Jump to content

wmvincent87

Honorary Members
  • Posts

    29
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Results of screen317's Security Check version 0.99.77 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 30 Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.9.900.117 Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  2. # AdwCleaner v3.015 - Report created 10/12/2013 at 17:31:28 # Updated 10/12/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Will - HOMESLICE # Running from : C:\Documents and Settings\Will\My Documents\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Program Files\Iminent Folder Deleted : C:\Documents and Settings\Will\Local Settings\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Will\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Will\Application Data\Media Finder Folder Deleted : C:\Documents and Settings\Will\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [!] Folder Deleted : C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml File Deleted : C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtab.crx ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk Shortcut Disinfected : C:\Documents and Settings\Will\Start Menu\Programs\Internet Explorer.lnk Shortcut Disinfected : C:\Documents and Settings\Will\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Shortcut Disinfected : C:\Documents and Settings\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\MF Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Iminent Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\MediaFinder Key Deleted : HKCU\Software\OCS Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Google Chrome v31.0.1650.63 [ File : C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [10977 octets] - [10/12/2013 17:30:25] AdwCleaner[s0].txt - [10689 octets] - [10/12/2013 17:31:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10750 octets] ##########
  3. Here is the ESET log file: C:\Documents and Settings\Will\Local Settings\Application Data\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon applicationC:\Documents and Settings\Will\My Documents\Downloads\FreeFileViewerSetup.exe a variant of Win32/InstallCore.CU applicationC:\System Volume Information\_restore{FFDDB48A-6216-4AAB-A1EE-01AFD0A1008E}\RP751\A0185508.dll a variant of Win32/BrowseFox.F applicationC:\System Volume Information\_restore{FFDDB48A-6216-4AAB-A1EE-01AFD0A1008E}\RP751\A0185509.exe a variant of Win32/BrowseFox.G applicationC:\System Volume Information\_restore{FFDDB48A-6216-4AAB-A1EE-01AFD0A1008E}\RP752\A0185670.exe a variant of Win32/BrowseFox.G applicationC:\System Volume Information\_restore{FFDDB48A-6216-4AAB-A1EE-01AFD0A1008E}\RP754\A0186164.exe a variant of Win32/Toolbar.Conduit.B application
  4. I tried again, with IE, and got the same error message.
  5. I tried to follow the link and got the following error: "The webpage at http://www.eset.com/us/online-scanner/ has resulted in too many redirects." I checked my cookie settings in google chrome and they were fine.
  6. Here is the ComboFix.txt log: ComboFix 13-12-01.01 - Will 12/03/2013 19:04:44.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2900 [GMT -5:00]Running from: c:\documents and settings\Will\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Will\Desktop\CFScript.txt..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\Overwolfc:\documents and settings\All Users\Application Data\Overwolf\Setup\180\OverwolfSetup.msic:\documents and settings\Will\Application Data\aartemisc:\documents and settings\Will\Application Data\aartemis\aartemis.exec:\documents and settings\Will\Application Data\aartemis\cor_aartemis.jsonc:\documents and settings\Will\Application Data\aartemis\DataBasec:\documents and settings\Will\Application Data\aartemis\QQBrowserFrame.dllc:\documents and settings\Will\Application Data\FreeFileViewerc:\documents and settings\Will\Application Data\FreeFileViewer\updcheck.cfgc:\documents and settings\Will\Local Settings\Application Data\FreeFileViewerc:\documents and settings\Will\Local Settings\Application Data\FreeFileViewer\FreeFileViewer.datc:\documents and settings\Will\Local Settings\Application Data\Overwolfc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\AddIns\AddIns.storec:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\AddInSideAdapters\ODK.AddIns.V1.AddInSideAdapter.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\AddInSideAdapters\ODK.AddIns.V2.AddInSideAdapter.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\AddInViews\ODK.AddIns.V1.AddInView.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\AddInViews\ODK.AddIns.V2.AddInView.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\Contracts\ODK.AddIns.V1.Contract.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\Contracts\ODK.AddIns.V2.Contract.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\HostSideAdapters\ODK.AddIns.V2.HostSideAdapter.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\HostSideAdapters\ODK.AddIns.V2.HostSideAdapterV1.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\PipelineSegments.storec:\documents and settings\Will\Local Settings\Application Data\Overwolf\GamesList.4627103.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\InstallerCache\OWResources.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Log\InstallerTrace.logc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Log\MSI_2013_11_25_19_21.log.gzc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Log\Overwolf_11-25-13_19-22-10.Game.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Log\Overwolf_11-26-13_15-31-25.Game.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Log\OWLog.cfgc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Log\Trace.logc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Capture.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Capture.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_ChatNVoice.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_ChatNVoice.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Entertainment.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Entertainment.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_ForGames.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_ForGames.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_ForTablets.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_ForTablets.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_FTW.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_FTW.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Social.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Social.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Utilities.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Utilities.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_LoLTimers_Tile.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_LoLTimers_Tile.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_MusicPlayer_Tile.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_MusicPlayer_Tile.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_ScreenCapture_Tile.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_ScreenCapture_Tile.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_TeamSpeak_WideTile.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_TeamSpeak_WideTile.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_VideoCapture_WideTile.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_VideoCapture_WideTile.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Action.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Action.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_MMORPG.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_MMORPG.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Other.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Other.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Shooters.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Shooters.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Sports.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Sports.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Strategy.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Strategy.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_1327.swfc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_1327.swf.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_EndGame.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_EndGame.html.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_MusicPlayerPromo.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_MusicPlayerPromo.html.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_Promo300on250.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_Promo300on250.html.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_RunesOfMagic.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_RunesOfMagic.html.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_StarWarsTOR.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_StarWarsTOR.html.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_WorldOfTanks.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_WorldOfTanks.html.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Settings\SettingsPageAccounts.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Settings\SettingsPageBasic.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Settings\SettingsPageCache.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Settings\SettingsPageGeneral.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Settings\SettingsPageGuidanceLayer.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Settings\SettingsPageStats.xmlc:\program files\BuzzSearchc:\program files\FreeFileViewerc:\program files\FreeFileViewer\cmaps\83PV-R_1c:\program files\FreeFileViewer\cmaps\90MS-R_1c:\program files\FreeFileViewer\cmaps\90MS-R_2c:\program files\FreeFileViewer\cmaps\90MS-R_3c:\program files\FreeFileViewer\cmaps\90MSP-_1c:\program files\FreeFileViewer\cmaps\90MSP-_2c:\program files\FreeFileViewer\cmaps\90PV-R_1c:\program files\FreeFileViewer\cmaps\90PV-R_2c:\program files\FreeFileViewer\cmaps\90PV-R_3c:\program files\FreeFileViewer\cmaps\AD2D42_1c:\program files\FreeFileViewer\cmaps\AD4844_1c:\program files\FreeFileViewer\cmaps\AD5AE7_1c:\program files\FreeFileViewer\cmaps\ADB53F_1c:\program files\FreeFileViewer\cmaps\ADD-RK_1c:\program files\FreeFileViewer\cmaps\ADD-RK_2c:\program files\FreeFileViewer\cmaps\ADOBE-_1c:\program files\FreeFileViewer\cmaps\ADOBE-_2c:\program files\FreeFileViewer\cmaps\ADOBE-_3c:\program files\FreeFileViewer\cmaps\ADOBE-_4c:\program files\FreeFileViewer\cmaps\B5pc-Hc:\program files\FreeFileViewer\cmaps\B5PC-U_1c:\program files\FreeFileViewer\cmaps\B5PC-U_2c:\program files\FreeFileViewer\cmaps\B5pc-Vc:\program files\FreeFileViewer\cmaps\CNS-EU_1c:\program files\FreeFileViewer\cmaps\CNS-EU_2c:\program files\FreeFileViewer\cmaps\ETEN-B_1c:\program files\FreeFileViewer\cmaps\ETEN-B_2c:\program files\FreeFileViewer\cmaps\ETEN-B_3c:\program files\FreeFileViewer\cmaps\ETENMS_1c:\program files\FreeFileViewer\cmaps\ETENMS_2c:\program files\FreeFileViewer\cmaps\EUC-Hc:\program files\FreeFileViewer\cmaps\EUC-Vc:\program files\FreeFileViewer\cmaps\EXT-RK_1c:\program files\FreeFileViewer\cmaps\EXT-RK_2c:\program files\FreeFileViewer\cmaps\GB-EUC-Hc:\program files\FreeFileViewer\cmaps\GB-EUC-Vc:\program files\FreeFileViewer\cmaps\GBK-EU_1c:\program files\FreeFileViewer\cmaps\GBK-EU_2c:\program files\FreeFileViewer\cmaps\GBK-EU_3c:\program files\FreeFileViewer\cmaps\GBK2K-Hc:\program files\FreeFileViewer\cmaps\GBK2K-Vc:\program files\FreeFileViewer\cmaps\GBKP-E_1c:\program files\FreeFileViewer\cmaps\GBKP-E_2c:\program files\FreeFileViewer\cmaps\GBPC-E_1c:\program files\FreeFileViewer\cmaps\GBPC-E_2c:\program files\FreeFileViewer\cmaps\GBPC-E_3c:\program files\FreeFileViewer\cmaps\GBPC-E_4c:\program files\FreeFileViewer\cmaps\GBT-EU_1c:\program files\FreeFileViewer\cmaps\GBT-EU_2c:\program files\FreeFileViewer\cmaps\Hc:\program files\FreeFileViewer\cmaps\HKSCS-_1c:\program files\FreeFileViewer\cmaps\HKSCS-_2c:\program files\FreeFileViewer\cmaps\IDENTI_1c:\program files\FreeFileViewer\cmaps\IDENTI_2c:\program files\FreeFileViewer\cmaps\KSC-EU_1c:\program files\FreeFileViewer\cmaps\KSC-EU_2c:\program files\FreeFileViewer\cmaps\KSCMS-_1c:\program files\FreeFileViewer\cmaps\KSCMS-_2c:\program files\FreeFileViewer\cmaps\KSCMS-_3c:\program files\FreeFileViewer\cmaps\KSCMS-_4c:\program files\FreeFileViewer\cmaps\KSCPC-_1c:\program files\FreeFileViewer\cmaps\KSCPC-_2c:\program files\FreeFileViewer\cmaps\KSCPC-_3c:\program files\FreeFileViewer\cmaps\KSCPC-_4c:\program files\FreeFileViewer\cmaps\KSFD92_1c:\program files\FreeFileViewer\cmaps\UNICNS_1c:\program files\FreeFileViewer\cmaps\UNICNS_2c:\program files\FreeFileViewer\cmaps\UNIGB-_1c:\program files\FreeFileViewer\cmaps\UNIGB-_2c:\program files\FreeFileViewer\cmaps\UNIJIS_1c:\program files\FreeFileViewer\cmaps\UNIJIS_2c:\program files\FreeFileViewer\cmaps\UNIJIS_3c:\program files\FreeFileViewer\cmaps\UNIJIS_4c:\program files\FreeFileViewer\cmaps\UNIKS-_1c:\program files\FreeFileViewer\cmaps\UNIKS-_2c:\program files\FreeFileViewer\cmaps\Vc:\program files\FreeFileViewer\ffmpeg\avcodec-53.dllc:\program files\FreeFileViewer\ffmpeg\avdevice-53.dllc:\program files\FreeFileViewer\ffmpeg\avfilter-2.dllc:\program files\FreeFileViewer\ffmpeg\avformat-53.dllc:\program files\FreeFileViewer\ffmpeg\avutil-51.dllc:\program files\FreeFileViewer\ffmpeg\license_ffmpeg.txtc:\program files\FreeFileViewer\ffmpeg\license_libgsm.txtc:\program files\FreeFileViewer\ffmpeg\license_libogg.txtc:\program files\FreeFileViewer\ffmpeg\license_libspeex.txtc:\program files\FreeFileViewer\ffmpeg\license_libtheora.txtc:\program files\FreeFileViewer\ffmpeg\license_libvorbis.txtc:\program files\FreeFileViewer\ffmpeg\license_opencore_amr.txtc:\program files\FreeFileViewer\ffmpeg\license_sdl.txtc:\program files\FreeFileViewer\ffmpeg\myutil.dllc:\program files\FreeFileViewer\ffmpeg\SDL.dllc:\program files\FreeFileViewer\ffmpeg\source.txtc:\program files\FreeFileViewer\ffmpeg\swresample-0.dllc:\program files\FreeFileViewer\ffmpeg\swscale-2.dllc:\program files\FreeFileViewer\FFVCFG.exec:\program files\FreeFileViewer\FFVCheckForUpdates.exec:\program files\FreeFileViewer\FreeFileViewer.exec:\program files\FreeFileViewer\js32.dllc:\program files\FreeFileViewer\tx18.dllc:\program files\FreeFileViewer\tx18_bmp.fltc:\program files\FreeFileViewer\tx18_css.dllc:\program files\FreeFileViewer\tx18_doc.dllc:\program files\FreeFileViewer\tx18_dox.dllc:\program files\FreeFileViewer\tx18_gif.fltc:\program files\FreeFileViewer\tx18_htm.dllc:\program files\FreeFileViewer\tx18_ic.dllc:\program files\FreeFileViewer\tx18_ic.inic:\program files\FreeFileViewer\tx18_jpg.fltc:\program files\FreeFileViewer\tx18_obj.dllc:\program files\FreeFileViewer\tx18_png.fltc:\program files\FreeFileViewer\tx18_rtf.dllc:\program files\FreeFileViewer\tx18_tif.fltc:\program files\FreeFileViewer\tx18_tls.dllc:\program files\FreeFileViewer\tx18_wnd.dllc:\program files\FreeFileViewer\tx18_xml.dllc:\program files\FreeFileViewer\tx4ole18.ocxc:\program files\FreeFileViewer\unins000.datc:\program files\FreeFileViewer\unins000.exec:\program files\FreeFileViewer\unins000.msgc:\program files\FreeFileViewer\updates.cfgc:\program files\FreeFileViewer\vsgdi.dllc:\program files\FreeFileViewer\VSPDFViewerX.ocxc:\program files\FreeFileViewer\welcome.docx..((((((((((((((((((((((((( Files Created from 2013-11-04 to 2013-12-04 )))))))))))))))))))))))))))))))..2013-11-28 14:56 . 2013-11-28 14:56 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-28 14:56 . 2009-07-17 02:13 105176 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-10-19 19:13 . 2012-02-14 15:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-13 07:25 . 2001-08-23 12:00 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-13 07:25 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll2013-10-13 07:25 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-13 07:24 . 2001-08-23 12:00 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-13 06:57 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec2013-10-12 15:56 . 2001-08-23 12:00 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-09 13:12 . 2001-08-23 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll2013-10-07 10:59 . 2001-08-23 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 01:14 . 2009-04-20 23:10 7168 ----a-w- c:\windows\system32\xpsp4res.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]2005-05-03 22:43 69632 ----a-w- c:\windows\Alcmtr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]2012-10-12 02:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltTray]2002-12-06 16:19 56320 ----a-r- c:\windows\system32\delttray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]2012-11-06 01:38 138096 ----atw- c:\documents and settings\Will\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]2001-08-23 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]2004-08-04 05:31 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]2004-04-17 16:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]2004-04-13 10:07 69632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]2009-09-10 19:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]2004-08-04 05:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]2013-03-15 02:57 15668512 ----a-w- c:\windows\system32\nvcpl.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]2013-03-15 02:57 223008 ----a-w- c:\windows\system32\nvmctray.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]2013-03-11 20:24 3093624 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]2004-08-04 05:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]2004-08-04 05:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2007-12-20 20:47 16860672 ----a-w- c:\windows\RTHDCPL.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2013-03-12 11:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Ventrilo\\Ventrilo.exe"="c:\\Program Files\\Warcraft 3\\Frozen Throne.exe"="c:\\Program Files\\Warcraft 3\\Warcraft III.exe"="c:\\Program Files\\Warcraft 3\\War3.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Documents and Settings\\Will\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\skyrim\\SkyrimLauncher.exe"="c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\chivalrymedievalwarfare\\Binaries\\Win32\\UDK.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8381:TCP"= 8381:TCP:League of Legends Launcher"8381:UDP"= 8381:UDP:League of Legends Launcher"8370:TCP"= 8370:TCP:League of Legends Launcher"8370:UDP"= 8370:UDP:League of Legends Launcher"8371:TCP"= 8371:TCP:League of Legends Launcher"8371:UDP"= 8371:UDP:League of Legends Launcher"8372:TCP"= 8372:TCP:League of Legends Launcher"8372:UDP"= 8372:UDP:League of Legends Launcher"8373:TCP"= 8373:TCP:League of Legends Launcher"8373:UDP"= 8373:UDP:League of Legends Launcher"8374:TCP"= 8374:TCP:League of Legends Launcher"8374:UDP"= 8374:UDP:League of Legends Launcher"8375:TCP"= 8375:TCP:League of Legends Launcher"8375:UDP"= 8375:UDP:League of Legends Launcher"58748:TCP"= 58748:TCP:Pando Media Booster"58748:UDP"= 58748:UDP:Pando Media Booster"6905:TCP"= 6905:TCP:League of Legends Launcher"6905:UDP"= 6905:UDP:League of Legends Launcher"6886:TCP"= 6886:TCP:League of Legends Launcher"6886:UDP"= 6886:UDP:League of Legends Launcher"6906:TCP"= 6906:TCP:League of Legends Launcher"6906:UDP"= 6906:UDP:League of Legends Launcher"6921:TCP"= 6921:TCP:League of Legends Launcher"6921:UDP"= 6921:UDP:League of Legends Launcher"6891:TCP"= 6891:TCP:League of Legends Launcher"6891:UDP"= 6891:UDP:League of Legends Launcher"6978:TCP"= 6978:TCP:League of Legends Launcher"6978:UDP"= 6978:UDP:League of Legends Launcher"6960:TCP"= 6960:TCP:League of Legends Launcher"6960:UDP"= 6960:UDP:League of Legends Launcher"6982:TCP"= 6982:TCP:League of Legends Launcher"6982:UDP"= 6982:UDP:League of Legends Launcher"8382:TCP"= 8382:TCP:League of Legends Launcher"8382:UDP"= 8382:UDP:League of Legends Launcher"6940:TCP"= 6940:TCP:League of Legends Launcher"6940:UDP"= 6940:UDP:League of Legends Launcher"6923:TCP"= 6923:TCP:League of Legends Launcher"6923:UDP"= 6923:UDP:League of Legends Launcher"6898:TCP"= 6898:TCP:League of Legends Launcher"6898:UDP"= 6898:UDP:League of Legends Launcher"6959:TCP"= 6959:TCP:League of Legends Launcher"6959:UDP"= 6959:UDP:League of Legends Launcher"6919:TCP"= 6919:TCP:League of Legends Launcher"6919:UDP"= 6919:UDP:League of Legends Launcher"8383:TCP"= 8383:TCP:League of Legends Launcher"8383:UDP"= 8383:UDP:League of Legends Launcher"8393:TCP"= 8393:TCP:League of Legends Lobby"8393:UDP"= 8393:UDP:League of Legends Lobby"8390:TCP"= 8390:TCP:League of Legends Game Client"8390:UDP"= 8390:UDP:League of Legends Game Client"6909:TCP"= 6909:TCP:League of Legends Launcher"6909:UDP"= 6909:UDP:League of Legends Launcher"58651:TCP"= 58651:TCP:Pando Media Booster"58651:UDP"= 58651:UDP:Pando Media Booster.R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [5/10/2013 5:57 PM 103040]S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 5:45 PM 161384]S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [7/7/2009 6:33 PM 14336]S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [7/7/2009 6:33 PM 18432]S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [7/8/2010 3:09 PM 606056].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-11-18 02:56 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 19:13].2012-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57].2013-12-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-1123561945-839522115-1004Core.job- c:\documents and settings\Will\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-11-06 01:38].2013-12-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-1123561945-839522115-1004UA.job- c:\documents and settings\Will\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-11-06 01:38].2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-08 02:43].2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-08 02:43]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Download with &Media Finder - c:\program files\Media Finder\hook.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Will\Start Menu\Programs\IMVU\Run IMVU.lnkTCP: DhcpNameServer = 192.168.0.1.- - - - ORPHANS REMOVED - - - -.AddRemove-FreeFileViewer_is1 - c:\program files\FreeFileViewer\unins000.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-12-03 19:10Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2000478354-1123561945-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:3a,af,22,bd,98,30,27,0d,15,fc,72,99,2f,f0,56,38,98,ab,c2,29,90,fc,4a, ff,42,e1,c4,e9,c3,dc,e1,d7,2e,bb,be,3b,1f,69,f5,16,a2,7d,96,9b,1b,95,8d,18,\"??"=hex:98,c2,01,c2,f0,40,35,57,dd,be,35,30,0d,3c,cb,7a.[HKEY_USERS\S-1-5-21-2000478354-1123561945-839522115-1004\Software\SecuROM\License information*]"datasecu"=hex:a9,4b,0a,c4,03,34,06,b6,1c,e3,85,23,d3,ed,f9,6e,59,44,dc,c7,5b, 1e,bd,c6,6e,88,a9,fe,3b,03,10,e1,6a,d0,5f,a8,b2,93,bd,49,97,ba,14,0a,b0,70,\"rkeysecu"=hex:fa,ec,28,b2,05,23,b7,a4,93,95,54,34,e9,bc,9d,5b.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]"DisplayName"="???\17?\11\09""DeviceDesc"="???\17?\11\09""ProviderName"="???\11?\17?\11??""MFG"="???????""ReinstallString"=".10.1000.7""DeviceInstanceIds"=multi:"c:\\documents and settings\\administrator\\desktop\\wills drivers\\ma790chipset\\smbus\\smbusati.inf\00".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(828)c:\windows\system32\Ati2evxx.dll.Completion time: 2013-12-03 19:11:08ComboFix-quarantined-files.txt 2013-12-04 00:11ComboFix2.txt 2013-12-02 22:19.Pre-Run: 64,507,699,200 bytes freePost-Run: 64,419,651,584 bytes free.- - End Of File - - 1250AD9272BDEB070678DF39C138DD8D8F558EB6672622401DA993E1E865C861 Here is the MBAM log: Malwarebytes' Anti-Malware 1.41Database version: 2775Windows 5.1.2600 Service Pack 3 12/3/2013 7:52:25 PMmbam-log-2013-12-03 (19-52-25).txt Scan type: Full Scan (C:\|F:\|G:\|)Objects scanned: 245712Time elapsed: 36 minute(s), 0 second(s) Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:(No malicious items detected) Registry Keys Infected:(No malicious items detected) Registry Values Infected:(No malicious items detected) Registry Data Items Infected:(No malicious items detected) Folders Infected:(No malicious items detected) Files Infected:(No malicious items detected)
  7. Ok, I have uninstalled AVG and run ComboFix. Here is the log. ComboFix 13-12-01.01 - Will 12/02/2013 17:14:54.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2905 [GMT -5:00]Running from: c:\documents and settings\Will\Desktop\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Administrator\WINDOWSc:\documents and settings\Will\WINDOWSc:\windows\system32\Cachec:\windows\system32\Cache\019c6c0ef11c676a.fbc:\windows\system32\Cache\17418173961a6250.fbc:\windows\system32\Cache\1b4723a175d96669.fbc:\windows\system32\Cache\26c630d098e22dd5.fbc:\windows\system32\Cache\272512937d9e61a4.fbc:\windows\system32\Cache\287204568329e189.fbc:\windows\system32\Cache\28bc8f716fd76a47.fbc:\windows\system32\Cache\2c53092c95605355.fbc:\windows\system32\Cache\31a0997e9a5b5eb3.fbc:\windows\system32\Cache\32c84fe32bb74d60.fbc:\windows\system32\Cache\3917078cb68ec657.fbc:\windows\system32\Cache\590ba23ce359fd0c.fbc:\windows\system32\Cache\5a1f1741a9e6a299.fbc:\windows\system32\Cache\610289e025a3ee9a.fbc:\windows\system32\Cache\651c5d3cdbfb8bd1.fbc:\windows\system32\Cache\6aa78d57b69983e0.fbc:\windows\system32\Cache\6c59ac5e7e7a3ad0.fbc:\windows\system32\Cache\6d03dad1035885d3.fbc:\windows\system32\Cache\71c5ff90c8a09a05.fbc:\windows\system32\Cache\737c9794d9df79a2.fbc:\windows\system32\Cache\76e71a78f429d89a.fbc:\windows\system32\Cache\83afa52ca9fed0a3.fbc:\windows\system32\Cache\88a946ac46b79b73.fbc:\windows\system32\Cache\95f567698be8a182.fbc:\windows\system32\Cache\a8556537add6dfc5.fbc:\windows\system32\Cache\aa3619c824ee53cd.fbc:\windows\system32\Cache\ad10a52aff5e038d.fbc:\windows\system32\Cache\b9545674517d401c.fbc:\windows\system32\Cache\c1fa887b03019701.fbc:\windows\system32\Cache\c4d28dca2e7648be.fbc:\windows\system32\Cache\d201ef9910cd39de.fbc:\windows\system32\Cache\d2e94710a5708128.fbc:\windows\system32\Cache\d79b9dfe81484ec4.fbc:\windows\system32\Cache\e988c50b3c6874d5.fbc:\windows\system32\Cache\f998975c9cc711ee.fbc:\windows\system32\Cache\fb0a3c319fb3dd3f.fbc:\windows\system32\dllcache\wmpvis.dllc:\windows\system32\FlashPlayerApp.exec:\windows\system32\SET428.tmpc:\windows\system32\SET42C.tmpc:\windows\system32\SET434.tmpc:\windows\system32\win.inic:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-11-02 to 2013-12-02 )))))))))))))))))))))))))))))))..2013-11-28 14:56 . 2013-11-28 14:56 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-11-26 20:21 . 2013-11-26 20:24 -------- d-----w- c:\documents and settings\Will\Application Data\FreeFileViewer2013-11-26 00:22 . 2013-11-26 00:22 -------- d-----w- c:\documents and settings\Will\Local Settings\Application Data\FreeFileViewer2013-11-26 00:22 . 2013-11-26 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Overwolf2013-11-26 00:21 . 2013-11-26 00:21 -------- d-----w- c:\program files\FreeFileViewer2013-11-26 00:21 . 2013-11-26 20:31 -------- d-----w- c:\documents and settings\Will\Local Settings\Application Data\Overwolf2013-11-26 00:21 . 2013-11-26 00:21 -------- d-----w- c:\documents and settings\Will\Application Data\aartemis2013-11-26 00:20 . 2013-11-26 21:58 -------- d-----w- c:\program files\BuzzSearch...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-28 14:56 . 2009-07-17 02:13 105176 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-10-19 19:13 . 2012-02-14 15:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-13 07:25 . 2001-08-23 12:00 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-13 07:25 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll2013-10-13 07:25 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-13 07:24 . 2001-08-23 12:00 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-13 06:57 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec2013-10-12 15:56 . 2001-08-23 12:00 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-09 13:12 . 2001-08-23 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll2013-10-07 10:59 . 2001-08-23 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 01:14 . 2009-04-20 23:10 7168 ----a-w- c:\windows\system32\xpsp4res.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]2005-05-03 22:43 69632 ----a-w- c:\windows\Alcmtr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]2012-10-12 02:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltTray]2002-12-06 16:19 56320 ----a-r- c:\windows\system32\delttray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]2012-11-06 01:38 138096 ----atw- c:\documents and settings\Will\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]2001-08-23 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]2004-08-04 05:31 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]2004-04-17 16:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]2004-04-13 10:07 69632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]2009-09-10 19:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]2004-08-04 05:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]2013-03-15 02:57 15668512 ----a-w- c:\windows\system32\nvcpl.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]2013-03-15 02:57 223008 ----a-w- c:\windows\system32\nvmctray.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]2013-03-11 20:24 3093624 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]2004-08-04 05:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]2004-08-04 05:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2007-12-20 20:47 16860672 ----a-w- c:\windows\RTHDCPL.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2013-03-12 11:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Ventrilo\\Ventrilo.exe"="c:\\Program Files\\Warcraft 3\\Frozen Throne.exe"="c:\\Program Files\\Warcraft 3\\Warcraft III.exe"="c:\\Program Files\\Warcraft 3\\War3.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Documents and Settings\\Will\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\skyrim\\SkyrimLauncher.exe"="c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\chivalrymedievalwarfare\\Binaries\\Win32\\UDK.exe"="c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8381:TCP"= 8381:TCP:League of Legends Launcher"8381:UDP"= 8381:UDP:League of Legends Launcher"8370:TCP"= 8370:TCP:League of Legends Launcher"8370:UDP"= 8370:UDP:League of Legends Launcher"8371:TCP"= 8371:TCP:League of Legends Launcher"8371:UDP"= 8371:UDP:League of Legends Launcher"8372:TCP"= 8372:TCP:League of Legends Launcher"8372:UDP"= 8372:UDP:League of Legends Launcher"8373:TCP"= 8373:TCP:League of Legends Launcher"8373:UDP"= 8373:UDP:League of Legends Launcher"8374:TCP"= 8374:TCP:League of Legends Launcher"8374:UDP"= 8374:UDP:League of Legends Launcher"8375:TCP"= 8375:TCP:League of Legends Launcher"8375:UDP"= 8375:UDP:League of Legends Launcher"58748:TCP"= 58748:TCP:Pando Media Booster"58748:UDP"= 58748:UDP:Pando Media Booster"6905:TCP"= 6905:TCP:League of Legends Launcher"6905:UDP"= 6905:UDP:League of Legends Launcher"6886:TCP"= 6886:TCP:League of Legends Launcher"6886:UDP"= 6886:UDP:League of Legends Launcher"6906:TCP"= 6906:TCP:League of Legends Launcher"6906:UDP"= 6906:UDP:League of Legends Launcher"6921:TCP"= 6921:TCP:League of Legends Launcher"6921:UDP"= 6921:UDP:League of Legends Launcher"6891:TCP"= 6891:TCP:League of Legends Launcher"6891:UDP"= 6891:UDP:League of Legends Launcher"6978:TCP"= 6978:TCP:League of Legends Launcher"6978:UDP"= 6978:UDP:League of Legends Launcher"6960:TCP"= 6960:TCP:League of Legends Launcher"6960:UDP"= 6960:UDP:League of Legends Launcher"6982:TCP"= 6982:TCP:League of Legends Launcher"6982:UDP"= 6982:UDP:League of Legends Launcher"8382:TCP"= 8382:TCP:League of Legends Launcher"8382:UDP"= 8382:UDP:League of Legends Launcher"6940:TCP"= 6940:TCP:League of Legends Launcher"6940:UDP"= 6940:UDP:League of Legends Launcher"6923:TCP"= 6923:TCP:League of Legends Launcher"6923:UDP"= 6923:UDP:League of Legends Launcher"6898:TCP"= 6898:TCP:League of Legends Launcher"6898:UDP"= 6898:UDP:League of Legends Launcher"6959:TCP"= 6959:TCP:League of Legends Launcher"6959:UDP"= 6959:UDP:League of Legends Launcher"6919:TCP"= 6919:TCP:League of Legends Launcher"6919:UDP"= 6919:UDP:League of Legends Launcher"8383:TCP"= 8383:TCP:League of Legends Launcher"8383:UDP"= 8383:UDP:League of Legends Launcher"8393:TCP"= 8393:TCP:League of Legends Lobby"8393:UDP"= 8393:UDP:League of Legends Lobby"8390:TCP"= 8390:TCP:League of Legends Game Client"8390:UDP"= 8390:UDP:League of Legends Game Client"6909:TCP"= 6909:TCP:League of Legends Launcher"6909:UDP"= 6909:UDP:League of Legends Launcher"58651:TCP"= 58651:TCP:Pando Media Booster"58651:UDP"= 58651:UDP:Pando Media Booster.R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [5/10/2013 5:57 PM 103040]S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 5:45 PM 161384]S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [7/7/2009 6:33 PM 14336]S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [7/7/2009 6:33 PM 18432]S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [7/8/2010 3:09 PM 606056].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-11-18 02:56 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 19:13].2012-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57].2013-12-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-1123561945-839522115-1004Core.job- c:\documents and settings\Will\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-11-06 01:38].2013-12-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-1123561945-839522115-1004UA.job- c:\documents and settings\Will\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-11-06 01:38].2013-12-02 c:\windows\Tasks\FreeFileViewerUpdateChecker.job- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2013-11-26 23:24].2013-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-08 02:43].2013-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-08 02:43]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Download with &Media Finder - c:\program files\Media Finder\hook.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Will\Start Menu\Programs\IMVU\Run IMVU.lnkTCP: DhcpNameServer = 192.168.0.1.- - - - ORPHANS REMOVED - - - -.MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2014\avgui.exeMSConfigStartUp-Media Finder - c:\program files\Media Finder\MF.exeMSConfigStartUp-Overwolf - c:\program files\Overwolf\Overwolf.exeMSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exeAddRemove-HijackThis - c:\documents and settings\Will\Desktop\HiJackThis\HijackThis.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-12-02 17:18Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2000478354-1123561945-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:3a,af,22,bd,98,30,27,0d,15,fc,72,99,2f,f0,56,38,98,ab,c2,29,90,fc,4a, ff,42,e1,c4,e9,c3,dc,e1,d7,2e,bb,be,3b,1f,69,f5,16,a2,7d,96,9b,1b,95,8d,18,\"??"=hex:98,c2,01,c2,f0,40,35,57,dd,be,35,30,0d,3c,cb,7a.[HKEY_USERS\S-1-5-21-2000478354-1123561945-839522115-1004\Software\SecuROM\License information*]"datasecu"=hex:a9,4b,0a,c4,03,34,06,b6,1c,e3,85,23,d3,ed,f9,6e,59,44,dc,c7,5b, 1e,bd,c6,6e,88,a9,fe,3b,03,10,e1,6a,d0,5f,a8,b2,93,bd,49,97,ba,14,0a,b0,70,\"rkeysecu"=hex:fa,ec,28,b2,05,23,b7,a4,93,95,54,34,e9,bc,9d,5b.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]"DisplayName"="???\17?\11\09""DeviceDesc"="???\17?\11\09""ProviderName"="???\11?\17?\11??""MFG"="???????""ReinstallString"=".10.1000.7""DeviceInstanceIds"=multi:"c:\\documents and settings\\administrator\\desktop\\wills drivers\\ma790chipset\\smbus\\smbusati.inf\00".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(844)c:\windows\system32\Ati2evxx.dll.Completion time: 2013-12-02 17:19:28ComboFix-quarantined-files.txt 2013-12-02 22:19.Pre-Run: 63,130,071,040 bytes freePost-Run: 64,492,154,880 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer.- - End Of File - - 939D63C5A00F719F48E703C35B3B43208F558EB6672622401DA993E1E865C861
  8. I attempted to disable my AVG 2014, and followed the instructions in the sticky topic on disabling security applications. ComboFix still detected an AVG update module running, and I have been unable to find and disable it. All the update options, schedule options, and protection options have been disabled. Should I still run ComboFix despite the warning?
  9. Currently the only symptoms I am aware of are infected browsers. Here is the Malwarebytes Anti rootkit log: ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_30 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXEDCPU speed: 3.214000 GHzMemory total: 3488002048, free: 2607083520 Downloaded database version: v2013.11.28.06Downloaded database version: v2013.10.11.02Initializing...======================------------ Kernel report ------------ 11/28/2013 09:56:38------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\System32\DRIVERS\WMILIB.SYSpci.sysohci1394.sys\WINDOWS\System32\DRIVERS\1394BUS.SYSisapnp.syspciide.sys\WINDOWS\System32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmload.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysdisk.sys\WINDOWS\System32\DRIVERS\CLASSPNP.SYSfltmgr.syssr.sysPxHelp20.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.sysMup.sysavgrkx86.sysavglogx.sysavgmfx86.sysavgidshx.sys\SystemRoot\System32\DRIVERS\nic1394.sys\SystemRoot\system32\DRIVERS\AmdK8.sys\SystemRoot\System32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\ati2mtag.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\System32\DRIVERS\Rtenicxp.sys\SystemRoot\System32\DRIVERS\usbohci.sys\SystemRoot\System32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\System32\DRIVERS\cdrom.sys\SystemRoot\System32\DRIVERS\redbook.sys\SystemRoot\System32\DRIVERS\ks.sys\SystemRoot\System32\Drivers\GEARAspiWDM.sys\SystemRoot\system32\drivers\delta.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\System32\DRIVERS\fdc.sys\SystemRoot\System32\DRIVERS\serial.sys\SystemRoot\System32\DRIVERS\serenum.sys\SystemRoot\System32\DRIVERS\parport.sys\SystemRoot\System32\DRIVERS\i8042prt.sys\SystemRoot\System32\DRIVERS\mouclass.sys\SystemRoot\System32\DRIVERS\kbdclass.sys\SystemRoot\System32\DRIVERS\audstub.sys\SystemRoot\System32\DRIVERS\bridge.sys\SystemRoot\System32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\rasl2tp.sys\SystemRoot\System32\DRIVERS\ndistapi.sys\SystemRoot\System32\DRIVERS\ndiswan.sys\SystemRoot\System32\DRIVERS\raspppoe.sys\SystemRoot\System32\DRIVERS\raspptp.sys\SystemRoot\System32\DRIVERS\psched.sys\SystemRoot\System32\DRIVERS\msgpc.sys\SystemRoot\System32\DRIVERS\ptilink.sys\SystemRoot\System32\DRIVERS\raspti.sys\SystemRoot\System32\DRIVERS\rdpdr.sys\SystemRoot\System32\DRIVERS\termdd.sys\SystemRoot\System32\DRIVERS\swenum.sys\SystemRoot\System32\DRIVERS\update.sys\SystemRoot\System32\DRIVERS\mssmbios.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtihdXP3.sys\SystemRoot\System32\DRIVERS\usbhub.sys\SystemRoot\System32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\RtkHDAud.sys\SystemRoot\System32\DRIVERS\flpydisk.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\WINDOWS\system32\drivers\avgtpx86.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\DRIVERS\rasacd.sys\SystemRoot\System32\DRIVERS\ipsec.sys\SystemRoot\System32\DRIVERS\tcpip.sys\SystemRoot\system32\DRIVERS\avgtdix.sys\SystemRoot\System32\DRIVERS\ipnat.sys\SystemRoot\System32\DRIVERS\arp1394.sys\SystemRoot\System32\DRIVERS\wanarp.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbios.sys\SystemRoot\System32\DRIVERS\rdbss.sys\SystemRoot\System32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\SystemRoot\system32\DRIVERS\avgldx86.sys\SystemRoot\system32\DRIVERS\avgidsshimx.sys\SystemRoot\system32\DRIVERS\avgidsdriverx.sys\SystemRoot\system32\DRIVERS\avgdiskx.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\Fastfat.SYS\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_WMILIB.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\ati2dvag.dll\SystemRoot\System32\ati2cqag.dll\SystemRoot\System32\atikvmag.dll\SystemRoot\System32\atiok3x2.dll\SystemRoot\System32\ati3duag.dll\SystemRoot\System32\ativvaxx.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\nwlnkipx.sys\SystemRoot\system32\DRIVERS\nwlnknb.sys\SystemRoot\System32\DRIVERS\ndisuio.sys\SystemRoot\System32\DRIVERS\mrxdav.sys\SystemRoot\System32\Drivers\ParVdm.SYS\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\nwlnkspx.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\SystemRoot\System32\Drivers\HTTP.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xffffffff8b0c7ab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-17\Lower Device Object: 0xffffffff8b0cc940Lower Device Driver Name: \Driver\atapi\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff8b0ffab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-c\Lower Device Object: 0xffffffff8b124d98Lower Device Driver Name: \Driver\atapi\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8b11eab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\Lower Device Object: 0xffffffff8b125d98Lower Device Driver Name: \Driver\atapi\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8b11eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8b126168, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8b11eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8b113f18, DeviceName: \Device\0000006c\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8b125d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: C640C63 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 268413957 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250058268160 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-488375055-488395055)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xffffffff8b0ffab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8b19cb70, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8b0ffab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8b1103b8, DeviceName: \Device\0000006d\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8b124d98, DeviceName: \Device\Ide\IdeDeviceP0T1L0-c\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 44A91B35 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 312560577 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160040803840 bytesSector size: 512 bytes Done!Physical Sector Size: 512Drive: 2, DevicePointer: 0xffffffff8b0c7ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8b19c958, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8b0c7ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8b1a29e8, DeviceName: \Device\0000006e\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8b0cc940, DeviceName: \Device\Ide\IdeDeviceP1T0L0-17\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 2Scanning MBR on drive 2...Inspecting partition table:MBR Signature: 55AADisk Signature: 7393CE69 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 312560577 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160040803840 bytesSector size: 512 bytes Done!Infected: HKLM\SOFTWARE\CLASSES\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} --> [Trojan.Downloader]Infected: C:\Documents and Settings\Will\Application Data\Media Finder\Extensions\gencrawler_gc.dll --> [Trojan.Downloader]Infected: HKLM\SOFTWARE\CLASSES\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\INPROCSERVER32 --> [Trojan.Downloader]Infected: HKLM\SOFTWARE\CLASSES\gencrawler_gc.GenCrawler --> [Trojan.Downloader]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CA4520F3-AE13-4FB1-A513-58E23991C86D} --> [Trojan.Downloader]Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CA4520F3-AE13-4FB1-A513-58E23991C86D} --> [Trojan.Downloader]Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CA4520F3-AE13-4FB1-A513-58E23991C86D} --> [Trojan.Downloader]Read File: File "c:\documents and settings\all users\application data\avg2014\chjw\4cb0d599b0d58a3a.dat:5df2cd06-e1ab-4721-9a76-de6905e9e001" is sparse (flags = 32768)Infected file C:\Documents and Settings\Will\Local Settings\Temp\is1914646434\5877403_stp\wajam_validate.exe could not be remediated because backup file is not availableRead File: File "c:\windows\system32\config\systemprofile\local settings\application data\avg2014\log\avg-9a0edf74-476d-450c-840a-7243c9b4f438.tmp" is compressed (flags = 1)Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_30 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXEDCPU speed: 3.214000 GHzMemory total: 3488002048, free: 2777862144 =======================================
  10. So far all I have found is Aartemis is in my browsers. There was also something else called Overwolf that I think I was able to uninstall. Here are my log files. Thanks for your help! dds.txt attach.txt
  11. I was recently able to make some headway. following the instructions found here: http://forums.spybot.info/showthread.php?p=326924 here is a copy of my combofix log. i am currently running MBAM. ComboFix 09-08-09.04 - John DeVore 08/10/2009 9:17.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.645 [GMT -4:00] Running from: c:\documents and settings\John DeVore\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\documents\setup.exe c:\documents and settings\John DeVore\oashdihasidhasuidhiasdhiashdiuasdhasd c:\recycler\S-1-5-21-3681305839-2988916622-607333321-1003 c:\windows\Installer\1b07a.msp c:\windows\Installer\278d6.msp c:\windows\Installer\2f887f.msp c:\windows\Installer\42457.msp c:\windows\run.log c:\windows\system32\bszip.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ATI64SI -------\Legacy_I386SI -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 ))))))))))))))))))))))))))))))) . 2009-08-10 16:43 . 2009-08-10 16:43 -------- d-----w- C:\B4BDA73C 2009-08-10 12:25 . 2009-08-10 12:25 -------- d-----w- c:\program files\Trend Micro 2009-08-10 11:57 . 2009-08-10 11:57 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys 2009-08-10 11:57 . 2009-08-10 11:57 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys 2009-08-10 11:57 . 2009-08-10 11:57 -------- d-----w- c:\program files\Prevx 2009-08-10 11:57 . 2009-08-10 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-08-07 18:11 . 2009-08-07 18:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-07 16:20 . 2009-08-07 16:21 -------- d-----w- c:\program files\Tsrend Micro 2009-08-07 14:08 . 2009-08-07 14:08 -------- d--h--w- c:\windows\PIF 2009-08-07 12:11 . 2009-08-07 12:11 -------- d-----w- c:\documents and settings\John DeVore\DoctorWeb 2009-08-06 22:06 . 2009-08-06 22:06 -------- d-----w- c:\documents and settings\John DeVore\Application Data\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-07 18:09 . 2009-05-11 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-30 01:02 . 2009-02-13 19:12 4713 ------w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys 2009-07-15 13:24 . 2007-04-14 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-07-12 23:58 . 2009-04-14 16:26 865544 ------w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe 2009-07-12 23:58 . 2009-04-14 16:26 38664 ------w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe 2009-06-29 16:12 . 2005-05-13 02:44 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2005-05-13 02:43 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2005-05-13 02:43 17408 ------w- c:\windows\system32\corpol.dll 2009-06-29 13:50 . 2009-06-29 13:50 -------- d-----w- c:\program files\7-Zip 2009-06-16 14:36 . 2005-05-13 02:44 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2005-05-13 02:43 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-03 19:09 . 2005-05-13 02:43 1291264 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Auto EPSON Stylus CX4200 Series on DEVORE-D8O3J6BN"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304] "Auto EPSON Stylus CX4200 Series on DLAWG-OFFICE"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248] "TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-03-08 24576] "SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 65536] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-07 155648] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301] "Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 28672] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024] "HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672] "EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512] "ZoomingHook"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2004-05-01 24576] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-12-28 270336] "TFncKy"="TFncKy.exe" [bU] "TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-04-20 28672] "NDSTray.exe"="NDSTray.exe" [bU] "Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-04-12 88358] c:\documents and settings\John DeVore\Start Menu\Programs\Startup\ Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2009-4-17 12438896] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-3-12 984352] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-8-18 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-10-15 19:27 110592 ------w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^John DeVore^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WZCSVCERSvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\palmOne\\Hotsync.exe"= "c:\\Program Files\\VectorWorks 12.0.0\\VectorWorks.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"= R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [8/10/2009 7:57 AM 22024] R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [8/10/2009 7:57 AM 27656] S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [8/10/2009 7:57 AM 4368952] S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB19 [?] . Contents of the 'Scheduled Tasks' folder 2006-03-31 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21134434789.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe HKCU-Run-AV Care - c:\program files\AV Care\AvCare.exe HKLM-Run-Zone Labs Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe HKLM-Run-net - c:\windows\system32\net.net HKLM-Run-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://devoreslandandwater.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll FF - ProfilePath - c:\documents and settings\John DeVore\Application Data\Mozilla\Firefox\Profiles\elh2j8eg.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.devoreslandandwater.com FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-10 09:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(332) c:\windows\system32\WININET.dll c:\program files\Logitech\MouseWare\System\LgWndHk.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\windows\system32\ati2evxx.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\windows\system32\drivers\CDANTSRV.EXE c:\program files\Toshiba\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\McAfee\MSK\msksrver.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Toshiba\ConfigFree\NDSTray.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\windows\system32\TPSBattM.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE c:\program files\Apoint2K\ApntEx.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-10 9:32 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-10 13:32 Pre-Run: 31,668,396,032 bytes free Post-Run: 31,810,174,976 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 222 --- E O F --- 2009-08-07 20:08
  12. I have recently been infected with AVCare, which i was able to remove. At least the visible signs. Malwarebytes, hijackthis, combofix and superantispyware will not run. i have run every other program i know of (RootRepeal, combofix, dr. web, AVIRA rescue cd, Secured2k's BootCD, etc). Thanks in advance for your help!
  13. I believe i am dealing with the (CLB Rootkit-WinNT.Alureon), TDSS/Seneka/GAOPDX/UAC/ovfst/kungsf/SKYNET/MSIVX/hjgrui/wzszx as described in the sticky, but i have been unable to use root repeal to do a scan of files. Please help!
  14. i was finally able to locate and delete some UAC files associated with tr/tdss.waf, tr/tdss.wae, and tr/alureon.cd. i then ran rootrepeal. following is the log. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/07 13:34 Program Version: Version 1.3.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xEE716000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7A19000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB81B9000 Size: 49152 File Visible: No Signed: - Status: - Name: win32k.sys:1 Image Path: C:\WINDOWS\win32k.sys:1 Address: 0xF78E3000 Size: 20480 File Visible: No Signed: - Status: - Name: win32k.sys:2 Image Path: C:\WINDOWS\win32k.sys:2 Address: 0xEE88F000 Size: 61440 File Visible: No Signed: - Status: - Hidden Services ------------------- Service Name: UACd.sys Image Path: C:\WINDOWS\system32\drivers\UACyroruyabdw.sys ==EOF== When I tried to scan for files, rootrepeal would crash every time when it came to $hf_mig$.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.