Jump to content

Infected with an SrvID Registry Virus.


Recommended Posts

Hi!

I recently did a virus scan with Malwarebytes Anti-Malware and came across a virus. It apparently "Quarantined and deleted it successfully", but even after restarting my computer it still appears in the same directory again following another virus scan.

Here is the log that came with the virus removal:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.04.05.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Robbie :: ROBBIES-PC [administrator]

05/04/2013 23:50:49

mbam-log-2013-04-05 (23-50-49).txt

Scan type: Full scan (B:\|C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 468313

Time elapsed: 11 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

If anything else is necessary I'll be willing to try and co-operate.

Thanks a lot!

Link to post
Share on other sites

Hello Taiz and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and post your log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hi Maniac, thanks for the reply. Here are the 2 logs that the instructions told me to post in my next reply.

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 10.9.2

Run by Robbie at 14:41:24 on 2013-04-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16338.12023 [GMT 1:00]

.

AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

.

============== Running Processes ===============

.

B:\PROGRA~2\AVG\AVG2013\avgrsa.exe

B:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

B:\Program Files (x86)\AVG\AVG2013\avgfws.exe

B:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

B:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

B:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

B:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

B:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

C:\Windows\Explorer.EXE

B:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\SmartTechnology\Software\ProfilerU.exe

C:\Program Files\SmartTechnology\Software\SaiMfd.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe

C:\Program Files (x86)\Razer\Lycosa\razerhid.exe

B:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\MSI\Live Update 5\LU5.exe

C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\SysWOW64\taskmgr.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

uRun: [GoogleChromeAutoLaunch_53439C318A26C7B9F214010A5F779C43] "C:\Users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

uRun: [uTorrent] "B:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [lryktjdrg.exe] C:\Users\Robbie\lryktjdrg.exe

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe

mRun: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"

mRun: [AVG_UI] "B:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

TCP: NameServer = 192.168.1.1 0.0.0.0

TCP: Interfaces\{41B87D41-29F7-4B36-B353-0AD4564DD3A5} : DHCPNameServer = 192.168.1.1 0.0.0.0

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - B:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [RTHDVCPL] B:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe

x64-Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe

x64-Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

x64-Run: [CAHS1Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - B:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - B:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-21 19224]

R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 avgfws;AVG Firewall;B:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]

R2 AVGIDSAgent;AVGIDSAgent;B:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]

R2 avgwd;AVG WatchDog;B:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;B:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-4-2 8704]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-21 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-7 629984]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-21 165144]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-18 398184]

R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-7-21 142904]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-8 3467768]

R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-21 363800]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 CorsairCAHS1;CA-HS1 Interface;C:\Windows\System32\drivers\CAHS164.sys [2013-3-31 1308160]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-21 356632]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-21 789272]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-6 24176]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-7-21 32344]

R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-7-21 14136]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2013-4-2 14136]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-21 676968]

R3 SaiK0CD7;SaiK0CD7;C:\Windows\System32\drivers\SaiK0CD7.sys [2012-9-20 180544]

R3 SaiU0CD7;SaiU0CD7;C:\Windows\System32\drivers\SaiU0CD7.sys [2012-9-20 47168]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-18 682344]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 ELANUSB;ELAN USB IO driver;C:\Windows\System32\drivers\elanusb.sys [2012-8-10 35672]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-7-21 160256]

S3 ipadtst;ipadtst;C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [2012-7-21 17936]

S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-3-2 44928]

S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-25 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-21 1255736]

.

=============== Created Last 30 ================

.

2013-04-05 12:33:29 283351 ----a-w- C:\Users\Robbie\afjsjuqqrkt.exe

2013-04-05 12:33:27 896688 ----a-w- C:\Users\Robbie\lryktjdrg.exe

2013-04-02 23:54:07 -------- d-----w- C:\Windows\SysWow64\C2MP

2013-03-31 20:36:34 -------- d-----w- C:\Users\Robbie\AppData\Roaming\Corsair

2013-03-31 20:36:33 8724480 ------w- C:\Windows\SysWow64\CAHS1.dll

2013-03-31 20:36:33 798208 ------w- C:\Windows\System32\CAHS1.exe

2013-03-31 20:36:33 401920 ------w- C:\Windows\System32\CAHS1.cpl

2013-03-31 20:36:33 200704 ------w- C:\Windows\SysWow64\cmpaHS1.dll

2013-03-31 20:36:33 143360 ------w- C:\Windows\VmixHS1.dll

2013-03-31 20:36:33 -------- d-----w- C:\Program Files\Corsair USB Headset

2013-03-31 20:36:21 315392 ---ha-w- C:\Windows\system\fltrCAHS1.dll

2013-03-31 20:36:21 1308160 ---ha-w- C:\Windows\System32\drivers\CAHS164.sys

2013-03-29 19:56:47 -------- d-----w- C:\Program Files (x86)\Common Files\Solveig Multimedia

2013-03-29 19:56:45 -------- d-----w- C:\Program Files (x86)\HyperCam 3

2013-03-26 21:05:43 -------- d-----w- C:\Users\Robbie\AppData\Roaming\.tribot

2013-03-24 13:38:39 -------- d-----w- C:\ProgramData\Tarma Installer

2013-03-21 04:49:28 38744 ----a-w- C:\Windows\SysWow64\dischandler.exe

2013-03-16 11:41:15 -------- d-----w- C:\Users\Robbie\AppData\Roaming\HTML Executable

2013-03-13 19:52:10 4012544 ----a-w- C:\Windows\System32\ffmpeg.dll

2013-03-13 19:51:36 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll

2013-03-13 19:51:24 127488 ----a-w- C:\Windows\System32\ff_vfw.dll

2013-03-13 19:51:20 4371456 ----a-w- C:\Windows\System32\ffdshow.ax

2013-03-13 19:50:50 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll

2013-03-13 19:50:22 156672 ----a-w- C:\Windows\System32\ff_libmad.dll

2013-03-13 19:50:22 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll

2013-03-13 19:50:20 222720 ----a-w- C:\Windows\System32\ff_libdts.dll

2013-03-13 19:50:20 183296 ----a-w- C:\Windows\System32\ff_unrar.dll

2013-03-13 19:50:20 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll

2013-03-13 19:50:20 116224 ----a-w- C:\Windows\System32\ff_liba52.dll

2013-03-13 19:50:18 190464 ----a-w- C:\Windows\System32\libmpeg2_ff.dll

2013-03-13 19:39:34 3915776 ----a-w- C:\Windows\SysWow64\ffmpeg.dll

2013-03-13 19:38:34 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2013-03-13 19:36:28 3500544 ----a-w- C:\Windows\SysWow64\ffdshow.ax

2013-03-13 19:35:56 271360 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll

2013-03-13 19:35:38 157184 ----a-w- C:\Windows\SysWow64\ff_unrar.dll

2013-03-13 19:35:36 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll

2013-03-13 19:35:36 147456 ----a-w- C:\Windows\SysWow64\ff_libmad.dll

2013-03-13 19:35:34 211968 ----a-w- C:\Windows\SysWow64\ff_libdts.dll

2013-03-13 19:35:34 1525760 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll

2013-03-13 19:35:34 114688 ----a-w- C:\Windows\SysWow64\ff_liba52.dll

2013-03-13 19:35:30 136704 ----a-w- C:\Windows\SysWow64\libmpeg2_ff.dll

2013-03-12 21:48:04 203976 ----a-w- C:\Windows\SysWow64\RICHTX32.OCX

2013-03-12 21:48:04 109248 ----a-w- C:\Windows\SysWow64\MSWINSCK.OCX

2013-03-12 21:48:03 -------- d-----w- C:\ProgramData\SwiftKit

.

==================== Find3M ====================

.

2013-04-04 21:33:43 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-04-04 21:33:43 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-04-04 21:33:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-03-13 19:54:27 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 19:54:27 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-10 14:15:20 359592 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll

2013-02-10 14:15:20 278184 ----a-w- C:\Windows\System32\LAVAudio.ax

2013-02-10 14:15:20 1524904 ----a-w- C:\Windows\System32\LAVVideo.ax

2013-02-10 14:15:04 279208 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll

2013-02-10 14:15:04 244392 ----a-w- C:\Windows\SysWow64\LAVAudio.ax

2013-02-10 14:15:04 1186984 ----a-w- C:\Windows\SysWow64\LAVVideo.ax

2013-01-31 09:50:58 28160 ----a-w- C:\Windows\System32\drivers\mcaudrv_x64.sys

.

============= FINISH: 14:41:29.86 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 21/07/2012 17:26:02

System Uptime: 06/04/2013 09:35:17 (5 hours ago)

.

Motherboard: MSI | | Z77A-G45 (MS-7752)

Processor: Intel® Core i5-3570K CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz

.

==== Disk Partitions =========================

.

B: is FIXED (NTFS) - 932 GiB total, 825.263 GiB free.

C: is FIXED (NTFS) - 112 GiB total, 18.506 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is CDROM ()

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}

Description: Programming Support

Device ID: ROOT\PROGRAMMING_SUPPORT\0001

Manufacturer: Mad Catz

Name: Programmable Root Enumerator

PNP Device ID: ROOT\PROGRAMMING_SUPPORT\0001

Service: SaiNtBus

.

==== System Restore Points ===================

.

RP155: 31/03/2013 21:36:02 - Removed Corsair USB Headset

RP156: 31/03/2013 21:36:35 - Installed Corsair USB Headset

RP157: 02/04/2013 00:41:00 - Installed Hi-Rez Studios Games

.

==== Installed Programs ======================

.

Ace of Spades

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Photoshop CS6

Adobe Reader X (10.1.6)

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

AMD Steady Video Plug-In

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Assassin's Creed III 1.01

Audacity 2.0

AVG 2013

AVG PC TuneUp

AVG PC TuneUp Language Pack (en-US)

Battlefield 3™

Bonjour

Call of Duty: Black Ops II

Call of Duty: Black Ops II - Multiplayer

Call of Duty: Black Ops II - Zombies

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CLICKBIOSII

ControlCenter

Core Temp 1.0 RC3

Corsair USB Headset

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Dual-Core Optimizer

Dxtory version 2.0.119

EPSON SX410 Series Printer Uninstall

ESN Sonar

Fraps (remove only)

Garry's Mod

Geeks3D.com FurMark 1.10.4

Google Chrome

Google Talk Plugin

GTK2-Runtime

Gyazo 1.0

Half-Life Dedicated Server Update Tool

Hi-Rez Studios Authenticate and Update Service

HydraVision

HyperCam 3

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

iTunes

Java 7 Update 10 (64-bit)

Java 7 Update 9

Java Auto Updater

Java SE Development Kit 7 Update 10 (64-bit)

Java SE Development Kit 7 Update 7 (64-bit)

JavaFX 2.1.1

K8100

Live Update 5

Logitech Gaming Software 5.10

Malwarebytes Anti-Malware version 1.70.0.1100

MCSkin3D version 1.4

Media Player Codec Pack 4.2.6

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Office 32-bit Components 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Word 2010

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Movie Maker

MSI Afterburner 2.2.4

MSI Kombustor 2.4.2

MSVCRT

MSVCRT Redists

MSVCRT110

MSVCRT110_amd64

MSXML4 Parser

Need for Speed™ Most Wanted

Notepad++

NVIDIA PhysX

OpenAL

Origin

PDF Settings CS6

Photo Common

Photo Gallery

PowerISO

PunkBuster Services

Rapture3D 2.4.11 Game

Razer Lycosa

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RocketDock 1.3.5

Rockstar Games Social Club

RuneScape Launcher 1.2.2

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

SimCity™

Skype™ 6.1

Smart Technology Programming Software 7.0.20.0

Spotify

Steam

Super-Charger

System Requirements Lab CYRI

System Requirements Lab Test

TeamViewer 8

TechPowerUp GPU-Z

Terrafirma

Terraria

The Binding of Isaac

The Elder Scrolls V: Skyrim

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition

Uplay

Vegas Pro 11.0 (64-bit)

Visual Studio 2010 x64 Redistributables

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.20 (64-bit)

YTD Video Downloader 3.9.6

.

==== Event Viewer Messages From Past Week ========

.

06/04/2013 09:36:06, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.

06/04/2013 09:35:25, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

06/04/2013 09:35:18, Error: volmgr [46] - Crash dump initialization failed!

.

==== End Of File ===========================

Thanks a lot for your help!

Link to post
Share on other sites

I just wanted to say, I found something in my "C:\Users\Robbie\AppData\Roaming" folder called Socks, it's an executable application. Along with it was a Socks config file, I opened it with Notepad to find passwords to various accounts. So yeah, there's a keylogger on my computer. I tried deleting the Socks application but it keeps on coming back, but the config file's gone now. I'm obviously not going to be typing any passwords in until the problem is resolved, so some more help would be apprecaited.

Thanks all.

Link to post
Share on other sites

Change all of them from another PC as soon as possible if you have a chance to do that.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

The ComboFix scan's finished, here's the log it produced. Thanks a lot for your help so far.

ComboFix 13-04-06.01 - Robbie 06/04/2013 15:51:57.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16338.12364 [GMT 1:00]

Running from: b:\users\Robbie\Desktop\ComboFix.exe

AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-03-06 to 2013-04-06 )))))))))))))))))))))))))))))))

.

.

2013-04-06 14:59 . 2013-04-06 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-06 14:59 . 2013-04-06 14:59 -------- d-----w- c:\users\Admin\AppData\Local\temp

2013-04-06 14:31 . 2013-04-06 14:31 -------- d-----w- c:\users\Robbie\AppData\Roaming\SUPERAntiSpyware.com

2013-04-06 14:30 . 2013-04-06 14:31 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-04-06 14:30 . 2013-04-06 14:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-04-02 23:54 . 2013-04-02 23:55 -------- d-----w- c:\windows\SysWow64\C2MP

2013-03-31 20:36 . 2013-03-31 20:36 -------- d-----w- c:\users\Robbie\AppData\Roaming\Corsair

2013-03-31 20:36 . 2013-03-31 20:36 -------- d-----w- c:\program files\Corsair USB Headset

2013-03-31 20:36 . 2011-07-08 14:01 8724480 ------w- c:\windows\SysWow64\CAHS1.dll

2013-03-31 20:36 . 2011-07-08 14:01 401920 ------w- c:\windows\system32\CAHS1.cpl

2013-03-31 20:36 . 2010-07-19 15:52 798208 ------w- c:\windows\system32\CAHS1.exe

2013-03-31 20:36 . 2009-04-02 15:59 143360 ------w- c:\windows\VmixHS1.dll

2013-03-31 20:36 . 2006-09-13 09:21 200704 ------w- c:\windows\SysWow64\cmpaHS1.dll

2013-03-31 20:36 . 2011-06-16 14:10 1308160 ---ha-w- c:\windows\system32\drivers\CAHS164.sys

2013-03-31 20:36 . 2004-04-14 10:28 315392 ---ha-w- c:\windows\system\fltrCAHS1.dll

2013-03-29 19:56 . 2013-03-29 19:56 -------- d-----w- c:\program files (x86)\Common Files\Solveig Multimedia

2013-03-29 19:56 . 2013-03-29 19:56 -------- d-----w- c:\program files (x86)\HyperCam 3

2013-03-26 21:05 . 2013-03-27 00:27 -------- d-----w- c:\users\Robbie\AppData\Roaming\.tribot

2013-03-24 13:38 . 2013-03-24 13:38 -------- d-----w- c:\programdata\Tarma Installer

2013-03-16 11:41 . 2013-03-16 11:41 -------- d-----w- c:\users\Robbie\AppData\Roaming\HTML Executable

2013-03-13 19:52 . 2013-03-13 19:52 4012544 ----a-w- c:\windows\system32\ffmpeg.dll

2013-03-13 19:51 . 2013-03-13 19:51 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll

2013-03-13 19:51 . 2013-03-13 19:51 127488 ----a-w- c:\windows\system32\ff_vfw.dll

2013-03-13 19:51 . 2013-03-13 19:51 4371456 ----a-w- c:\windows\system32\ffdshow.ax

2013-03-13 19:50 . 2013-03-13 19:50 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2013-03-13 19:50 . 2013-03-13 19:50 156672 ----a-w- c:\windows\system32\ff_libmad.dll

2013-03-13 19:50 . 2013-03-13 19:50 114688 ----a-w- c:\windows\system32\ff_wmv9.dll

2013-03-13 19:50 . 2013-03-13 19:50 222720 ----a-w- c:\windows\system32\ff_libdts.dll

2013-03-13 19:50 . 2013-03-13 19:50 183296 ----a-w- c:\windows\system32\ff_unrar.dll

2013-03-13 19:50 . 2013-03-13 19:50 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll

2013-03-13 19:50 . 2013-03-13 19:50 116224 ----a-w- c:\windows\system32\ff_liba52.dll

2013-03-13 19:50 . 2013-03-13 19:50 190464 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2013-03-13 19:39 . 2013-03-13 19:39 3915776 ----a-w- c:\windows\SysWow64\ffmpeg.dll

2013-03-13 19:38 . 2013-03-13 19:38 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2013-03-13 19:36 . 2013-03-13 19:36 3500544 ----a-w- c:\windows\SysWow64\ffdshow.ax

2013-03-13 19:35 . 2013-03-13 19:35 271360 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll

2013-03-13 19:35 . 2013-03-13 19:35 157184 ----a-w- c:\windows\SysWow64\ff_unrar.dll

2013-03-13 19:35 . 2013-03-13 19:35 99840 ----a-w- c:\windows\SysWow64\ff_wmv9.dll

2013-03-13 19:35 . 2013-03-13 19:35 147456 ----a-w- c:\windows\SysWow64\ff_libmad.dll

2013-03-13 19:35 . 2013-03-13 19:35 211968 ----a-w- c:\windows\SysWow64\ff_libdts.dll

2013-03-13 19:35 . 2013-03-13 19:35 1525760 ----a-w- c:\windows\SysWow64\ff_samplerate.dll

2013-03-13 19:35 . 2013-03-13 19:35 114688 ----a-w- c:\windows\SysWow64\ff_liba52.dll

2013-03-13 19:35 . 2013-03-13 19:35 136704 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll

2013-03-12 21:48 . 2012-11-30 10:45 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX

2013-03-12 21:48 . 2012-11-30 10:45 109248 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX

2013-03-12 21:48 . 2013-03-12 21:57 -------- d-----w- c:\programdata\SwiftKit

2013-03-07 21:05 . 2013-03-07 21:05 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-04 21:33 . 2012-09-20 18:52 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-04-04 21:33 . 2012-09-20 14:48 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-04-04 21:33 . 2012-09-20 14:48 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-03-13 19:54 . 2012-07-21 18:01 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 19:54 . 2012-07-21 18:01 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-17 17:48 . 2013-02-17 17:48 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-02-10 14:15 . 2013-02-10 14:15 359592 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll

2013-02-10 14:15 . 2013-02-10 14:15 278184 ----a-w- c:\windows\system32\LAVAudio.ax

2013-02-10 14:15 . 2013-02-10 14:15 1524904 ----a-w- c:\windows\system32\LAVVideo.ax

2013-02-10 14:15 . 2013-02-10 14:15 279208 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll

2013-02-10 14:15 . 2013-02-10 14:15 244392 ----a-w- c:\windows\SysWow64\LAVAudio.ax

2013-02-10 14:15 . 2013-02-10 14:15 1186984 ----a-w- c:\windows\SysWow64\LAVVideo.ax

2013-01-31 09:50 . 2013-01-31 09:50 28160 ----a-w- c:\windows\system32\drivers\mcaudrv_x64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]

"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]

"GoogleChromeAutoLaunch_53439C318A26C7B9F214010A5F779C43"="c:\users\Robbie\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-03-21 1312720]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-01-31 393216]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]

"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-05-22 502328]

"ControlCenterCount"="c:\program files (x86)\MSI\ControlCenter\ControlCenterCount.exe" [2012-03-26 872448]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]

"AVG_UI"="b:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer9"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

R2 avgfws;AVG Firewall;b:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]

R2 AVGIDSAgent;AVGIDSAgent;b:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 ALSysIO;ALSysIO;c:\users\Robbie\AppData\Local\Temp\ALSysIO64.sys [x]

R3 ELANUSB;ELAN USB IO driver;c:\windows\system32\Drivers\elanusb.sys [2011-03-21 35672]

R3 GPU-Z;GPU-Z;c:\users\Robbie\AppData\Local\Temp\GPU-Z.sys [x]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]

R3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [2011-12-12 17936]

R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]

R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2013-01-31 28160]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-21 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 avgwd;AVG WatchDog;b:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;b:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-02-08 8704]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-29 165144]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [2012-05-22 142904]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]

S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-08-23 2148216]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-29 363800]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys [2011-06-16 1308160]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]

S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-01-18 14136]

S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]

S3 SaiK0CD7;SaiK0CD7;c:\windows\system32\DRIVERS\SaiK0CD7.sys [2012-09-20 180544]

S3 SaiU0CD7;SaiU0CD7;c:\windows\system32\DRIVERS\SaiU0CD7.sys [2012-09-20 47168]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - NTIOLIB_1_0_4

*NewlyCreated* - SASDIFSV

*NewlyCreated* - SASKUTIL

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 19:54]

.

2013-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2975226924-1097146262-4128622869-1000Core.job

- c:\users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 18:30]

.

2013-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2975226924-1097146262-4128622869-1000UA.job

- c:\users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 18:30]

.

2013-04-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 184c5805-6667-45bc-94e5-4f50f73b2c34.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2013-04-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c384ceb6-7b92-42c5-8b82-5ae37c13d254.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="b:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-05-08 6470760]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-09-20 454144]

"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-09-20 158208]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"CAHS1Sound"="c:\windows\Syswow64\CAHS1.dll" [2011-07-08 8724480]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1 0.0.0.0

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-uTorrent - b:\program files (x86)\uTorrent\uTorrent.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2975226924-1097146262-4128622869-1000\Software\SecuROM\License information*]

"datasecu"=hex:e7,df,6f,b2,63,89,3b,98,c0,7d,8a,54,55,55,82,f2,4e,e1,52,80,f1,

e2,4f,a5,7b,bd,25,93,87,6c,c8,e9,7f,0c,18,b7,7d,e1,d9,c3,7a,35,5a,7b,99,11,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-06 16:03:52

ComboFix-quarantined-files.txt 2013-04-06 15:03

.

Pre-Run: 20,997,365,760 bytes free

Post-Run: 23,321,587,712 bytes free

.

- - End Of File - - C203DA63C083213E63F5BE847FE80784

Link to post
Share on other sites

Okay, here's the log.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-04-06 16:45:14

-----------------------------

16:45:14.824 OS Version: Windows x64 6.1.7601 Service Pack 1

16:45:14.824 Number of processors: 4 586 0x3A09

16:45:14.825 ComputerName: ROBBIES-PC UserName: Robbie

16:45:14.833 Initialze error 1

16:45:24.793 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

16:45:24.796 Disk 0 Vendor: ST1000DM CC4D Size: 953869MB BusType: 3

16:45:24.798 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

16:45:24.801 Disk 1 Vendor: INTEL_SS 300i Size: 114473MB BusType: 3

16:45:24.804 Disk 1 MBR read successfully

16:45:24.807 Disk 1 MBR scan

16:45:24.810 Disk 1 unknown MBR code

16:45:24.813 Disk 1 Partition 1 00 EE GPT 2097151 MB offset 1

16:45:24.817 Disk 1 scanning C:\Windows\system32\drivers

16:45:24.820 Service scanning

16:45:25.360 Modules scanning

16:45:25.365 Disk 1 trace - called modules:

16:45:25.370 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

16:45:25.375 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800d77c060]

16:45:25.381 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa800d1f17f0]

16:45:25.386 5 ACPI.sys[fffff88000f3a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800d1fa050]

16:45:25.392 Scan finished successfully

16:45:31.845 Disk 1 MBR has been saved successfully to "B:\Users\Robbie\Desktop\MBR.dat"

16:45:31.855 The log file has been saved successfully to "B:\Users\Robbie\Desktop\aswMBR.txt"

Link to post
Share on other sites

Alright, there you go.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-04-06 17:01:58

-----------------------------

17:01:58.444 OS Version: Windows x64 6.1.7601 Service Pack 1

17:01:58.444 Number of processors: 4 586 0x3A09

17:01:58.445 ComputerName: ROBBIES-PC UserName: Robbie

17:01:58.451 Initialze error 1

17:02:01.266 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

17:02:01.267 Disk 0 Vendor: ST1000DM CC4D Size: 953869MB BusType: 3

17:02:01.268 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

17:02:01.269 Disk 1 Vendor: INTEL_SS 300i Size: 114473MB BusType: 3

17:02:01.272 Disk 1 MBR read successfully

17:02:01.273 Disk 1 MBR scan

17:02:01.275 Disk 1 unknown MBR code

17:02:01.276 Disk 1 Partition 1 00 EE GPT 2097151 MB offset 1

17:02:01.278 Disk 1 scanning C:\Windows\system32\drivers

17:02:01.280 Service scanning

17:02:01.971 Modules scanning

17:02:01.973 Disk 1 trace - called modules:

17:02:01.976 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

17:02:01.978 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800d77c060]

17:02:01.981 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa800d1f17f0]

17:02:01.985 5 ACPI.sys[fffff88000f3a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800d1fa050]

17:02:01.987 Scan finished successfully

17:02:11.372 Verifying

17:02:21.379 Disk 1 Windows 601 MBR fixed successfully

17:03:14.287 Disk 1 MBR has been saved successfully to "B:\Users\Robbie\Desktop\MBR.dat"

17:03:14.290 The log file has been saved successfully to "B:\Users\Robbie\Desktop\FixMBR.txt"

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

If the scan may take several hours I want to get it right the first time.

Should the options look like this?

bc5cc4028407b970df460d264d2216d8.png?1365264839

Thanks.

Link to post
Share on other sites

The scan's complete, here's the log.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=

# engine=13565

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-04-06 04:47:06

# local_time=2013-04-06 05:47:06 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1045 16777213 100 95 21727 52397210 0 0

# compatibility_mode=5893 16776574 100 94 12356835 117731876 0 0

# scanned=235076

# found=5

# cleaned=4

# scan_time=1238

sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"

sh=58808E1A8C190E81991B39988C8BFE40F0B21076 ft=1 fh=040468984ab6ebd9 vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="B:\Users\Robbie\Downloads\SoftonicDownloader_for_hypercam.exe"

sh=AD7639A05303940A1F583B75866DCC77179B9057 ft=1 fh=91422678b04b2a42 vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="B:\Users\Robbie\Downloads\SoftonicDownloader_for_windows-live-movie-maker.exe"

sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"

sh=11E0EDC768C1EB604074EF1733A1830BC35BD57C ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-0422.BS trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Robbie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\46e2de2a-281e3e2a"

Link to post
Share on other sites

Step 1

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

Step 1

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

When trying to run JavaRa.exe I encounter the following error.

cb40db1b8100e7139803909fb089296a.png?1365267977

What should I try? The JavaRa folder is extracted to my Desktop, it's not still in the Archive folder.

Link to post
Share on other sites

Well Maniac, it says that no malicious items have been found which is brilliant.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.04.06.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Robbie :: ROBBIES-PC [administrator]

06/04/2013 18:18:39

mbam-log-2013-04-06 (18-18-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 237558

Time elapsed: 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Glad I could help! :)

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Please uninstall ESET Online Scanner.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.