Jump to content

craighat

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

Reputation

0 Neutral
  1. craighat
    I have some new information if anyone can still assist me(sorry for all of the reposts). Whatever is controlling my stuff is doing the same exact things every time, just it goes off at different times(most likely just a pre-written program made to just screw around). It can't actually move my mouse cursor, it can only left/right click and scroll. This ensures me that it is likely not a RAT. Here is what the "program" does every time: It starts out by hitting the spacebar multiple times and pressing 'ctrl + v' to paste whatever I had copied about 12 times, then it tries to bookmark and download whatever webpage I'm on 3-4 times. It then proceeds to type "sol" and then hit backspace 3 times to erase the 'sol', after that I think it presses 'enter' once, and then types "4chan." and continues left/right click for a little while and then stops until another random time.
  2. craighat
    I just restarted my computer, and I'm not sure if this has to do with anything, but the "show hidden files/folders" option was turned on.
  3. craighat
    I went ahead and did all of this, but I am 100% sure that it isn't a hardware issue. They were controlling my actions when I was playing League of Legends yesterday, and I've had they've typed to me with a random notepad that I had clicked on earlier this week. Could it somehow be someone on my home network or something?
  4. craighat
    I just got some most likely very useful information. Whoever it is, is actually able to still control my mouse, etc, w/o me being connected to the internet on my PC.
  5. craighat
    Bad news... Whoever it is just started controlling my mouse again.
  6. craighat
    Are you able to tell from any of these logs if the threat was removed? It's hard for me to tell since I never notice a difference until my keyboard/mouse/etc is being screwed with. Thank you very much for all of your help, and if you feel like I've done pretty much all I can besides formatting, I'm satisfied.
  7. craighat
    Thank you for sharing that TFC tool with me, it actually cleared up about 500mb in temp files, so I'll definitely be using that in the future. As far as the ESET scanner goes, no threats were found. Security Check: Results of screen317's Security Check version 0.99.42 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Prerelease Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` VirusTotal Uploader 2.0 Malwarebytes Anti-Malware version 1.61.0.1400 TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) TuneUp Utilities 2011 JavaFX 2.1.1 Java 6 Update 30 Java 7 Update 5 Adobe Flash Player 10 Flash Player out of Date! Mozilla Firefox (13.0.1) Google Chrome 19.0.1084.56 Google Chrome 20.0.1132.47 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  8. craighat
    Here's the Combofix log: ComboFix 12-07-02.01 - Paul 07/03/2012 16:48:58.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12256.8729 [GMT -4:00] Running from: c:\users\Paul\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\adobe_pdf_icon.ico c:\programdata\Icon_1.ico c:\programdata\icon18.ico c:\users\Paul\AppData\Roaming\RSBuddy_supa sord .ini c:\windows\apppatch\AppLoc.exe c:\windows\apppatch\AppLocA.exe c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\apppatch\unins000.dat c:\windows\apppatch\unins000.exe c:\windows\RazorDOX c:\windows\RazorDOX\RazorDOX.dll c:\windows\SysWow64\logs c:\windows\SysWow64\logs\Game - R3d Logs\2012-02-25_16-11-06_r3dlog.txt c:\windows\SysWow64\setup.ini c:\windows\SysWow64\tmp43EA.tmp c:\windows\SysWow64\tmp8343.tmp c:\windows\SysWow64\tmp8344.tmp c:\windows\SysWow64\tmpC80F.tmp c:\windows\SysWow64\tmpC89D.tmp . . ((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 ))))))))))))))))))))))))))))))) . . 2012-07-03 20:53 . 2012-07-03 20:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-03 20:53 . 2012-07-03 20:53 -------- d-----w- c:\users\UpdatusUser.COCAIN-PC\AppData\Local\temp 2012-07-03 20:53 . 2012-07-03 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-01 20:50 . 2012-07-01 20:51 -------- d-----w- c:\users\Paul\.moparscape4 2012-07-01 17:17 . 2012-07-01 17:17 -------- d-----w- c:\users\Paul\AppData\Local\Zemana 2012-07-01 17:17 . 2012-07-01 17:17 132408 ----a-w- c:\windows\system32\drivers\AntiLog64.sys 2012-07-01 17:17 . 2012-07-01 17:17 -------- dc-h--w- c:\programdata\{455ED70D-6783-4CF7-AEE7-9D8AB17338F0} 2012-07-01 07:03 . 2012-07-01 07:03 -------- d-----w- c:\users\Paul\AppData\Roaming\SUPERAntiSpyware.com 2012-07-01 07:03 . 2012-07-01 07:03 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-07-01 07:03 . 2012-07-01 07:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-30 20:13 . 2012-06-30 21:16 -------- d-----w- c:\programdata\TinyWall 2012-06-30 17:11 . 2012-06-30 17:11 -------- d-----w- C:\_OTL 2012-06-30 15:59 . 2012-06-30 15:59 -------- d-----w- c:\program files (x86)\Trend Micro 2012-06-30 15:29 . 2012-06-30 15:29 -------- d-----w- c:\programdata\CPA_VA 2012-06-30 15:26 . 2012-06-30 21:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-06-30 15:24 . 2012-06-30 21:45 -------- d-----w- c:\programdata\Comodo 2012-06-29 09:06 . 2012-06-29 09:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-29 09:06 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-28 18:10 . 2012-06-28 18:10 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-28 18:10 . 2012-06-28 18:10 -------- d-----w- c:\program files (x86)\Oracle 2012-06-28 18:10 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-06-28 18:09 . 2012-06-28 18:09 -------- d-----w- c:\programdata\McAfee 2012-06-26 08:25 . 2012-06-26 08:25 -------- d-----w- c:\program files\Common Files\Bitdefender 2012-06-23 17:52 . 2012-06-23 17:53 -------- d-----w- c:\users\Paul\AppData\Roaming\iZotope 2012-06-23 17:51 . 2012-06-23 17:51 -------- d-----w- c:\program files (x86)\iZotope 2012-06-23 17:51 . 2012-06-23 17:51 -------- d-----w- c:\program files\Common Files\VST3 2012-06-23 05:31 . 2012-02-10 03:14 6074176 ----a-w- c:\windows\system32\nvcpl.dll 2012-06-23 05:31 . 2012-02-10 03:14 3089728 ----a-w- c:\windows\system32\nvsvc64.dll 2012-06-23 05:31 . 2012-02-10 03:07 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-06-23 05:31 . 2012-02-10 03:07 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-06-23 05:31 . 2012-02-10 03:07 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-06-23 05:31 . 2012-02-10 03:07 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-06-23 05:31 . 2012-02-10 03:05 2497985 ----a-w- c:\windows\system32\nvcoproc.bin 2012-06-23 05:24 . 2012-06-23 05:24 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-06-23 04:57 . 2012-06-23 05:22 -------- d-----w- c:\programdata\NVIDIA 2012-06-20 02:23 . 2012-06-20 02:23 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins 2012-06-19 19:19 . 2012-06-19 19:19 -------- d-----w- c:\program files (x86)\Origin Games 2012-06-19 19:19 . 2012-06-19 19:19 -------- d-----w- c:\users\Paul\AppData\Local\Origin 2012-06-19 19:18 . 2012-06-19 19:18 -------- d-----w- c:\program files (x86)\Origin 2012-06-19 07:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-19 07:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-19 07:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-19 07:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-19 07:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-19 07:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-19 07:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-19 07:30 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 07:30 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-17 05:24 . 2012-06-17 05:24 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-17 05:24 . 2012-06-17 05:24 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-14 02:02 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 02:02 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 02:02 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 02:02 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 02:02 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-14 02:02 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-14 02:02 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-14 02:02 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 02:02 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 02:01 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-14 02:01 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-14 02:01 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 02:01 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 02:01 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 02:01 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-14 02:01 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-14 02:01 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-03 20:40 . 2011-10-07 17:42 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E5CF841-18CA-466A-8373-A120CFFB0E16}\offreg.dll 2012-06-23 01:45 . 2011-05-20 04:02 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-06-23 01:45 . 2011-05-20 04:02 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-06-23 01:45 . 2011-05-20 04:02 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-06-20 02:31 . 2011-05-20 04:02 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-05-04 23:29 . 2011-05-19 23:45 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-28 03:33 . 2012-04-28 03:33 225280 ----atw- c:\users\Paul\AppData\Roaming\Microsoft\AdjMmsVista.dll 2012-04-17 21:18 . 2012-04-17 21:18 140664 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{6CDC43A5-83FD-42F2-A6C1-92BEC6A0698E}\ShortcutUpdater_B4EEAB5A25624B9CB01E300A7199EE30.exe 2012-04-17 21:18 . 2012-04-17 21:18 140664 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{6CDC43A5-83FD-42F2-A6C1-92BEC6A0698E}\ARPPRODUCTICON.exe 2012-04-17 21:16 . 2012-04-17 21:16 136568 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\RazerZoneWebsite_51B2803B39F24EC28AFA6EFC67070FD2.exe 2012-04-17 21:16 . 2012-04-17 21:16 136568 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\NewShortcut2_E032CCCB26C04AAEA5D133D9643D20E8.exe 2012-04-17 21:16 . 2012-04-17 21:16 136568 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\BWConfig_14BFF80D8D994A26B6FD51288576B324.exe 2012-04-17 21:16 . 2012-04-17 21:16 136568 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\ARPPRODUCTICON.exe 2010-08-03 16:11 819200 --sha-w- c:\windows\SysWOW64\xvidcore.dll 2010-08-03 16:11 180224 --sha-w- c:\windows\SysWOW64\xvidvfw.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-05-31 694032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984] "Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232] "Live Update 5"="c:\program files (x86)\MSI\Live Update 5\LU5.exe" [2011-10-11 1833488] "Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] sidebar.lnk - c:\program files (x86)\Windows Sidebar\sidebar.exe [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "Super-Charger"=c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "UpdReg"=c:\windows\UpdReg.EXE . R2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x] R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224] R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] R2 WdiSystemHost32;Diagnostic System Host ;c:\windows\system32\iprtrmgr32.exe [x] R3 ALSysIO;ALSysIO;c:\users\Paul\AppData\Local\Temp\ALSysIO64.sys [x] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176] R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-07-08 2428968] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976] R3 gbxavs;Maschine Midi;c:\windows\system32\Drivers\gbxavs.sys [2010-10-20 353360] R3 gbxusb_svc;Maschine Controller;c:\windows\system32\Drivers\gbxusb.sys [2010-10-20 68688] R3 kx1avs_x64;kx1avs_x64;c:\windows\system32\Drivers\kx1avs_x64.sys [2009-12-07 45136] R3 kx1usb_x64;kx1usb_x64;c:\windows\system32\Drivers\kx1usb_x64.sys [2009-12-07 300624] R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-09-08 28928] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120] R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x] R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-07-12 14136] R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7681v1C0\NTIOLib_X64.sys [2011-01-06 11888] R3 NTIOLib_1_0_8;NTIOLib_1_0_8;c:\progra~1\MSI\MSIWDev\NTIOLib_X64.sys [2011-01-27 11888] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-04-10 50720] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys [2012-07-01 132408] S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-09-16 139512] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776] S2 DJM-900nexus_AutoSetup;DJM-900nexus_AutoSetup;c:\program files (x86)\Pioneer\DJM-900nexus\DJM-900nexus_AutoSetup.exe [2010-12-29 57344] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960] S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-07-09 2932224] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2011-09-16 113768] S3 DJM-900nexusAudio;DJM-900nexus WDM Audio;c:\windows\system32\drivers\DJM-900nexusAudio64.sys [2011-05-23 48768] S3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\Drivers\kx1avs.sys [2010-10-20 353360] S3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\Drivers\kx1usb.sys [2010-10-20 70736] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios64_100507.sys [2010-05-10 33592] S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-11 155752] S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864] S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-05-12 154624] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856] S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 16889306 *NewlyCreated* - 83895251 *NewlyCreated* - NTIOLIB_1_0_1 *Deregistered* - 16889306 *Deregistered* - 83895251 *Deregistered* - NTIOLib_1_0_1 . Contents of the 'Scheduled Tasks' folder . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816576451-940877209-2385228107-1000Core.job - c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 01:20] . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816576451-940877209-2385228107-1000UA.job - c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 01:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-04 6602856] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll Trusted Zone: com\www.msi Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\7ubuurk3.default\ FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20111208&q= FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 4eddbc4300000000000000ff265c9e01 FF - user.js: extensions.BabylonToolbar_i.hardId - 4eddbc4300000000000000ff265c9e01 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:20 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1816576451-940877209-2385228107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1816576451-940877209-2385228107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-03 16:55:39 ComboFix-quarantined-files.txt 2012-07-03 20:55 ComboFix2.txt 2012-06-30 17:48 . Pre-Run: 141,785,038,848 bytes free Post-Run: 141,331,976,192 bytes free . - - End Of File - - F50B745665131A948E8A0E6C8804892A And here's the new DDS log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Paul at 16:59:55 on 2012-07-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12256.8125 [GMT -4:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Pioneer\DJM-900nexus\DJM-900nexus_AutoSetup.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe C:\Program Files (x86)\MSI\Live Update 5\LU5.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\notepad.exe C:\Windows\system32\conhost.exe C:\Windows\system32\java.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2launcher.exe C:\Program Files (x86)\Java\jre7\bin\java.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe" mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\sidebar.lnk - C:\Program Files (x86)\Windows Sidebar\sidebar.exe mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll Trusted Zone: com\www.msi Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{007F96AF-EC69-4BDE-A2A1-C527C3704D9C} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe" mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe mRun-x64: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder mRun-x64: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\7ubuurk3.default\ FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20111208&q= FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 4eddbc4300000000000000ff265c9e01 FF - user.js: extensions.BabylonToolbar_i.hardId - 4eddbc4300000000000000ff265c9e01 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:20:05 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys --> C:\Windows\system32\DRIVERS\avfwot.sys [?] R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 DJM-900nexus_AutoSetup;DJM-900nexus_AutoSetup;C:\Program Files (x86)\Pioneer\DJM-900nexus\DJM-900nexus_AutoSetup.exe [2011-7-20 57344] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-29 654408] R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-4-7 5352960] R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-7-9 2932224] R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys --> C:\Windows\system32\DRIVERS\avfwim.sys [?] R3 DJM-900nexusAudio;DJM-900nexus WDM Audio;C:\Windows\system32\drivers\DJM-900nexusAudio64.sys --> C:\Windows\system32\drivers\DJM-900nexusAudio64.sys [?] R3 kx1avs;Traktor Kontrol X1 Midi;C:\Windows\system32\Drivers\kx1avs.sys --> C:\Windows\system32\Drivers\kx1avs.sys [?] R3 kx1usb_svc;Traktor Kontrol X1;C:\Windows\system32\Drivers\kx1usb.sys --> C:\Windows\system32\Drivers\kx1usb.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [2010-5-10 33592] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2011-5-19 14136] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?] R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-5-31 166576] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856] R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 AntiVirFirewallService;Avira FireWall;"C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [?] S2 AntiVirMailService;Avira Mail Protection;"C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [?] S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224] S2 AntiVirService;Avira Realtime Protection;"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [?] S2 AntiVirWebService;Avira Web Protection;"C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" --> C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944] S2 WdiSystemHost32;Diagnostic System Host ;C:\Windows\system32\iprtrmgr32.exe --> C:\Windows\system32\iprtrmgr32.exe [?] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-5-20 2428968] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-11-2 130976] S3 gbxavs;Maschine Midi;C:\Windows\system32\Drivers\gbxavs.sys --> C:\Windows\system32\Drivers\gbxavs.sys [?] S3 gbxusb_svc;Maschine Controller;C:\Windows\system32\Drivers\gbxusb.sys --> C:\Windows\system32\Drivers\gbxusb.sys [?] S3 kx1avs_x64;kx1avs_x64;C:\Windows\system32\Drivers\kx1avs_x64.sys --> C:\Windows\system32\Drivers\kx1avs_x64.sys [?] S3 kx1usb_x64;kx1usb_x64;C:\Windows\system32\Drivers\kx1usb_x64.sys --> C:\Windows\system32\Drivers\kx1usb_x64.sys [?] S3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120] S3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2011-5-19 14136] S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7681v1C0\NTIOLib_X64.sys [2011-1-6 11888] S3 NTIOLib_1_0_8;NTIOLib_1_0_8;C:\PROGRA~1\MSI\MSIWDev\NTIOLib_X64.sys [2011-1-27 11888] S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-01 20:50:26 -------- d-----w- C:\Users\Paul\.moparscape4 2012-07-01 17:17:58 -------- d-----w- C:\Users\Paul\AppData\Local\Zemana 2012-07-01 17:17:54 -------- dc-h--w- C:\ProgramData\{455ED70D-6783-4CF7-AEE7-9D8AB17338F0} 2012-07-01 07:03:35 -------- d-----w- C:\Users\Paul\AppData\Roaming\SUPERAntiSpyware.com 2012-07-01 07:03:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-07-01 07:03:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-06-30 20:13:49 -------- d-----w- C:\ProgramData\TinyWall 2012-06-30 17:11:24 -------- d-----w- C:\_OTL 2012-06-30 15:59:20 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-06-30 15:29:14 -------- d-----w- C:\ProgramData\CPA_VA 2012-06-30 15:26:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-06-30 15:24:19 -------- d-----w- C:\ProgramData\Comodo 2012-06-29 09:06:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-29 09:06:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-28 18:10:27 -------- d-----w- C:\Program Files (x86)\Oracle 2012-06-28 18:10:07 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-06-26 08:25:34 -------- d-----w- C:\Program Files\Common Files\Bitdefender 2012-06-25 00:50:43 -------- d-----w- C:\Users\Paul\AppData\Local\{15080E72-6D30-4128-809F-E23247D4D088} 2012-06-25 00:50:26 -------- d-----w- C:\Users\Paul\AppData\Local\{23BBD976-9960-4665-B809-98F4A82F4403} 2012-06-23 17:52:52 -------- d-----w- C:\Users\Paul\AppData\Roaming\iZotope 2012-06-23 17:51:32 -------- d-----w- C:\Program Files (x86)\iZotope 2012-06-23 17:51:22 -------- d-----w- C:\Program Files\Common Files\VST3 2012-06-23 05:31:54 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-06-23 05:31:54 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-06-23 05:31:54 6074176 ----a-w- C:\Windows\System32\nvcpl.dll 2012-06-23 05:31:54 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-06-23 05:31:54 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-06-23 05:31:54 2497985 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-06-23 05:31:54 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-06-23 05:24:00 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2012-06-22 07:33:58 -------- d-----w- C:\Users\Paul\AppData\Local\{545F3C72-C14D-4310-95E3-47E5E0F24441} 2012-06-20 02:23:08 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins 2012-06-19 19:19:03 -------- d-----w- C:\Program Files (x86)\Origin Games 2012-06-19 19:19:02 -------- d-----w- C:\Users\Paul\AppData\Local\Origin 2012-06-19 19:18:12 -------- d-----w- C:\Program Files (x86)\Origin 2012-06-19 07:31:02 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-19 07:30:50 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-19 07:30:34 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-19 07:30:34 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-19 06:22:10 -------- d-----w- C:\Users\Paul\AppData\Local\{F6CBE268-6497-45C8-A374-440009C65C62} 2012-06-17 21:03:38 -------- d-----w- C:\Users\Paul\AppData\Local\{E7C7BE11-69BD-4C56-8EFA-B53D927571F4} 2012-06-17 05:24:48 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-17 05:24:48 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-14 03:55:39 -------- d-----w- C:\Users\Paul\AppData\Local\{14DF7E45-2B05-4575-8E41-305643BA1C65} 2012-06-14 03:55:27 -------- d-----w- C:\Users\Paul\AppData\Local\{D3693436-ADE1-40EB-A0FA-4B959E0FC528} 2012-06-14 02:02:11 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-14 02:02:11 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-14 02:02:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-14 02:02:05 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-14 02:02:03 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-14 02:02:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-14 02:02:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-14 02:02:01 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-14 02:02:00 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 02:01:59 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-14 02:01:59 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-14 02:01:55 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-14 02:01:55 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-14 02:01:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-14 02:01:55 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-14 02:01:55 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-14 02:01:54 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-06-23 01:45:58 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-06-23 01:45:58 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-06-23 01:45:48 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-06-20 02:31:13 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2010-08-03 16:11:16 819200 --sha-w- C:\Windows\SysWOW64\xvidcore.dll 2010-08-03 16:11:16 180224 --sha-w- C:\Windows\SysWOW64\xvidvfw.dll . ============= FINISH: 17:00:10.61 ===============
  9. craighat
    The problem is that it happens at such random times, and only lasts a few seconds usually. Sometimes I'm just browsing Youtube, and he'll start scrolling my page and highlighting text(as if the mouse button was held down), I've also had him log me off of my user account once then log me back on. For this reason, it's hard for me to test if it still happens when I'm not connected to the internet, but I'll try and disconnect myself quickly if I notice it happening again to see what happens. I am currently running combofix.
  10. craighat
    I forgot to include this information in my original post, but here is for more information that I'm sure might help in the removal of the virus. I'm also not sure when I exactly got the virus, but I believe it could have been up to a month ago. The only thing that I've been experiencing that tipped me off so that I knew I had a virus is that my mouse/keyboard will randomly start being controlled(this happens at random times, the first time it occured it didn't happen for like a week+ after that, so I assumed it was just my mouse acting weird, this is also the reason I am assuming that it is a RAT, because I thought that was the only type of virus that can actually control your system like that), as well as my firefox attempting to be closed(I don't believe whoever is controling my system has access kill my processes, because he was trying to just click the X, which was stopped by the window which pops up asking if you would like to close all of the tabs or whatever). Nothing else weird has been happening, and as far as I can tell, none of my online accounts for anything have been compromised, but I definitely will be using my laptop for all banking/payments/serious information that I'll be needing to deal with from this point on. *I was typing this as you posted about combofix, so I'm about to read the instructions and then run it.
  11. craighat
    Thank you for your help. Update mbam, here's the log: DDS Log:
  12. craighat
    I would like to go ahead and take the steps of removing the trojan itself. I understand that my PC is likely compromised, but at this time it's just not possible for me to format my system(I need a lot of space to back up necessary files, so I'll have to look into purchasing a large external drive for this). If you are available, please assist me in the removal process of the trojan, and thank you for sharing the information in those 2 links, I found them very helpful.
  13. craighat
    Here are my 2 log files from DDS that I was supposed to post: DDS.txt Attach.txt
  14. craighat
    Over the passed 5 days I have spent several hours each day attempting to remove a RAT from my desktop system, and I've had no luck at all. I've ran SO many scans with multiple different antivirus programs across the board, and none of them end up finding anything. I've also checked my registry/msconfig to see what is run on startup, and I can't find anything suspicious. I'm also looking through my processes in task manager and looking at the file paths for the processes and I don't see anything suspicious there either. I'm normally pretty knowledgable and able to remove viruses pretty easily, but this one is just kicking my butt right now, I jsut have no idea how to get rid of it because I can't even find anything suspicious in my %appdata% folder or anything, and no scans from anything that I'm running is picking the virus up. List of scans that I've ran within the passed 24 hours: Spybot S&D Malwarebytes (Full scan) Microsoft Sec. Essentials (Full scan) TDSSKiller (Malware removal by Kaspersky) SuperAntiSpyware (Full scan) ...and none of them were able to find anything important. PLEASE help me remove this virus. I know formatting my system would be the safest way, but at this time I just can't afford to do that because I have no way of backing up my files.
  15. craighat
    I just got done removing a virus from my desktop system, and I was instructed by a specialist to run Combofix during the removal process. After I ran combofix, I restarted my desktop, but now I can't connect to any webpages, skype, etc, even though it says I'm connected to the internet in the bottom right hand corner. I'm also connected to the internet right now on my laptop, which is how I am posting this. I already tried unplugging my router/modem and let them unplugged for a minute or 2, then plugged it back in and nothing changed. I made sure that my IP/DNS was set to obtain automatically. I tried to do 'ipconfig /release' and 'ipconfig /renew' in cmd, and still nothing changed. I also tried to use the "winsockfix" that I've been seeing a lot about when searching this on google. I checked my hosts file, and it is blank. Please help me!! I've been trying to fix this for 3 hours now and no luck. Combofix log: http://pastebin.com/7qfVrTYk Thank you for the help
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.