RX8tasy Posted September 26, 2011 ID:479408 Share Posted September 26, 2011 Hello, I have a pesky IE 7 search redirect issue that seems to have started when I accidentally clicked on Adobe flash update icon from the lower right tray. Initially, the computer was infected with Trojan.SHarpro, Trojan.BHO, and PUM.Bad.Proxy, per Malwarebytes. After repeated cleaning in both safe & normal mode, supposedly all virus were removed.However, a zero byte file named "dbkjhzdmop.tmp" gets added to the desktop upon starting up IE every time, with the redirect issue cropping up. Malwarebytes only shows HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) at the moment. Please kindly help! Link to post Share on other sites More sharing options...
Staff screen317 Posted September 28, 2011 Staff ID:480143 Share Posted September 28, 2011 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, download DDS by sUBs and save it to your Desktop. Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply. Link to post Share on other sites More sharing options...
RX8tasy Posted September 28, 2011 Author ID:480302 Share Posted September 28, 2011 Thank you screen317!Here is MBAM log after update to 7813, which made a few more discoveries as compared definition 7795:Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 7813Windows 5.1.2600 Service Pack 2Internet Explorer 7.0.5730.139/27/2011 11:41:02 PMmbam-log-2011-09-27 (23-41-02).txtScan type: Quick scanObjects scanned: 209024Time elapsed: 13 minute(s), 17 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 4Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{11A8EC4A-808D-4EC5-9D8F-D76A318C2C1a} (Trojan.Tracur.VGen) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11A8EC4A-808D-4EC5-9D8F-D76A318C2C1A} (Trojan.Tracur.VGen) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11A8EC4A-808D-4EC5-9D8F-D76A318C2C1A} (Trojan.Tracur.VGen) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\documents and settings\vean\local settings\application data\networkwmp.dll (Trojan.Tracur.VGen) -> Quarantined and deleted successfully.c:\documents and settings\vean\local settings\Temp\thpm5054098181024561412.tmp (Trojan.Tracur.VGen) -> Quarantined and deleted successfully.-----------------------------------------------------------------------------And here is dds.txt:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13Run by vean at 23:49:04 on 2011-09-27Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.427 [GMT -7:00].AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Pinnacle\Drivers\pctvsvc.exeC:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\WINDOWS\VM303_STI.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\vean\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exeC:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Internet Explorer\iexplore.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/uSearch Page = hxxp://www.google.comuDefault_Page_URL = hxxp://www.dell.comuSearch Bar = hxxp://www.google.com/iemDefault_Search_URL = hxxp://www.google.com/iemSearch Page = hxxp://www.google.commStart Page = hxxp://www.google.comuInternet Connection Wizard,ShellNext = hxxp://www.dell.com/uInternet Settings,ProxyOverride = <local>mSearchAssistant = hxxp://www.google.comBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exeuRun: [Nike+ Connect] "c:\documents and settings\vean\local settings\application data\nike\nike+ connect\Nike+ Connect daemon.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exemRun: [bigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [sunkist2k] c:\program files\multimedia card reader\shwicon2k.exemRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe AutorunmRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.configmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - c:\program files\airlink101\awlc3028 & awlh3028\RtWLan.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3elite\utility\Spyder3Utility.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exeIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://bba.bloomberg.net/Citrix/ICAWEB/en/ica32/wficat.cabDPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABDPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{44259A3A-1F8B-4679-B470-7C75E1CCDD1D} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{C339BA77-CEF8-4B36-BB66-BE6CA95A2163} : DhcpNameServer = 192.168.1.1Filter: text/html - {761f60f0-2950-45d3-a54f-a2d98f36d96c} - Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLHandler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks pro\HelpAsyncPluggableProtocol.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.============= SERVICES / DRIVERS ===============.R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]R1 MpKsl734adbbe;MpKsl734adbbe;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb5fe47-0052-4716-8ffe-503d208c84be}\MpKsl734adbbe.sys [2011-9-27 28752]R1 SASDIFSV;SASDIFSV;c:\docume~1\vean\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-5-15 9968]R1 SASKUTIL;SASKUTIL;c:\docume~1\vean\locals~1\temp\sas_selfextract\SASKUTIL.sys [2010-5-15 74480]R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-1-6 38144]R2 pctvsvc;PCTV Service;c:\program files\pinnacle\drivers\pctvsvc.exe [2008-1-1 125952]R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2007-9-5 455968]R3 BoosterKey;PCTV key Service;c:\windows\system32\drivers\pctvkey.sys [2008-1-1 16384]R3 havanet;PCTV To Go NDIS Protocol Driver;c:\windows\system32\drivers\pctvnet.sys [2008-1-1 14848]R3 HAVATV;PCTV To Go Video Device;c:\windows\system32\drivers\PCTV.sys [2008-1-1 347904]R3 HavaTV_10;PCTV To Go Remote Video Device;c:\windows\system32\drivers\PCTV_10.sys [2008-1-1 347904]R3 pctvbus;PCTV To Go Bus Enumerator;c:\windows\system32\drivers\pctvbus.sys [2008-1-1 25088]S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]S3 dcscusb;Spyder3Print SR Spectrocolorimeter;c:\windows\system32\drivers\dcscusb.sys [2009-5-29 16384]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2006-9-28 9472]S3 SASENUM;SASENUM;\??\c:\docume~1\vean\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\vean\locals~1\temp\sas_selfextract\SASENUM.SYS [?]S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2007-2-13 12288]S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2010-4-12 12288]S3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\tnet1130.sys --> c:\windows\system32\drivers\tnet1130.sys [?]S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?].=============== Created Last 30 ================.2011-09-28 06:43:33 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb5fe47-0052-4716-8ffe-503d208c84be}\MpKsl734adbbe.sys2011-09-28 06:43:25 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb5fe47-0052-4716-8ffe-503d208c84be}\offreg.dll2011-09-28 06:32:25 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb5fe47-0052-4716-8ffe-503d208c84be}\mpengine.dll2011-09-25 08:11:16 0 ---ha-w- c:\documents and settings\vean\dbkjhzdmop.tmp2011-09-25 08:10:42 -------- d-----w- c:\documents and settings\vean\local settings\application data\PCHealth.==================== Find3M ====================.2011-09-25 07:49:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys.============= FINISH: 23:51:51.34 ===============Redirect no longer an issue after latest MBAM clean effort, and no more temp file showing on desktop. Not sure virus/trojan free though.Thanks again! Link to post Share on other sites More sharing options...
Staff screen317 Posted October 2, 2011 Staff ID:481628 Share Posted October 2, 2011 Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
RX8tasy Posted October 4, 2011 Author ID:481983 Share Posted October 4, 2011 [*]Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317Here is ComboFix:ComboFix 11-10-03.01 - vean 10/03/2011 8:55.1.1 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.540 [GMT -7:00]Running from: c:\documents and settings\vean\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Documents\_desktop.inic:\documents and settings\All Users\Documents\My Music\_desktop.inic:\documents and settings\All Users\Documents\My Music\My Playlists\_desktop.inic:\documents and settings\All Users\Documents\My Music\Sample Music\_desktop.inic:\documents and settings\All Users\Documents\My Music\Sample Playlists\_desktop.inic:\documents and settings\All Users\Documents\My Music\Sample Playlists\01174931\_desktop.inic:\documents and settings\All Users\Documents\My Music\Sync Playlists\_desktop.inic:\documents and settings\All Users\Documents\My Music\Sync Playlists\01174940\_desktop.inic:\documents and settings\All Users\Documents\My Pictures\_desktop.inic:\documents and settings\All Users\Documents\My Pictures\Sample Pictures\_desktop.inic:\documents and settings\All Users\Documents\My Videos\_desktop.inic:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{11d1057e-e00f-4a87-a799-fb779ef81f8a}c:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{11d1057e-e00f-4a87-a799-fb779ef81f8a}\chrome.manifestc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{11d1057e-e00f-4a87-a799-fb779ef81f8a}\chrome\xulcache.jarc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{11d1057e-e00f-4a87-a799-fb779ef81f8a}\defaults\preferences\xulcache.jsc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{11d1057e-e00f-4a87-a799-fb779ef81f8a}\install.rdfc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{2e6239a9-7023-422e-8847-8fe5a4f7c87a}c:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{2e6239a9-7023-422e-8847-8fe5a4f7c87a}\chrome.manifestc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{2e6239a9-7023-422e-8847-8fe5a4f7c87a}\chrome\xulcache.jarc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{2e6239a9-7023-422e-8847-8fe5a4f7c87a}\defaults\preferences\xulcache.jsc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{2e6239a9-7023-422e-8847-8fe5a4f7c87a}\install.rdfc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{5f521cf6-f4e6-47a6-a8c9-36ed472048ac}c:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{5f521cf6-f4e6-47a6-a8c9-36ed472048ac}\chrome.manifestc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{5f521cf6-f4e6-47a6-a8c9-36ed472048ac}\chrome\xulcache.jarc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{5f521cf6-f4e6-47a6-a8c9-36ed472048ac}\defaults\preferences\xulcache.jsc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{5f521cf6-f4e6-47a6-a8c9-36ed472048ac}\install.rdfc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{845c62bf-ce76-430d-a739-94d6fd1f97c9}c:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{845c62bf-ce76-430d-a739-94d6fd1f97c9}\chrome.manifestc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{845c62bf-ce76-430d-a739-94d6fd1f97c9}\chrome\xulcache.jarc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{845c62bf-ce76-430d-a739-94d6fd1f97c9}\defaults\preferences\xulcache.jsc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{845c62bf-ce76-430d-a739-94d6fd1f97c9}\install.rdfc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{989fe90b-9432-41a3-beae-906d2736a8fa}c:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{989fe90b-9432-41a3-beae-906d2736a8fa}\chrome.manifestc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{989fe90b-9432-41a3-beae-906d2736a8fa}\chrome\xulcache.jarc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{989fe90b-9432-41a3-beae-906d2736a8fa}\defaults\preferences\xulcache.jsc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{989fe90b-9432-41a3-beae-906d2736a8fa}\install.rdfc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{b292a2d8-4c34-4d72-92fb-572bbf0eff50}c:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{b292a2d8-4c34-4d72-92fb-572bbf0eff50}\chrome.manifestc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{b292a2d8-4c34-4d72-92fb-572bbf0eff50}\chrome\xulcache.jarc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{b292a2d8-4c34-4d72-92fb-572bbf0eff50}\defaults\preferences\xulcache.jsc:\documents and settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{b292a2d8-4c34-4d72-92fb-572bbf0eff50}\install.rdfc:\documents and settings\vean\dbkjhzdmop.tmpc:\documents and settings\vean\WINDOWSc:\program files\messenger\msmsgsin.exec:\program files\Sharedc:\windows\dasetup.logc:\windows\iun6002.exec:\windows\system32\comct332.ocxc:\windows\system32\spool\prtprocs\w32x86\cl31cpc.dllc:\windows\TSOC.LOG..((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))..2011-10-03 15:46 . 2011-10-03 15:46 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA61F5F1-7B5F-4C3E-A6EA-AD5DAEF312DF}\offreg.dll2011-10-03 15:46 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DA61F5F1-7B5F-4C3E-A6EA-AD5DAEF312DF}\mpengine.dll2011-09-25 08:10 . 2011-09-25 08:10 -------- d-----w- c:\documents and settings\vean\Local Settings\Application Data\PCHealth...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-09-25 07:49 . 2011-08-28 19:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-12 23:14 . 2010-10-13 03:46 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2011-09-01 00:00 . 2009-08-24 04:27 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-12 02:44 . 2011-08-29 05:53 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-17 3872080]"Nike+ Connect"="c:\documents and settings\vean\Local Settings\Application Data\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2010-10-01 299008].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]"BigDog303"="c:\windows\VM303_STI.EXE" [2005-03-10 53248]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-27 180269]"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-12-10 7311360]"nwiz"="nwiz.exe" [2005-12-10 1519616]"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-12-10 86016]"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2005-10-08 139264]"PeachtreePrefetcher.exe"="c:\progra~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" [2008-10-02 32768]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160].c:\documents and settings\All Users\Start Menu\Programs\Startup\Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk - c:\program files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe [2008-1-6 811008]Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-7-22 577597]Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-9-20 24576]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-27 972064]Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2010-6-4 7667970].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\WINDOWS\\SYSTEM32\\java.exe"="c:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"="c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"1778:UDP"= 1778:UDP:PCTV Service.R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [3/8/2007 10:19 PM 646392]R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\vean\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\vean\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\vean\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\vean\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\SYSTEM32\DRIVERS\EAPPkt.sys [1/6/2008 10:35 PM 38144]R3 BoosterKey;PCTV key Service;c:\windows\SYSTEM32\DRIVERS\pctvkey.sys [1/1/2008 6:41 PM 16384]R3 havanet;PCTV To Go NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\pctvnet.sys [1/1/2008 6:41 PM 14848]R3 HAVATV;PCTV To Go Video Device;c:\windows\SYSTEM32\DRIVERS\PCTV.sys [1/1/2008 6:41 PM 347904]R3 HavaTV_10;PCTV To Go Remote Video Device;c:\windows\SYSTEM32\DRIVERS\PCTV_10.sys [1/1/2008 6:41 PM 347904]R3 pctvbus;PCTV To Go Bus Enumerator;c:\windows\SYSTEM32\DRIVERS\pctvbus.sys [1/1/2008 6:41 PM 25088]S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]S3 dcscusb;Spyder3Print SR Spectrocolorimeter;c:\windows\SYSTEM32\DRIVERS\dcscusb.sys [5/29/2009 12:06 PM 16384]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S3 pnetmdm;PdaNet Modem;c:\windows\SYSTEM32\DRIVERS\pnetmdm.sys [9/28/2006 4:32 PM 9472]S3 SASENUM;SASENUM;\??\c:\docume~1\vean\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\vean\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]S3 Spyder2;ColorVision Spyder2;c:\windows\SYSTEM32\DRIVERS\Spyder2.sys [2/13/2007 5:16 PM 12288]S3 Spyder3;Datacolor Spyder3;c:\windows\SYSTEM32\DRIVERS\Spyder3.sys [4/12/2010 9:12 AM 12288]S3 TNET1130;802.11 WLAN;c:\windows\system32\DRIVERS\tnet1130.sys --> c:\windows\system32\DRIVERS\tnet1130.sys [?].Contents of the 'Scheduled Tasks' folder.2011-10-03 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39].2011-10-03 c:\windows\Tasks\OGALogon.job- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/mStart Page = hxxp://www.google.comuInternet Connection Wizard,ShellNext = hxxp://www.dell.com/uInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmTCP: DhcpNameServer = 192.168.1.1DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab.- - - - ORPHANS REMOVED - - - -.HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exeHKCU-Run-PPS Accelerator - c:\program files\PPStream\ppsap.exeHKLM-Run-BrStsWnd - c:\program files\Brownie\BrstsWnd.exeAddRemove-MaxQData Chart - c:\windows\suinsta4001.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-10-03 09:05Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???????????x???x???????????????????????????x????????????D?w????????????7??w????x???x?????????????? .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL]@Denied: ) (Everyone)@="".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(892)c:\windows\SYSTEM32\RTL8185\RtlGina.DLL.Completion time: 2011-10-03 09:11:27ComboFix-quarantined-files.txt 2011-10-03 16:11.Pre-Run: 14,795,563,008 bytes freePost-Run: 14,977,425,408 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn.- - End Of File - - C08BC1A39903641AA5EF891412EB0152Here is DDS.txt:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13Run by vean at 9:21:52 on 2011-10-03Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.466 [GMT -7:00].AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Pinnacle\Drivers\pctvsvc.exeC:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\WINDOWS\VM303_STI.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\explorer.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/mStart Page = hxxp://www.google.comuInternet Connection Wizard,ShellNext = hxxp://www.dell.com/uInternet Settings,ProxyOverride = <local>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /backgrounduRun: [Nike+ Connect] "c:\documents and settings\vean\local settings\application data\nike\nike+ connect\Nike+ Connect daemon.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exemRun: [bigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [sunkist2k] c:\program files\multimedia card reader\shwicon2k.exemRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.configmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - c:\program files\airlink101\awlc3028 & awlh3028\RtWLan.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - c:\program files\datacolor\spyder3elite\utility\Spyder3Utility.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exeIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://bba.bloomberg.net/Citrix/ICAWEB/en/ica32/wficat.cabDPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABDPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{44259A3A-1F8B-4679-B470-7C75E1CCDD1D} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{C339BA77-CEF8-4B36-BB66-BE6CA95A2163} : DhcpNameServer = 192.168.1.1Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLHandler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks pro\HelpAsyncPluggableProtocol.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.============= SERVICES / DRIVERS ===============.R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\vean\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\vean\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\vean\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\vean\locals~1\temp\sas_selfextract\SASKUTIL.sys [?]R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-1-6 38144]R2 pctvsvc;PCTV Service;c:\program files\pinnacle\drivers\pctvsvc.exe [2008-1-1 125952]R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2007-9-5 455968]R3 BoosterKey;PCTV key Service;c:\windows\system32\drivers\pctvkey.sys [2008-1-1 16384]R3 havanet;PCTV To Go NDIS Protocol Driver;c:\windows\system32\drivers\pctvnet.sys [2008-1-1 14848]R3 HAVATV;PCTV To Go Video Device;c:\windows\system32\drivers\PCTV.sys [2008-1-1 347904]R3 HavaTV_10;PCTV To Go Remote Video Device;c:\windows\system32\drivers\PCTV_10.sys [2008-1-1 347904]R3 pctvbus;PCTV To Go Bus Enumerator;c:\windows\system32\drivers\pctvbus.sys [2008-1-1 25088]S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]S3 dcscusb;Spyder3Print SR Spectrocolorimeter;c:\windows\system32\drivers\dcscusb.sys [2009-5-29 16384]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2006-9-28 9472]S3 SASENUM;SASENUM;\??\c:\docume~1\vean\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\vean\locals~1\temp\sas_selfextract\SASENUM.SYS [?]S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2007-2-13 12288]S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [2010-4-12 12288]S3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\tnet1130.sys --> c:\windows\system32\drivers\tnet1130.sys [?]S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?].=============== Created Last 30 ================.2011-10-03 15:53:03 -------- d-sha-r- C:\cmdcons2011-10-03 15:49:24 98816 ----a-w- c:\windows\sed.exe2011-10-03 15:49:24 518144 ----a-w- c:\windows\SWREG.exe2011-10-03 15:49:24 256000 ----a-w- c:\windows\PEV.exe2011-10-03 15:49:24 208896 ----a-w- c:\windows\MBR.exe2011-10-03 15:46:41 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da61f5f1-7b5f-4c3e-a6ea-ad5daef312df}\offreg.dll2011-10-03 15:46:33 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{da61f5f1-7b5f-4c3e-a6ea-ad5daef312df}\mpengine.dll2011-09-25 08:10:42 -------- d-----w- c:\documents and settings\vean\local settings\application data\PCHealth.==================== Find3M ====================.2011-09-25 07:49:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys.============= FINISH: 9:22:08.85 ===============Thanks! Link to post Share on other sites More sharing options...
Staff screen317 Posted October 8, 2011 Staff ID:483213 Share Posted October 8, 2011 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
RX8tasy Posted October 8, 2011 Author ID:483401 Share Posted October 8, 2011 Here is ESET scan result, which did find what MS Security Essential missed:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)# OnlineScanner.ocx=1.0.0.6528# api_version=3.0.2# EOSSerial=6728a14dd78ca848af9556e234ff40f6# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-10-08 05:17:02# local_time=2011-10-08 10:17:02 (-0800, Pacific Daylight Time)# country="United States"# lang=9# osver=5.1.2600 NT Service Pack 2# compatibility_mode=768 16777215 100 0 30578296 30578296 0 0# compatibility_mode=5891 16776869 42 87 0 14846382 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=92328# found=6# cleaned=6# scan_time=3510C:\Qoobox\Quarantine\C\Documents and Settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{11d1057e-e00f-4a87-a799-fb779ef81f8a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Qoobox\Quarantine\C\Documents and Settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{2e6239a9-7023-422e-8847-8fe5a4f7c87a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Qoobox\Quarantine\C\Documents and Settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{5f521cf6-f4e6-47a6-a8c9-36ed472048ac}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Qoobox\Quarantine\C\Documents and Settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{845c62bf-ce76-430d-a739-94d6fd1f97c9}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Qoobox\Quarantine\C\Documents and Settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{989fe90b-9432-41a3-beae-906d2736a8fa}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Qoobox\Quarantine\C\Documents and Settings\vean\Application Data\Mozilla\Firefox\Profiles\3vls9nm0.default\extensions\{b292a2d8-4c34-4d72-92fb-572bbf0eff50}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CHere is Security Check log: Results of screen317's Security Check version 0.99.21 Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 20 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java 2 Runtime Environment, SE v1.4.2_03 Out of date Java installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe ``````````End of Log```````````` PC appears to be ok, nothing suspicious. Do I have a clean bill of health? Link to post Share on other sites More sharing options...
Staff screen317 Posted October 10, 2011 Staff ID:483834 Share Posted October 10, 2011 Hi,Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):ESET Online Scanner v3Java™ 6 Update 20Java™ SE Runtime Environment 6 Update 1Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 5Java™ 6 Update 7Java 2 Runtime Environment, SE v1.4.2_03 Restart your computer.Get the latest version of Java.Next, it is absolutely essential that you upgrade to Windows XP Service Pack 3. Service Pack 2, which is what you currently have, has vulnerabilities that leave you wide open for re-infection. To upgrade, please visit Windows Update and download all critical updates.Let me know if the update was successful.Reboot.Let me know what issues remain.-screen317 Link to post Share on other sites More sharing options...
RX8tasy Posted October 12, 2011 Author ID:484722 Share Posted October 12, 2011 Did all as directed, included update to SP3. Everything seems to be fine. Thanks again for your help! Feel free to close the thread. Link to post Share on other sites More sharing options...
RX8tasy Posted October 13, 2011 Author ID:485235 Share Posted October 13, 2011 Did all as directed, included update to SP3. Everything seems to be fine. Thanks again for your help! Feel free to close the thread.I spoke too soon. The internet speed is definitely not right, where the D/L speed is less than 1Mbps as compared to 20Mbps on a different PC going to the same switch. Any ideas? Link to post Share on other sites More sharing options...
Staff screen317 Posted October 17, 2011 Staff ID:486406 Share Posted October 17, 2011 Hi,How is your home network set up? Describe it in detail. Link to post Share on other sites More sharing options...
RX8tasy Posted October 20, 2011 Author ID:487237 Share Posted October 20, 2011 Hi,How is your home network set up? Describe it in detail.This is the overview:Comcast -> cable modem -> router (DD-WRT) -> switch -> wired & wireless PC/devicesNo other PC/devices are affected as far as running speakeasy speed est, except for the individual PC that was just cleaned from malware infection. Auto DHCP by router, with most devices using automatic IP in TCP/IP. Let me know if I miss anything. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 23, 2011 Staff ID:488344 Share Posted October 23, 2011 Hi,1. Very important: First disconnect your computers from the Internet.2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).3. Reset the IP/DNS settings of your Internet connection on each computer connected:Go to Start -> Control Panel -> Double click on Network Connections.Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.Select the General tab.Double click on Internet Protocol (TCP/IP).Under General tab:Select "Obtain an IP address automatically".Select "Obtain DNS server address automatically".[*]Click OK twice to save the settings.[*]Reboot if you had to change any setting.4. Flush the DNS cache:Click the Start logo in the bottom left corner of the screenClick on RunIn the command window copy/paste the following:ipconfig /flushdnsThen hit enter.Exit the command window.5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet. Link to post Share on other sites More sharing options...
exmalakite Posted October 29, 2011 ID:490032 Share Posted October 29, 2011 Same Problem with Firefoxmbam-log-2011-10-29 (17-13-55).txtScan type: Quick scanObjects scanned: 178757Time elapsed: 5 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
exmalakite Posted October 29, 2011 ID:490034 Share Posted October 29, 2011 DDS LOGS.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Run by Daniel at 17:20:00 on 2011-10-29Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4404 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\SysWOW64\PnkBstrB.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\DllHost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\system32\NOTEPAD.EXEC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uSearch Page = ${URL_SEARCHPAGE}uStart Page = hxxp://www.google.com/mStart Page = ${URL_STARTPAGE}mSearch Page = ${URL_SEARCHPAGE}uInternet Settings,ProxyOverride = *.localuURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No FileBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileTB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dllTB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dlluRun: [Google Update] "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [NCsoft] mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun: [steelSeries World of Warcraft MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Easy Dock] mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{E29002C6-795C-4253-9A34-A390CBA4569B} : DhcpNameServer = 192.168.1.1BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-X64: 0x1 - No FileBHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No FileBHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dllBHO-X64: WormRadar.com IESiteBlocker.NavFilter - No FileBHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllBHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO-X64: Search Helper - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllBHO-X64: Ask Toolbar BHO - No FileBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileTB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dllTB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllmRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun-x64: [steelSeries World of Warcraft MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe"mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [Easy Dock] mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m1kzlziz.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - Ask.comFF - prefs.js: browser.startup.homepage - google.comFF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&apn_uid=C41BDB88-54B9-457B-A7A9-0577EEED34CC&apn_ptnrs=UF&apn_sauid=D17130D5-58E7-434E-A1F9-F090185C819D&apn_dtid=&q=FF - component: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m1kzlziz.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\FFExternalAlert.dllFF - component: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m1kzlziz.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCore.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Users\Daniel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dllFF - plugin: C:\Users\Daniel\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-8-21 1153368]R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]R3 Mo3Fltr;MMO Mouse;C:\Windows\system32\drivers\Mo3Fltr.sys --> C:\Windows\system32\drivers\Mo3Fltr.sys [?]R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-6-22 25832]S4 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]S4 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2009-7-1 33448].=============== Created Last 30 ================.2011-10-29 21:08:24 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys2011-10-29 21:06:37 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{70781D50-907B-4F09-B23D-78537DD94BDF}\offreg.dll2011-10-29 20:57:06 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{70781D50-907B-4F09-B23D-78537DD94BDF}\mpengine.dll2011-10-29 20:45:49 -------- d-----w- C:\Program Files (x86)\ESET2011-10-23 03:31:52 339968 ----a-w- C:\Windows\SysWow64\srrstr.dll2011-10-16 16:00:05 -------- d-----w- C:\Program Files (x86)\World of Warcraft Public Test2011-10-16 02:10:41 -------- d-----w- C:\Users\Daniel\AppData\Local\assembly2011-10-16 02:10:01 -------- d-----w- C:\Program Files (x86)\NCSoft2011-10-11 21:38:53 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC0FDC11-A8B7-4A73-ADB7-64B6550C9452}\gapaengine.dll2011-10-02 00:58:45 -------- d-----w- C:\Program Files (x86)\AMD APP2011-10-01 00:04:13 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll2011-10-01 00:04:13 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll2011-10-01 00:04:11 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll.==================== Find3M ====================.2011-10-19 22:36:42 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-09-15 23:16:39 255352 ----a-w- C:\Windows\SysWow64\awrdscdc.ax2011-09-14 15:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll2011-09-14 15:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll2011-09-14 15:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll2011-09-14 15:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll2011-09-14 15:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-08-25 00:19:10 56320 ----a-w- C:\Windows\SysWow64\OpenVideo.dll2011-08-25 00:18:30 13601280 ----a-w- C:\Windows\SysWow64\amdocl.dll Link to post Share on other sites More sharing options...
exmalakite Posted October 29, 2011 ID:490048 Share Posted October 29, 2011 Combo Fix resultsComboFix 11-10-29.05 - Daniel 10/29/2011 17:24:55.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4182 [GMT -4:00]Running from: c:\users\Daniel\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Daniel\AppData\Local\._Revolution_c:\users\Daniel\AppData\Local\._Revolution_\._Revolution_Update\._Revolution_up.dllc:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m1kzlziz.default\extensions\{48a52644-129c-42d3-88b8-8acedf2eb900}c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m1kzlziz.default\extensions\{48a52644-129c-42d3-88b8-8acedf2eb900}\chrome.manifestc:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m1kzlziz.default\extensions\{48a52644-129c-42d3-88b8-8acedf2eb900}\chrome\xulcache.jarc:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m1kzlziz.default\extensions\{48a52644-129c-42d3-88b8-8acedf2eb900}\defaults\preferences\xulcache.jsc:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m1kzlziz.default\extensions\{48a52644-129c-42d3-88b8-8acedf2eb900}\install.rdf..((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-29 )))))))))))))))))))))))))))))))..2011-10-29 21:31 . 2011-10-29 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp2011-10-29 20:57 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70781D50-907B-4F09-B23D-78537DD94BDF}\mpengine.dll2011-10-29 20:45 . 2011-10-29 20:45 -------- d-----w- c:\program files (x86)\ESET2011-10-23 03:31 . 2011-10-29 03:46 339968 ----a-w- c:\windows\SysWow64\srrstr.dll2011-10-19 22:32 . 2011-10-19 22:32 -------- d-----w- c:\windows\system32\Macromed2011-10-16 16:00 . 2011-10-21 02:46 -------- d-----w- c:\program files (x86)\World of Warcraft Public Test2011-10-16 02:10 . 2011-10-16 02:10 -------- d-----w- c:\users\Daniel\AppData\Local\assembly2011-10-16 02:10 . 2011-10-16 02:11 -------- d-----w- c:\program files (x86)\NCSoft2011-10-11 21:38 . 2011-10-11 21:38 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CC0FDC11-A8B7-4A73-ADB7-64B6550C9452}\gapaengine.dll2011-10-06 03:38 . 2011-10-06 03:38 -------- d-----w- c:\users\Public\Sony Online Entertainment2011-10-02 00:59 . 2011-10-02 00:59 -------- d-----w- c:\programdata\ATI2011-10-02 00:58 . 2011-10-02 00:58 -------- d-----w- c:\program files (x86)\AMD APP2011-10-01 00:04 . 2008-07-12 12:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll2011-10-01 00:04 . 2008-07-12 12:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll2011-10-01 00:04 . 2008-07-12 12:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-10-19 22:36 . 2011-05-18 22:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-10-07 04:16 . 2011-04-10 23:38 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2011-09-15 23:16 . 2011-09-15 23:16 255352 ----a-w- c:\windows\SysWow64\awrdscdc.ax2011-09-14 15:47 . 2011-09-14 15:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll2011-09-14 15:47 . 2011-09-14 15:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll2011-09-14 15:47 . 2011-09-14 15:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll2011-09-14 15:38 . 2011-09-14 15:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll2011-09-14 15:38 . 2011-09-14 15:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe2011-09-08 17:34 . 2011-07-08 03:29 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll2011-09-08 17:32 . 2010-11-02 22:04 862720 ----a-w- c:\windows\system32\aticfx64.dll2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll2011-09-08 17:24 . 2011-07-08 03:19 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll2011-09-08 17:16 . 2010-11-02 22:04 4944896 ----a-w- c:\windows\system32\atidxx64.dll2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll2011-09-08 17:08 . 2011-07-08 02:55 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll2011-09-08 17:05 . 2011-07-08 03:00 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll2011-09-08 16:59 . 2009-12-11 20:11 58880 ----a-w- c:\windows\system32\coinst.dll2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys2011-09-08 16:52 . 2009-12-11 19:50 40960 ----a-w- c:\windows\system32\atiuxp64.dll2011-09-08 16:51 . 2011-07-08 02:46 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll2011-09-08 16:51 . 2011-09-08 16:51 38912 ----a-w- c:\windows\system32\atiu9p64.dll2011-09-08 16:51 . 2011-07-08 02:45 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll2011-08-31 21:00 . 2010-05-22 01:13 25416 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-25 00:19 . 2011-08-25 00:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll2011-08-25 00:18 . 2011-08-25 00:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240].[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}].[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2011-02-01 23:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"SteelSeries World of Warcraft MMO Gaming Mouse"="c:\program files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe" [2011-01-31 1650688]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-16 136176]R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]R3 dump_wmimmc;dump_wmimmc;c:\users\Daniel\9Dragons\GameGuard\dump_wmimmc.sys [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-16 136176]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]R4 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-01-07 1052328]R4 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-01-07 33448]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]S3 Mo3Fltr;MMO Mouse;c:\windows\system32\drivers\Mo3Fltr.sys [x]S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - AvgTdiA.Contents of the 'Scheduled Tasks' folder.2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 21:10].2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 21:10].2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1232898417-253428857-2800041931-1000Core.job- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-24 23:59].2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1232898417-253428857-2800041931-1000UA.job- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-24 23:59]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mStart Page = ${URL_STARTPAGE}uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m1kzlziz.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - Ask.comFF - prefs.js: browser.startup.homepage - google.comFF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&apn_uid=C41BDB88-54B9-457B-A7A9-0577EEED34CC&apn_ptnrs=UF&apn_sauid=D17130D5-58E7-434E-A1F9-F090185C819D&apn_dtid=&q=FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.- - - - ORPHANS REMOVED - - - -.Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)Wow6432Node-HKCU-Run-NCsoft - (no file)Wow6432Node-HKLM-Run-Easy Dock - (no file)WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)AddRemove-AVI Codec Pack - c:\program files (x86)\AVI Codec Pack\uninstall.exeAddRemove-Dr. Who - Adventures 1 and 2 - c:\program files (x86)\BBC\Dr. Who - Adventures 1 and 2\Uninstall.exeAddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1232898417-253428857-2800041931-1000\Software\SecuROM\License information*]"datasecu"=hex:9c,fe,35,a5,7f,48,36,52,44,81,c4,c6,d8,50,40,f4,c9,a4,b2,4c,a1, 20,a8,c6,59,e3,52,ef,9f,7d,2d,a0,d1,af,1a,b6,1a,a6,b0,02,e4,97,18,ef,ff,5d,\"rkeysecu"=hex:11,61,48,c0,bd,cc,fa,0e,e9,43,e2,ae,42,d2,ab,31.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]@="131473".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Bonjour\mDNSResponder.exec:\windows\SysWOW64\PnkBstrA.exec:\windows\SysWOW64\PnkBstrB.exec:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe.**************************************************************************.Completion time: 2011-10-29 17:42:36 - machine was rebootedComboFix-quarantined-files.txt 2011-10-29 21:42.Pre-Run: 71,000,829,952 bytes freePost-Run: 71,359,287,296 bytes free.- - End Of File - - E0B879CD57C17A70DD6086BFC59B9AAE Link to post Share on other sites More sharing options...
exmalakite Posted October 29, 2011 ID:490051 Share Posted October 29, 2011 New DDS report:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Run by Daniel at 17:53:44 on 2011-10-29Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4531 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\SysWOW64\PnkBstrB.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Spybot - Search & Destroy\SDWinSec.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\DllHost.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/mStart Page = ${URL_STARTPAGE}uInternet Settings,ProxyOverride = *.localuURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileTB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dllTB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllmRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun: [steelSeries World of Warcraft MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{E29002C6-795C-4253-9A34-A390CBA4569B} : DhcpNameServer = 192.168.1.1BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-X64: 0x1 - No FileBHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dllBHO-X64: WormRadar.com IESiteBlocker.NavFilter - No FileBHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllBHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO-X64: Search Helper - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllBHO-X64: Ask Toolbar BHO - No FileBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileTB-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dllTB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllmRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exemRun-x64: [steelSeries World of Warcraft MMO Gaming Mouse] "C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe"mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m1kzlziz.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - Ask.comFF - prefs.js: browser.startup.homepage - google.comFF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&apn_uid=C41BDB88-54B9-457B-A7A9-0577EEED34CC&apn_ptnrs=UF&apn_sauid=D17130D5-58E7-434E-A1F9-F090185C819D&apn_dtid=&q=FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Users\Daniel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dllFF - plugin: C:\Users\Daniel\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-8-21 1153368]R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]R3 Mo3Fltr;MMO Mouse;C:\Windows\system32\drivers\Mo3Fltr.sys --> C:\Windows\system32\drivers\Mo3Fltr.sys [?]R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-6-22 25832]S4 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]S4 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2009-7-1 33448].=============== Created Last 30 ================.2011-10-29 21:34:04 -------- d-----w- C:\$RECYCLE.BIN2011-10-29 21:33:35 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{70781D50-907B-4F09-B23D-78537DD94BDF}\offreg.dll2011-10-29 21:23:40 98816 ----a-w- C:\Windows\sed.exe2011-10-29 21:23:40 518144 ----a-w- C:\Windows\SWREG.exe2011-10-29 21:23:40 256000 ----a-w- C:\Windows\PEV.exe2011-10-29 21:23:40 208896 ----a-w- C:\Windows\MBR.exe2011-10-29 21:23:35 -------- d-----w- C:\ComboFix2011-10-29 20:57:06 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{70781D50-907B-4F09-B23D-78537DD94BDF}\mpengine.dll2011-10-29 20:45:49 -------- d-----w- C:\Program Files (x86)\ESET2011-10-23 03:31:52 339968 ----a-w- C:\Windows\SysWow64\srrstr.dll2011-10-16 16:00:05 -------- d-----w- C:\Program Files (x86)\World of Warcraft Public Test2011-10-16 02:10:41 -------- d-----w- C:\Users\Daniel\AppData\Local\assembly2011-10-16 02:10:01 -------- d-----w- C:\Program Files (x86)\NCSoft2011-10-11 21:38:53 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC0FDC11-A8B7-4A73-ADB7-64B6550C9452}\gapaengine.dll2011-10-02 00:58:45 -------- d-----w- C:\Program Files (x86)\AMD APP2011-10-01 00:04:13 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll2011-10-01 00:04:13 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll2011-10-01 00:04:11 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll.==================== Find3M ====================.2011-10-19 22:36:42 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-09-15 23:16:39 255352 ----a-w- C:\Windows\SysWow64\awrdscdc.ax2011-09-14 15:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll2011-09-14 15:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll2011-09-14 15:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll2011-09-14 15:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll2011-09-14 15:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-08-25 00:19:10 56320 ----a-w- C:\Windows\SysWow64\OpenVideo.dll2011-08-25 00:18:30 13601280 ----a-w- C:\Windows\SysWow64\amdocl.dll.============= FINISH: 17:54:23.60 ===============DDS2.txt Link to post Share on other sites More sharing options...
exmalakite Posted October 30, 2011 ID:490091 Share Posted October 30, 2011 ESET ResultsC:\ProgramData\Spybot - Search & Destroy\Recovery\WinWebdirb9.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\m1kzlziz.default\extensions\{48a52644-129c-42d3-88b8-8acedf2eb900}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantinedC:\Users\Daniel\AppData\Local\DellWin7Upgrade\DellWin7UpgradeUpdate\DellWin7Upgradeup.dll a variant of Win32/Kryptik.UJM trojan cleaned by deleting - quarantinedC:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Default\gihnbdbiijkjdbobdffcdiglfbefcgee\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantinedC:\Users\Daniel\AppData\Local\Stardock_Corporation\Stardock_CorporationUpdate\Stardock_Corporationup.dll a variant of Win32/Kryptik.UJM trojan cleaned by deleting - quarantinedC:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\3b21af6c-7c2b4fcd a variant of Java/Agent.DT trojan cleaned by deleting - quarantinedC:\Users\Daniel\Downloads\registrybooster.exe multiple threats deleted - quarantinedC:\Windows\System32\srrstr.dll Win32/TrojanDownloader.Tracur.I trojan unable to cleanC:\Windows\SysWOW64\srrstr.dll Win32/TrojanDownloader.Tracur.I trojan cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
RX8tasy Posted October 30, 2011 Author ID:490112 Share Posted October 30, 2011 exmalakite: Based on board protocol, you should post start your own thread, instead of cross-posting. Also, only run programs when directed.screen317: It turns out that the onboard ethernet is defective, which was what caused the slowdown. I had a suspicion that might be the case, and confirmed by testing with USB wifi dongle, which saw an immediate jump from 1Mbps to 2x.xxMbps. So my case can be closed now. Thanks for your help! Link to post Share on other sites More sharing options...
Staff screen317 Posted November 3, 2011 Staff ID:491505 Share Posted November 3, 2011 Thanks for the update, RX8tasy.exmalakite, please start your own topic and I promise that someone will help you soon. Link to post Share on other sites More sharing options...
Staff screen317 Posted November 3, 2011 Staff ID:491506 Share Posted November 3, 2011 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts