxgk.sys
2013-11-13 10:51:44    42184    ----a-w-    C:\Windows\System32\drivers\taphss6.sys
2013-11-12 14:32:37    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-11-01 19:02:36    598808    ----a-w-    C:\Windows\System32\drivers\btwampfl.sys
2013-11-01 19:02:36    39976    ----a-w-    C:\Windows\System32\drivers\btwl2cap.sys
2013-11-01 19:02:36    21544    ----a-w-    C:\Windows\System32\drivers\btwrchid.sys
2013-11-01 19:02:36    210984    ----a-w-    C:\Windows\System32\drivers\btwavdt.sys
2013-11-01 19:02:36    184144    ----a-w-    C:\Windows\System32\drivers\btwaudio.sys
2013-11-01 19:02:36    165688    ----a-w-    C:\Windows\System32\drivers\bcbtums.sys
2013-10-30 16:14:49    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-30 16:13:14    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-10-30 16:13:14    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-10-29 19:12:22    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2013-10-29 19:12:22    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
.
============= FINISH: 17:02:47.37 ===============
 

 

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2013 1:47:58 PM
System Uptime: 1/26/2014 4:58:31 PM (1 hours ago)
.
Motherboard: BIOSTAR Group |  | TA970
Processor: AMD FX-6300 Six-Core Processor              | CPU 1 | 3500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 368 GiB total, 203.243 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 93.368 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_63001565&REV_00\4&28B85F88&0&00A9
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_63001565&REV_00\4&28B85F88&0&00A9
Service:
.
==== System Restore Points ===================
.
RP56: 1/17/2014 5:52:35 AM - Windows Update
RP57: 1/21/2014 4:17:16 AM - Windows Update
RP58: 1/24/2014 2:21:05 PM - TrueCrypt installation
RP59: 1/25/2014 6:50:59 PM - TrueCrypt uninstallation
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader XI (11.0.06)
AllShare Framework DMS
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
C5500
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cryptostorm Client
Destinations
DeviceDiscovery
Dropbox
GPBaseService2
Hotspot Shield 3.23
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iBackupBot 5.1.1.4
iCloud
Imgur Uploader
iTunes
Java 7 Update 51
Java Auto Updater
League of Legends
Livestreamer 1.7.0
Logitech Gaming Software
Logitech Gaming Software 8.50
LOLReplay
MacDrive 9 Pro
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
mIRC
MozBackup 1.5.1
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.1.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
OpenVPN 2.3.2-I003
Palisade Numerical Tools - Book Version
PDF Settings CS6
Pidgin
PS_AIO_04_C5500_Software_Min
Razer Comms
Razer Core
Razer Synapse 2.0
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Samsung Link 1.8.0.1401171024
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Shop for HP Supplies
Skype™ 5.11
SmartWebPrinting
SolutionCenter
Status
Steam
TAP-Windows 9.9.2
TI-83 Plus Flash Debugger
Toolbox
TrayApp
Tseries BIOS Update
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VLC media player 2.1.2
WapSter AQQ
WebReg
WIDCOMM Bluetooth Software
WinRAR 4.00 (64-bit)
Xilisoft iPhone SMS Backup
.
==== End Of File ===========================
 

[Maniac]

Hello cmrsimon and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as µTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are done, please generate a new fresh DDS log files.

[cmrsimon]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.51.2
Run by king at 1:27:32 on 2014-01-27
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8169.5354 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge] <no file>
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{439D77F7-99EC-458F-9669-8F9E06EEA991} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{CE74DD25-4B21-4BFF-AD14-C8BE23267D41} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\king\AppData\Roaming\Mozilla\Firefox\Profiles\86zpfiax.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2013-11-01 11:41; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\System32\drivers\MDFSYSNT.SYS [2012-6-6 317136]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\System32\drivers\MDPMGRNT.SYS [2013-12-27 32464]
R0 MDRAID;MacDrive RAID Bus Driver;C:\Windows\System32\drivers\MDRAID.SYS [2012-6-11 187120]
R0 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-12-9 74432]
R1 BSMEM;BSMEM;C:\Windows\System32\drivers\BSMEM.sys [2013-11-16 29344]
R1 CBDisk;CBDisk;C:\Windows\System32\drivers\CBDisk.sys [2013-12-27 70344]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2014-1-9 44744]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [2013-12-21 404360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-12-18 920872]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-12-18 555304]
R2 mastfat;FAT12/16/32 File System Driver;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-26 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-26 701512]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-3-2 165688]
R3 BTHprint;Microsoft Bluetooth Printer Class;C:\Windows\System32\drivers\BTHPRINT.SYS [2009-7-13 67072]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-11-1 598808]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-11-1 39976]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-26 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-28 769168]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-10-13 39080]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2013-10-16 143016]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-11-13 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Samsung Link Service;Samsung Link Service;C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [2013-12-8 609632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-9-10 160944]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-1-26 91352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-28 20992]
S3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-12-9 129472]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-29 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-28 1255736]
S4 MacDrive9Service;MacDrive 9 service;C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [2012-5-21 178176]
S4 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2013-11-20 32960]
.
=============== Created Last 30 ================
.
2014-01-27 00:39:42    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-27 00:38:38    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-26 23:12:38    --------    d-----w-    C:\Users\king\AppData\Roaming\VOWSoft
2014-01-26 22:46:06    --------    d-----w-    C:\Users\king\AppData\Roaming\Malwarebytes
2014-01-26 22:45:58    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-26 22:45:58    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-01-26 22:45:58    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-26 22:45:51    --------    d-----w-    C:\Users\king\AppData\Local\Programs
2014-01-26 22:36:26    1354240    ----a-w-    C:\Windows\System32\mastfat.dll
2014-01-26 16:11:54    --------    d-----w-    C:\Program Files (x86)\VOWSoft iPod Software
2014-01-26 15:48:20    --------    d-----w-    C:\ProgramData\Xilisoft
2014-01-26 14:58:15    --------    d-----w-    C:\ProgramData\TenorShare
2014-01-24 22:23:03    --------    d-----w-    C:\ProgramData\TrueCrypt
2014-01-24 22:21:19    231376    ----a-w-    C:\Windows\System32\drivers\truecrypt.sys
2014-01-24 11:09:36    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E4C47307-57F6-4D52-BED0-8EC351D07493}\mpengine.dll
2014-01-18 09:21:48    --------    d-----w-    C:\Users\king\AppData\Local\SidasAutoCarryRebornUpdat
2014-01-17 23:48:44    --------    d-----w-    C:\Users\king\AppData\Roaming\BoL
2014-01-15 01:32:07    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-13 03:03:03    --------    d-----w-    C:\Program Files (x86)\Elaborate Bytes
2014-01-12 11:25:42    --------    d-----w-    C:\Windows\SysWow64\Hotspot Shield
2014-01-10 06:20:24    44744    ----a-w-    C:\Windows\System32\drivers\hssdrv6.sys
2014-01-10 06:18:15    --------    d-----w-    C:\ProgramData\Hotspot Shield
2014-01-10 06:17:47    --------    d-----w-    C:\Program Files (x86)\Hotspot Shield
2014-01-10 06:17:45    --------    d-----w-    C:\Users\king\AppData\Roaming\Hotspot Shield
.
==================== Find3M  ====================
.
2014-01-02 05:45:39    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-02 05:45:39    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-18 14:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-21 04:37:43    74432    ----a-w-    C:\Windows\System32\drivers\RzFilter.sys
2013-11-21 04:37:43    129472    ----a-w-    C:\Windows\System32\drivers\RzDxgk.sys
2013-11-13 10:51:44    42184    ----a-w-    C:\Windows\System32\drivers\taphss6.sys
2013-11-12 14:32:37    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-11-01 19:02:36    598808    ----a-w-    C:\Windows\System32\drivers\btwampfl.sys
2013-11-01 19:02:36    39976    ----a-w-    C:\Windows\System32\drivers\btwl2cap.sys
2013-11-01 19:02:36    21544    ----a-w-    C:\Windows\System32\drivers\btwrchid.sys
2013-11-01 19:02:36    210984    ----a-w-    C:\Windows\System32\drivers\btwavdt.sys
2013-11-01 19:02:36    184144    ----a-w-    C:\Windows\System32\drivers\btwaudio.sys
2013-11-01 19:02:36    165688    ----a-w-    C:\Windows\System32\drivers\bcbtums.sys
2013-10-30 16:14:49    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-30 16:13:14    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-10-30 16:13:14    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-10-29 19:12:22    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2013-10-29 19:12:22    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
.
============= FINISH:  1:27:45.01 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2013 1:47:58 PM
System Uptime: 1/26/2014 4:58:31 PM (9 hours ago)
.
Motherboard: BIOSTAR Group |  | TA970
Processor: AMD FX-6300 Six-Core Processor              | CPU 1 | 3500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 368 GiB total, 203.184 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 93.368 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_63001565&REV_00\4&28B85F88&0&00A9
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_63001565&REV_00\4&28B85F88&0&00A9
Service:
.
==== System Restore Points ===================
.
RP56: 1/17/2014 5:52:35 AM - Windows Update
RP57: 1/21/2014 4:17:16 AM - Windows Update
RP58: 1/24/2014 2:21:05 PM - TrueCrypt installation
RP59: 1/25/2014 6:50:59 PM - TrueCrypt uninstallation
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader XI (11.0.06)
AllShare Framework DMS
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
C5500
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cryptostorm Client
Destinations
DeviceDiscovery
Dropbox
GPBaseService2
Hotspot Shield 3.23
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C5500 All-In-One Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iBackupBot 5.1.1.4
iCloud
Imgur Uploader
iTunes
Java 7 Update 51
Java Auto Updater
League of Legends
Livestreamer 1.7.0
Logitech Gaming Software
Logitech Gaming Software 8.50
LOLReplay
MacDrive 9 Pro
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
mIRC
MozBackup 1.5.1
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.1.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
OpenVPN 2.3.2-I003
Palisade Numerical Tools - Book Version
PDF Settings CS6
Pidgin
PS_AIO_04_C5500_Software_Min
Razer Comms
Razer Core
Razer Synapse 2.0
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Samsung Link 1.8.0.1401171024
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Shop for HP Supplies
Skype™ 5.11
SmartWebPrinting
SolutionCenter
Status
Steam
TAP-Windows 9.9.2
TI-83 Plus Flash Debugger
Toolbox
TrayApp
Tseries BIOS Update
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VLC media player 2.1.2
WapSter AQQ
WebReg
WIDCOMM Bluetooth Software
WinRAR 4.00 (64-bit)
Xilisoft iPhone SMS Backup
.
==== Event Viewer Messages From Past Week ========
.
1/27/2014 12:13:19 AM, Error: Service Control Manager [7034]  - The Samsung Link Service service terminated unexpectedly.  It has done this 1 time(s).
1/26/2014 4:54:01 PM, Error: Service Control Manager [7031]  - The Hotspot Shield Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
1/26/2014 4:53:58 PM, Error: Service Control Manager [7031]  - The Hotspot Shield Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
1/25/2014 7:08:26 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
1/24/2014 2:37:51 PM, Error: volmgr [45]  - The system could not sucessfully load the crash dump driver.
1/24/2014 2:37:41 PM, Error: volmgr [46]  - Crash dump initialization failed!
.
==== End Of File ===========================
 

[Maniac]

Please open www.virustotal.com and upload the following file:

:\Windows\System32\mastfat.dll

Wait until scan finished and copy/paste the URL.

[cmrsimon]

https://www.virustotal.com/en/file/c724326fc5c0950d5e4f80770415087863f98129b282ddbeceff0d2d5e6cba9d/analysis/1390819560/

[Maniac]

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!