Jump to content

Wanton86

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I must have forgotten to update, because I just did a scan and no detections!
  2. Here is the attached file. EVGA_Precision_Setup_204.zip
  3. Hi, I'm still getting a FP. Files Detected: 1 C:\Users\Wanton\Downloads\EVGA_Precision_Setup_204.exe (Trojan.Magania) -> No action taken. (end) Thanks
  4. I just performed a scan this morning and a "trojan" was found Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wanton :: ARMORY [administrator] Protection: Enabled 12/6/2012 1:28:32 AM mbam-log-2012-12-06 (07-06-57).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 698691 Time elapsed: 1 hour(s), 19 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Precision (Trojan.Magania) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Program Files (x86)\EVGA Precision\Uninstall.exe (Trojan.Magania) -> No action taken. C:\Users\Wanton\Downloads\EVGA_Precision_Setup_204.exe (Trojan.Magania) -> No action taken. (end) These files are part of EVGA's software for overclocking: http://www.evga.com/precision/ Can anyone verify that these are false positives? Or did these files just somehow get infected? Thanks
  5. MBAM found these "Trojan.backdoor" for me today as well on both of my computers during the scan: C:\Program Files (x86)\HP\Digital Imaging\Help\player\FlashPla.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Backdoor) Can anyone confirm that this is a FP?
  6. Looks like I'm OK. Thanks for your help Sir.
  7. Understood - uTorrent has been uninstalled. I figured that one of the scans you had me do would have picked it up. I do not have anything else installed. Also, my laptop is brand new from Asus, and does not have anything installed on it aside from the OS and drivers. Aside from this, did anything else in my logs look suspicious to you? Thanks
  8. ComboFix 11-09-12.04 - Wanton 09/13/2011 11:22:56.2.8 - x64 MINIMAL Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.4532 [GMT -6:00] Running from: c:\users\Wanton\Desktop\sega.com.exe Command switches used :: /killall AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 ))))))))))))))))))))))))))))))) . . 2011-09-13 17:28 . 2011-09-13 17:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-09-13 17:28 . 2011-09-13 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-12 22:51 . 2011-09-13 06:45 -------- d-----w- c:\program files\MyDefrag v4.3.1 2011-09-12 22:51 . 2010-05-21 18:11 485376 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr 2011-09-12 22:51 . 2010-05-21 18:11 1147392 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe 2011-09-11 01:38 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E10CEBB4-F429-48D4-B2B9-5074036FAED7}\mpengine.dll 2011-09-03 02:13 . 2011-09-03 02:13 119808 ----a-r- c:\users\Wanton\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2011-08-27 00:47 . 2011-08-27 00:47 -------- d-----w- c:\users\Wanton\AppData\Local\Warner Bros. Interactive Entertainment 2011-08-23 21:22 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-23 21:22 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-15 05:47 . 2011-08-15 05:47 -------- d-----w- C:\Temp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-23 21:19 . 2011-07-29 05:23 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-03 11:50 . 2011-08-10 10:22 7254632 ----a-w- c:\windows\system32\nvcuda.dll 2011-08-03 11:50 . 2011-08-10 10:22 67176 ----a-w- c:\windows\system32\OpenCL.dll 2011-08-03 11:50 . 2011-08-10 10:22 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-08-03 11:50 . 2011-08-10 10:22 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll 2011-08-03 11:50 . 2011-08-10 10:22 2532456 ----a-w- c:\windows\system32\nvcuvid.dll 2011-08-03 11:50 . 2011-08-10 10:22 24692840 ----a-w- c:\windows\system32\nvcompiler.dll 2011-08-03 11:50 . 2011-08-10 10:22 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2011-08-03 11:50 . 2011-08-10 10:22 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-08-03 11:50 . 2011-08-10 10:22 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2011-08-03 11:50 . 2011-08-10 10:22 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2011-08-03 11:50 . 2011-08-10 10:22 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2011-08-03 11:50 . 2011-08-10 10:22 1519720 ----a-w- c:\windows\system32\nvdispco64.dll 2011-08-03 11:50 . 2011-08-10 10:22 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll 2011-08-03 11:50 . 2011-08-10 10:22 1453160 ----a-w- c:\windows\system32\nvgenco64.dll 2011-08-03 11:50 . 2011-08-10 10:22 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-08-03 11:50 . 2011-08-10 10:22 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-08-03 11:50 . 2011-05-04 06:10 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-08-03 11:50 . 2011-05-04 06:10 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-08-03 11:50 . 2011-05-04 06:10 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-08-03 11:50 . 2011-05-04 06:10 22470248 ----a-w- c:\windows\system32\nvoglv64.dll 2011-08-03 11:50 . 2011-04-08 06:19 117864 ----a-w- c:\windows\system32\nvmctray.dll 2011-08-03 11:50 . 2011-04-08 06:19 980072 ----a-w- c:\windows\system32\nvvsvc.exe 2011-08-03 11:50 . 2011-04-08 06:19 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll 2011-08-03 11:50 . 2011-04-08 06:19 6136936 ----a-w- c:\windows\system32\nvcpl.dll 2011-08-03 11:50 . 2011-04-08 06:19 3021416 ----a-w- c:\windows\system32\nvsvc64.dll 2011-08-03 11:50 . 2011-04-05 08:41 2758760 ----a-w- c:\windows\system32\nvapi64.dll 2011-08-03 11:50 . 2011-01-08 03:48 61544 ----a-w- c:\windows\system32\nvshext.dll 2011-08-03 10:31 . 2011-08-03 10:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2011-07-31 08:50 . 2011-05-20 08:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-07-22 05:42 . 2011-08-10 09:34 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 05:36 . 2011-08-10 09:34 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 05:32 . 2011-08-10 09:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 02:54 . 2011-08-10 09:34 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-07-22 02:48 . 2011-08-10 09:34 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-07-22 02:44 . 2011-08-10 09:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-16 05:41 . 2011-08-10 07:42 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-16 05:41 . 2011-08-10 07:42 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-16 05:41 . 2011-08-10 07:42 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-16 05:39 . 2011-08-10 07:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-16 05:37 . 2011-08-10 07:42 421888 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 05:21 . 2011-08-10 07:42 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 04:29 . 2011-08-10 07:42 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-16 04:26 . 2011-08-10 07:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-16 04:25 . 2011-08-10 07:42 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-16 04:24 . 2011-08-10 07:42 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-16 04:24 . 2011-08-10 07:42 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll 2011-07-16 04:15 . 2011-08-10 07:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2011-07-16 02:21 . 2011-08-10 07:42 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2011-07-16 02:21 . 2011-08-10 07:42 2048 ----a-w- c:\windows\SysWow64\user.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-09-08_22.58.33 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-16 20:48 . 2011-09-11 01:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2011-04-16 20:48 . 2011-09-06 22:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 04:54 . 2011-09-11 01:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-09-06 22:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-09-11 01:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-09-06 22:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-09-11 01:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-09-06 22:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-04-05 07:09 . 2011-09-13 17:04 77436 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-09-08 06:07 33846 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-09-13 17:04 33846 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-04-05 07:00 . 2011-09-13 17:04 12746 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2929553101-2556816864-305346719-1001_UserData.bin - 2011-04-05 06:54 . 2011-09-08 06:06 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-04-05 06:54 . 2011-09-13 17:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-04-05 06:54 . 2011-09-08 06:06 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-04-05 06:54 . 2011-09-13 17:03 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-09-08 06:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-09-13 17:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-09-08 22:58 . 2011-09-08 22:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-09-13 17:29 . 2011-09-13 17:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2011-09-08 06:12 669048 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-09-13 17:18 669048 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-09-08 06:12 125234 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-09-13 17:18 125234 c:\windows\system32\perfc009.dat - 2009-07-14 05:12 . 2011-09-08 06:06 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2011-09-13 17:03 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:01 . 2011-09-08 22:56 391132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-09-13 17:18 391132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-04-05 08:26 . 2011-09-13 17:18 42354101 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2929553101-2556816864-305346719-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448] "NVIDIA System Monitor"="c:\program files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" [2010-04-05 1228392] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-10-24 210216] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jaureg.exe" [2011-04-08 239336] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 136176] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-05 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-05 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/04/25 16:01];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2010-01-13 06:08 146928] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-11 735960] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 102608] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x] S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x] S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2011-08-31 14440] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x] S3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-08-21 c:\windows\Tasks\Crysis Wars® Updates.job - c:\windows\Installer\Crysis Wars® Updates for All Users.lnk [2011-05-09 07:27] . 2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 05:03] . 2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 05:03] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2716216] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.87.85.102 68.87.69.150 TCP: Interfaces\{2B6BD1E2-71B9-4E97-BE68-62A9101C14B4}: NameServer = 156.154.70.22,156.154.71.22 TCP: Interfaces\{956B3702-F835-47A2-87E7-AE64B7E1FE3B}: NameServer = 156.154.70.22,156.154.71.22 FF - ProfilePath - c:\users\Wanton\AppData\Roaming\Mozilla\Firefox\Profiles\xrk51u63.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig#t_0 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8, 0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70 "{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77, b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c9,9e,fc,b3,a6,0c,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,9d,13,35,97,f5,08,4a,a4,88,d4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,9d,13,35,97,f5,08,4a,a4,88,d4,\ . [HKEY_USERS\S-1-5-21-2929553101-2556816864-305346719-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:5a,e4,bd,69,d7,8f,8a,66,36,37,01,91,04,07,52,74,c0,6d,a8,b7,42,97,d3, 9a,4e,53,b9,11,2c,38,12,c5,96,69,ac,df,ec,77,a8,94,dc,00,a7,5c,62,99,8f,74,\ "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49 . [HKEY_USERS\S-1-5-21-2929553101-2556816864-305346719-1001\Software\SecuROM\License information*] "datasecu"=hex:49,e6,8e,1b,fa,8b,ed,fe,b7,a8,33,fc,08,d2,db,a6,9a,b1,d7,21,2c, 69,fb,44,69,0d,8b,40,2a,4c,27,ee,65,34,83,01,72,43,bb,4f,b9,1b,54,46,42,3b,\ "rkeysecu"=hex:f6,5b,d1,72,b4,ed,fa,9e,80,dc,6f,b3,1c,b7,16,56 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\EVGA Precision\EVGAPrecision.exe c:\program files (x86)\FolderSize\FolderSizeSvc.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\SysWOW64\rundll32.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe c:\program files (x86)\Windows Media Player\wmplayer.exe c:\windows\SysWOW64\Ctxfihlp.exe c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe c:\program files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe c:\windows\SysWOW64\CTXFISPI.EXE c:\program files (x86)\Common Files\Steam\SteamService.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2011-09-13 11:32:54 - machine was rebooted ComboFix-quarantined-files.txt 2011-09-13 17:32 ComboFix2.txt 2011-09-08 23:02 . Pre-Run: 124,880,834,560 bytes free Post-Run: 124,777,439,232 bytes free . - - End Of File - - 38743ACB89B00343D5DE5D34ECD13F6C -------------------------------------------------------------------------------------------------------------------------- ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK -------------------------------------------------------------------------------------------------------------------------- Results of screen317's Security Check version 0.99.18 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 26 Adobe Flash Player 10.3.183.5 Adobe Reader X (10.1.0) Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe ``````````End of Log```````````` ------------------------------------------------------- As far as how things are running, I'm still getting occasional IP blocks from the netherlands. Strange thing is that my brand new laptop (protected with ESET AV + Firewall, MBAM Pro, Spybot snd) is getting IP blocks from China now. Mostly incoming, I think a single instance of outgoing with SVChost.exe. They are either from SVChost.exe or when browsing the internet with firefox. I don't go to sites I don't know, or weird sites. I haven't really been using my PC lately due to my fear of a security breach. I'm not sure if I'm safe on either system with the IP blocks. I probably should have stated this earlier, but the IP blocks on my PC are much more prevalent while torrents are running, which I expected. However when uTorrent is shut down I still get the attacks.
  9. I kept getting a NIRKMD not found during the combofix run. Nevertheless, here are the logs requested. ComboFix 11-09-08.03 - Wanton 09/08/2011 16:48:07.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.4091 [GMT -6:00] Running from: c:\users\Wanton\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Wanton\AppData\Local\ApplicationHistory c:\users\Wanton\AppData\Local\ApplicationHistory\Comrade.exe.cb24ae8d.ini c:\users\Wanton\AppData\Local\ApplicationHistory\csc.exe.3e4ac0af.ini c:\windows\SysWow64\mfc100deu.dll . . ((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 ))))))))))))))))))))))))))))))) . . 2011-09-08 22:56 . 2011-09-08 22:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-09-08 22:56 . 2011-09-08 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-06 16:08 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0172C262-2785-4F8A-8BB6-D7560B6841BA}\mpengine.dll 2011-09-03 02:13 . 2011-09-03 02:13 119808 ----a-r- c:\users\Wanton\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2011-08-27 00:47 . 2011-08-27 00:47 -------- d-----w- c:\users\Wanton\AppData\Local\Warner Bros. Interactive Entertainment 2011-08-23 21:22 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-23 21:22 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-15 05:47 . 2011-08-15 05:47 -------- d-----w- C:\Temp 2011-08-10 09:34 . 2011-08-10 09:34 -------- d-sh--w- c:\windows\system32\%APPDATA% 2011-08-10 09:27 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 09:27 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-08-10 09:27 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-08-10 07:09 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-08-10 06:06 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll 2011-08-10 06:06 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll 2011-08-10 06:06 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll 2011-08-10 06:06 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll 2011-08-10 06:06 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 06:06 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll 2011-08-10 06:06 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll 2011-08-10 06:06 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll 2011-08-10 06:06 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll 2011-08-10 06:06 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll 2011-08-10 06:06 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 05:03 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-23 21:19 . 2011-07-29 05:23 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-03 11:50 . 2011-05-04 06:10 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-08-03 11:50 . 2011-05-04 06:10 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-08-03 11:50 . 2011-05-04 06:10 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-08-03 11:50 . 2011-05-04 06:10 22470248 ----a-w- c:\windows\system32\nvoglv64.dll 2011-08-03 11:50 . 2011-04-08 06:19 117864 ----a-w- c:\windows\system32\nvmctray.dll 2011-08-03 11:50 . 2011-04-08 06:19 980072 ----a-w- c:\windows\system32\nvvsvc.exe 2011-08-03 11:50 . 2011-04-08 06:19 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll 2011-08-03 11:50 . 2011-04-08 06:19 6136936 ----a-w- c:\windows\system32\nvcpl.dll 2011-08-03 11:50 . 2011-04-08 06:19 3021416 ----a-w- c:\windows\system32\nvsvc64.dll 2011-08-03 11:50 . 2011-04-05 08:41 2758760 ----a-w- c:\windows\system32\nvapi64.dll 2011-08-03 11:50 . 2011-01-08 03:48 61544 ----a-w- c:\windows\system32\nvshext.dll 2011-08-03 10:31 . 2011-08-03 10:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2011-07-31 08:50 . 2011-05-20 08:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-07-16 04:26 . 2011-08-10 07:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-12 18:34 . 2011-07-12 18:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 18:34 . 2011-07-12 18:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 18:34 . 2011-07-12 18:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 18:34 . 2011-07-12 18:34 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-07-07 02:52 . 2011-04-05 08:53 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-07 02:52 . 2011-04-05 08:53 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-30 08:38 . 2011-01-07 00:37 92688 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-06-30 08:38 . 2011-01-07 00:37 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-06-30 08:38 . 2011-01-07 00:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-06-30 08:38 . 2011-01-07 00:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-06-30 08:37 . 2010-12-29 08:42 285256 ----a-w- c:\windows\SysWow64\guard32.dll 2011-06-30 08:37 . 2010-12-29 08:42 363560 ----a-w- c:\windows\system32\guard64.dll 2011-06-28 18:38 . 2011-06-28 18:38 0 ---ha-w- c:\users\Wanton\AppData\Local\BIT534B.tmp 2011-06-11 08:58 . 2011-06-11 08:58 81744 ----a-w- c:\windows\SysWow64\mfcm100u.dll 2011-06-11 08:58 . 2011-06-11 08:58 81744 ----a-w- c:\windows\SysWow64\mfcm100.dll 2011-06-11 08:58 . 2011-06-11 08:58 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll 2011-06-11 08:58 . 2011-06-11 08:58 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll 2011-06-11 08:58 . 2011-06-11 08:58 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll 2011-06-11 08:58 . 2011-06-11 08:58 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll 2011-06-11 08:58 . 2011-06-11 08:58 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll 2011-06-11 08:58 . 2011-06-11 08:58 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll 2011-06-11 08:58 . 2011-06-11 08:58 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll 2011-06-11 08:58 . 2011-06-11 08:58 4422992 ----a-w- c:\windows\SysWow64\mfc100u.dll 2011-06-11 08:58 . 2011-06-11 08:58 4397384 ----a-w- c:\windows\SysWow64\mfc100.dll 2011-06-11 08:58 . 2011-06-11 08:58 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll 2011-06-11 08:58 . 2011-06-11 08:58 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll 2011-06-11 08:58 . 2011-06-11 08:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2011-06-11 08:58 . 2011-06-11 08:58 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll 2011-06-11 08:58 . 2011-06-11 08:58 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll 2011-06-11 08:58 . 2011-06-11 08:58 138056 ----a-w- c:\windows\SysWow64\atl100.dll 2011-06-11 06:10 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-06-11 03:07 . 2011-07-13 06:51 3137536 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448] "NVIDIA System Monitor"="c:\program files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" [2010-04-05 1228392] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-10-24 210216] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jaureg.exe" [2011-04-08 239336] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 136176] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-05 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-05 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/04/25 16:01];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2010-01-13 06:08 146928] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-11 735960] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 102608] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [x] S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x] S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2011-08-31 14440] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] S3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-08-21 c:\windows\Tasks\Crysis Wars® Updates.job - c:\windows\Installer\Crysis Wars® Updates for All Users.lnk [2011-05-09 07:27] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 05:03] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-07 05:03] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2716216] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.87.85.102 68.87.69.150 TCP: Interfaces\{2B6BD1E2-71B9-4E97-BE68-62A9101C14B4}: NameServer = 156.154.70.22,156.154.71.22 TCP: Interfaces\{956B3702-F835-47A2-87E7-AE64B7E1FE3B}: NameServer = 156.154.70.22,156.154.71.22 FF - ProfilePath - c:\users\Wanton\AppData\Roaming\Mozilla\Firefox\Profiles\xrk51u63.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig#t_0 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8, 0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70 "{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77, b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c9,9e,fc,b3,a6,0c,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,9d,13,35,97,f5,08,4a,a4,88,d4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,9d,13,35,97,f5,08,4a,a4,88,d4,\ . [HKEY_USERS\S-1-5-21-2929553101-2556816864-305346719-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:5a,e4,bd,69,d7,8f,8a,66,36,37,01,91,04,07,52,74,c0,6d,a8,b7,42,97,d3, 9a,4e,53,b9,11,2c,38,12,c5,96,69,ac,df,ec,77,a8,94,dc,00,a7,5c,62,99,8f,74,\ "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49 . [HKEY_USERS\S-1-5-21-2929553101-2556816864-305346719-1001\Software\SecuROM\License information*] "datasecu"=hex:49,e6,8e,1b,fa,8b,ed,fe,b7,a8,33,fc,08,d2,db,a6,9a,b1,d7,21,2c, 69,fb,44,69,0d,8b,40,2a,4c,27,ee,65,34,83,01,72,43,bb,4f,b9,1b,54,46,42,3b,\ "rkeysecu"=hex:f6,5b,d1,72,b4,ed,fa,9e,80,dc,6f,b3,1c,b7,16,56 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\FolderSize\FolderSizeSvc.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\EVGA Precision\EVGAPrecision.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2011-09-08 17:02:27 - machine was rebooted ComboFix-quarantined-files.txt 2011-09-08 23:02 . Pre-Run: 118,184,255,488 bytes free Post-Run: 118,262,022,144 bytes free . - - End Of File - - 0EAB1AD5AE738A5CCEAA55FAEFB4DBF5 _____________________________ . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Wanton at 17:06:59 on 2011-09-08 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.4115 [GMT -6:00] . AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\taskhost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\taskeng.exe c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\system32\rundll32.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDClock.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDCountdown.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\taskhost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [NVIDIA System Monitor] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" startup uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab TCP: DhcpNameServer = 68.87.85.102 68.87.69.150 TCP: Interfaces\{2B6BD1E2-71B9-4E97-BE68-62A9101C14B4} : NameServer = 156.154.70.22,156.154.71.22 TCP: Interfaces\{2B6BD1E2-71B9-4E97-BE68-62A9101C14B4} : DhcpNameServer = 68.87.85.102 68.87.69.150 TCP: Interfaces\{956B3702-F835-47A2-87E7-AE64B7E1FE3B} : NameServer = 156.154.70.22,156.154.71.22 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [CTxfiHlp] CTXFIHLP.EXE mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Wanton\AppData\Roaming\Mozilla\Firefox\Profiles\xrk51u63.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig#t_0 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ============= SERVICES / DRIVERS =============== . R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/04/25 16:01:00];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2010-1-13 146928] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-11 735960] R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-4-5 366640] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-9-2 102608] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-5 2255464] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-4-5 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?] R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\system32\Drivers\LGPBTDD.sys --> C:\Windows\system32\Drivers\LGPBTDD.sys [?] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?] R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?] R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-8-31 14440] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] R3 WRfiltv;WRfiltv;C:\Windows\system32\drivers\WRfiltv.sys --> C:\Windows\system32\drivers\WRfiltv.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-6 136176] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-5 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-5 79360] S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-4-15 25832] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-6 136176] S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-09-08 22:58:31 -------- d-----w- C:\$RECYCLE.BIN 2011-09-08 22:45:14 98816 ----a-w- C:\Windows\sed.exe 2011-09-08 22:45:14 518144 ----a-w- C:\Windows\SWREG.exe 2011-09-08 22:45:14 256000 ----a-w- C:\Windows\PEV.exe 2011-09-08 22:45:14 208896 ----a-w- C:\Windows\MBR.exe 2011-09-06 16:08:56 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0172C262-2785-4F8A-8BB6-D7560B6841BA}\mpengine.dll 2011-09-03 02:13:14 119808 ----a-r- C:\Users\Wanton\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2011-08-27 00:47:15 -------- d-----w- C:\Users\Wanton\AppData\Local\Warner Bros. Interactive Entertainment 2011-08-23 21:22:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-08-23 21:22:59 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-08-15 05:47:19 -------- d-----w- C:\Temp 2011-08-10 09:34:46 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2011-08-10 09:27:45 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-08-10 09:27:45 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-08-10 09:27:44 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-08-10 07:09:54 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-08-10 06:06:43 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll 2011-08-10 06:06:43 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll 2011-08-10 06:06:43 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll 2011-08-10 06:06:43 212992 ----a-w- C:\Windows\System32\odbctrac.dll 2011-08-10 06:06:43 163840 ----a-w- C:\Windows\System32\odbccp32.dll 2011-08-10 06:06:43 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 06:06:43 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll 2011-08-10 06:06:43 106496 ----a-w- C:\Windows\System32\odbccu32.dll 2011-08-10 06:06:43 106496 ----a-w- C:\Windows\System32\odbccr32.dll 2011-08-10 06:06:42 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 06:06:42 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll 2011-08-10 05:03:12 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys . ==================== Find3M ==================== . 2011-08-23 21:19:01 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-03 10:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2011-07-31 08:50:19 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll 2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-12 18:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-07-12 18:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-07-12 18:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-07-12 18:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-07-12 18:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-07-12 18:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-07-12 18:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-07-12 18:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-07-07 02:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-06-30 08:38:08 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2011-06-30 08:38:07 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys 2011-06-30 08:38:06 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2011-06-30 08:37:25 285256 ----a-w- C:\Windows\SysWow64\guard32.dll 2011-06-30 08:37:24 363560 ----a-w- C:\Windows\System32\guard64.dll 2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 17:08:20.85 ===============
  10. I want to add that I'm not getting reports of incoming as well as outgoing SVChost.exe blocks. 00:57:09 Wanton IP-BLOCK 83.128.29.155 (Type: outgoing, Port: 57359, Process: svchost.exe) 00:57:09 Wanton IP-BLOCK 83.128.29.155 (Type: outgoing, Port: 57359, Process: svchost.exe) 00:57:09 Wanton IP-BLOCK 83.128.29.155 (Type: incoming, Port: 57359, Process: svchost.exe) 00:57:09 Wanton IP-BLOCK 83.128.29.155 (Type: incoming, Port: 57359, Process: svchost.exe) Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7673 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 9/7/2011 4:54:53 PM mbam-log-2011-09-07 (16-54-53).txt Scan type: Quick scan Objects scanned: 205065 Time elapsed: 5 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ________________ ***The DDS kept getting reported as a malicious item. I assumed it was safe since you asked me to run it. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Wanton at 19:09:55 on 2011-09-07 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.2840 [GMT -6:00] . AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\Dwm.exe c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\system32\rundll32.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-1.00.027\Applets\x86\LCDWebCam.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDClock.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDCountdown.exe C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\explorer.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mWinlogon: Userinit=userinit.exe BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [NVIDIA System Monitor] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe" startup uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab TCP: DhcpNameServer = 68.87.85.102 68.87.69.150 TCP: Interfaces\{2B6BD1E2-71B9-4E97-BE68-62A9101C14B4} : NameServer = 156.154.70.22,156.154.71.22 TCP: Interfaces\{2B6BD1E2-71B9-4E97-BE68-62A9101C14B4} : DhcpNameServer = 68.87.85.102 68.87.69.150 TCP: Interfaces\{956B3702-F835-47A2-87E7-AE64B7E1FE3B} : NameServer = 156.154.70.22,156.154.71.22 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [CTxfiHlp] CTXFIHLP.EXE mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Wanton\AppData\Roaming\Mozilla\Firefox\Profiles\xrk51u63.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig#t_0 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Wanton\AppData\Roaming\Mozilla\Firefox\Profiles\xrk51u63.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: C:\Users\Wanton\AppData\Roaming\Mozilla\Firefox\Profiles\xrk51u63.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/04/25 16:01:00];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2010-1-13 146928] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-11 735960] R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-4-5 366640] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-9-2 102608] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-5 2255464] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-4-5 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?] R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\system32\Drivers\LGPBTDD.sys --> C:\Windows\system32\Drivers\LGPBTDD.sys [?] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?] R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?] R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2011-8-31 14440] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] R3 WRfiltv;WRfiltv;C:\Windows\system32\drivers\WRfiltv.sys --> C:\Windows\system32\drivers\WRfiltv.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-6 136176] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-5 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-5 79360] S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-4-15 25832] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-6 136176] S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-09-06 16:08:56 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0172C262-2785-4F8A-8BB6-D7560B6841BA}\mpengine.dll 2011-09-03 02:13:14 119808 ----a-r- C:\Users\Wanton\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2011-08-27 00:47:15 -------- d-----w- C:\Users\Wanton\AppData\Local\Warner Bros. Interactive Entertainment 2011-08-23 21:22:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-08-23 21:22:59 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-08-15 05:47:19 -------- d-----w- C:\Temp 2011-08-10 09:34:46 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2011-08-10 09:27:45 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-08-10 09:27:45 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-08-10 09:27:44 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-08-10 07:09:54 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-08-10 06:06:43 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll 2011-08-10 06:06:43 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll 2011-08-10 06:06:43 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll 2011-08-10 06:06:43 212992 ----a-w- C:\Windows\System32\odbctrac.dll 2011-08-10 06:06:43 163840 ----a-w- C:\Windows\System32\odbccp32.dll 2011-08-10 06:06:43 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 06:06:43 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll 2011-08-10 06:06:43 106496 ----a-w- C:\Windows\System32\odbccu32.dll 2011-08-10 06:06:43 106496 ----a-w- C:\Windows\System32\odbccr32.dll 2011-08-10 06:06:42 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 06:06:42 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll 2011-08-10 05:03:12 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys . ==================== Find3M ==================== . 2011-08-23 21:19:01 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-03 10:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2011-07-31 08:50:19 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll 2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-12 18:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-07-12 18:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-07-12 18:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-07-12 18:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-07-12 18:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-07-12 18:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-07-12 18:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-07-12 18:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-07-07 02:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-06-30 08:38:08 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2011-06-30 08:38:07 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys 2011-06-30 08:38:06 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2011-06-30 08:37:25 285256 ----a-w- C:\Windows\SysWow64\guard32.dll 2011-06-30 08:37:24 363560 ----a-w- C:\Windows\System32\guard64.dll 2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 19:11:22.47 =============== Attach.zip
  11. I've been using the free version of MBAM until yesterday, when I upgraded to the pro version. I run ESET NOD antivirus + COMODO Firewall, along with MBAM and S&D. MBAM has blocked this specific IP multiple times. I'm not sure if I'm infected, but I want to make sure. The ISP block log is as follows: 16:04:54 Wanton IP-BLOCK 83.128.29.155 (Type: outgoing, Port: 57359, Process: svchost.exe) 16:06:06 Wanton IP-BLOCK 83.128.29.155 (Type: outgoing, Port: 57359, Process: svchost.exe) 16:08:51 Wanton IP-BLOCK 83.128.29.155 (Type: outgoing, Port: 57359, Process: svchost.exe) and so forth. I've done a full scan with MBAM, ESET, and Spybot SnD with no results. Doing a IP lookup shows that its based in the Netherlands. Am I infected? Thanks!
  12. Thanks for the quick response. I believe I was actually browsing the internet at the time of the blocked IP. Anyways, looking up the IP based on the site you gave resulted in a Netherlands base. I'll go ahead and try posting in the removal forums. As far as the mumbo jumbo, I know it's the default response and that you guys are supposed to do it. I've just seen too many times where people don't even read the problem and just slap a copy / pasted response.
  13. I've been using the free version of MBAM until yesterday, when I upgraded to the pro version. I run ESET NOD antivirus + COMODO Firewall, along with MBAM and S&D. I don't believe that I have an infection so mods please DO NOT post the whole mumbo jumbo "If you think you are infected, here are the steps needed to get your computer cleaned...." All I need to know is if the rest of you think I'm infected or not. I don't believe I am, but I want to make sure. The ISP block log is as follows: 16:04:54 Wanton IP-BLOCK 83.128.29.155 (Type: outgoing, Port: 57359, Process: svchost.exe) 16:06:06 Wanton IP-BLOCK 83.128.29.155 (Type: outgoing, Port: 57359, Process: svchost.exe) 16:08:51 Wanton IP-BLOCK 83.128.29.155 (Type: outgoing, Port: 57359, Process: svchost.exe) and so forth. What is this IP? Do I need to make a post on the Removal Forum? If I am I will follow the directions and post in the removal forum. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.