PeterLuu

Members
  • Content count

    38
  • Joined

  • Last visited

About PeterLuu

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Hey thank you very much Gringo for walking me through the whole process. I really appreciate it!~ Take care until next time!
  2. Okay it actually finished sooner than I thought and many threats were found C:\Qoobox\Quarantine\C\Users\Phillip\AppData\Local\Akamai\AIM\urbhy.dll.vir Win32/Kryptik.AUUF.Gen trojan C:\TDSSKiller_Quarantine\23.02.2013_01.06.04\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\23.02.2013_01.06.04\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan C:\TDSSKiller_Quarantine\23.02.2013_01.06.04\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.SV trojan C:\TDSSKiller_Quarantine\23.02.2013_01.06.04\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan C:\TDSSKiller_Quarantine\23.02.2013_01.06.04\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\23.02.2013_01.06.04\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan C:\Users\Phillip\Downloads\AdLcok_downloader_by_AdLcok.exe a variant of Win32/Somoto.A application E:\Program Files\FreeApps\FreeApps.exe probably a variant of Win32/FreeNew application E:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe Win32/SpeedUpMyPC application E:\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe Win32/SpeedUpMyPC application E:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application E:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application E:\Program Files\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy application E:\Program Files\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe a variant of Win32/Toolbar.Zugo application E:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP285\A0056014.exe Win32/SpeedUpMyPC application E:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0061642.rbf Win32/RegistryBooster application E:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0061643.rbf Win32/RegistryBooster application E:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0061644.rbf Win32/RegistryBooster application E:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0061645.rbf Win32/RegistryBooster application E:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0061646.rbf Win32/RegistryBooster application E:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0061647.rbf Win32/RegistryBooster application E:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0062106.rbf Win32/RegistryBooster application
  3. Hi sorry Gringo I've been busy during the weekend so I didn't have the time to get to this. I'm currently in the process of scanning the ESET and its taking quite some time. It's been 2 hours and the scan is only 50% complete so I will post the report tomorrow morning thanks for checking up on me.
  4. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.23.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Phillip :: PHILLIP-PC [administrator] 2/23/2013 4:32:53 PM mbam-log-2013-02-23 (16-32-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209235 Time elapsed: 1 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:36:04 PM, on 2/23/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Program Files (x86)\Ares\Ares.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe C:\Users\Phillip\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent O4 - HKLM\..\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent O4 - HKLM\..\Run: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Phillip\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - Startup: Dropbox.lnk = C:\Users\Phillip\AppData\Roaming\Dropbox\bin\Dropbox.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 10381 bytes
  5. My computer appears fine after running the script. ComboFix 13-02-23.01 - Phillip 02/23/2013 13:01:13.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6310 [GMT -8:00] Running from: c:\users\Phillip\Desktop\ComboFix.exe Command switches used :: c:\users\Phillip\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-01-23 to 2013-02-23 ))))))))))))))))))))))))))))))) . . 2013-02-23 21:08 . 2013-02-23 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-23 09:14 . 2013-02-23 09:14 -------- d-----w- C:\TDSSKiller_Quarantine 2013-02-22 22:03 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D988BDB6-06B8-4351-AA6A-8B43827536C6}\mpengine.dll 2013-02-21 18:14 . 2013-02-21 18:14 -------- d-----w- c:\programdata\ATI 2013-02-21 18:14 . 2013-02-21 18:14 -------- d-----w- c:\program files (x86)\AMD AVT 2013-02-21 18:13 . 2013-02-21 18:13 -------- d-----w- c:\program files (x86)\AMD APP 2013-02-14 08:11 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 08:11 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 23:19 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 23:19 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 23:19 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-13 23:19 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 23:19 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 23:19 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-13 23:19 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-13 23:19 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-13 23:19 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-13 23:19 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 23:18 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 23:18 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-02 02:29 . 2013-02-02 02:29 -------- d-----w- c:\program files\iPod 2013-02-02 02:29 . 2013-02-02 02:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-02-02 02:29 . 2013-02-02 02:30 -------- d-----w- c:\program files\iTunes 2013-02-02 02:29 . 2013-02-02 02:30 -------- d-----w- c:\program files (x86)\iTunes 2013-02-02 02:14 . 2013-02-02 02:14 -------- d-----w- c:\users\Phillip\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-17 21:31 . 2011-12-04 00:55 1682 --sha-w- c:\programdata\KGyGaAvL.sys 2013-02-14 08:14 . 2012-07-08 19:32 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-02-08 01:37 . 2012-04-09 08:03 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-08 01:37 . 2011-11-27 03:25 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-17 09:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-04 04:43 . 2013-02-13 23:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-19 23:45 . 2012-12-19 23:45 222720 ----a-w- c:\windows\system32\clinfo.exe 2012-12-19 23:44 . 2012-12-19 23:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-12-19 23:44 . 2012-12-19 23:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-12-19 23:44 . 2012-12-19 23:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll 2012-12-19 23:44 . 2012-12-19 23:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-12-19 23:44 . 2012-12-19 23:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll 2012-12-19 23:38 . 2012-12-19 23:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-12-19 23:34 . 2012-12-19 23:34 54784 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-19 23:34 . 2012-12-19 23:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-12-19 20:50 . 2011-10-26 01:35 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll 2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll 2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll 2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-12-19 20:09 . 2011-10-26 02:05 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-12-19 20:08 . 2011-10-26 02:04 1151488 ----a-w- c:\windows\system32\aticfx64.dll 2012-12-19 20:06 . 2012-04-06 02:13 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-12-19 19:59 . 2011-10-26 01:43 5087744 ----a-w- c:\windows\system32\atiumd6a.dll 2012-12-19 19:57 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe 2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe 2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-12-19 19:49 . 2011-10-26 01:46 7370752 ----a-w- c:\windows\system32\atidxx64.dll 2012-12-19 19:44 . 2011-10-26 01:32 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-12-19 19:44 . 2011-10-26 01:29 6786560 ----a-w- c:\windows\system32\atiumd64.dll 2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-12-19 19:33 . 2011-10-26 01:22 619008 ----a-w- c:\windows\system32\atiadlxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-12-19 19:31 . 2011-10-26 01:21 130048 ----a-w- c:\windows\system32\atiuxp64.dll 2012-12-19 19:31 . 2012-04-06 01:09 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-12-19 19:31 . 2011-10-26 01:21 104448 ----a-w- c:\windows\system32\atiu9p64.dll 2012-12-19 19:30 . 2011-10-26 01:20 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-12-16 17:11 . 2012-12-21 08:13 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 08:13 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 08:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 08:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-15 00:49 . 2012-06-26 05:41 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 13:20 . 2013-01-09 02:44 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 02:44 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 02:44 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 02:44 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 02:44 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 02:44 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 02:44 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 02:44 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 02:44 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 02:44 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 02:44 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 02:44 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 02:44 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 02:44 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 02:44 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 02:44 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 02:44 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-09 02:44 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 02:44 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-09 02:44 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-09 02:44 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 02:44 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 02:44 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-09 02:44 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 02:44 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 02:44 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-09 02:44 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-09 02:44 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-09 02:44 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-09 02:44 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-09 02:44 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 10:46 . 2013-01-09 02:44 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2012-12-05 01:58 . 2012-12-05 01:58 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-05 01:58 . 2012-12-05 01:58 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-05 01:58 . 2012-12-05 01:58 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-30 05:45 . 2013-01-09 02:43 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-11-30 05:45 . 2013-01-09 02:43 243200 ----a-w- c:\windows\system32\wow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-27 39408] "ares"="c:\program files (x86)\Ares\Ares.exe" [2010-10-27 1015808] "Akamai NetSession Interface"="c:\users\Phillip\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-25 3093624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416] "Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608] "Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] . c:\users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Phillip\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys [2009-04-16 25088] . . Contents of the 'Scheduled Tasks' folder . 2013-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:37] . 2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 03:25] . 2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 03:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-04 11464296] "MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://comcast.net/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\y4c32l2d.default\ . - - - - ORPHANS REMOVED - - - - . SafeBoot-84163291.sys SafeBoot-97461266.sys . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-23 13:10:38 ComboFix-quarantined-files.txt 2013-02-23 21:10 ComboFix2.txt 2013-02-23 08:28 ComboFix3.txt 2011-04-29 18:30 ComboFix4.txt 2011-04-29 05:02 . Pre-Run: 875,320,340,480 bytes free Post-Run: 874,900,946,944 bytes free . - - End Of File - - 4A1788E711738DE7FFB89CBF02A2A51A
  6. Seems to be clear of it now after the 2nd scan Malwarebytes Anti-Rootkit BETA 1.01.0.1020 www.malwarebytes.org Database version: v2013.02.23.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Phillip :: PHILLIP-PC [administrator] 2/23/2013 1:35:43 AM mbar-log-2013-02-23 (01-35-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30113 Time elapsed: 9 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end) TDSSKiller.2.8.16.0_23.02.2013_00.51.38_log.txt TDSSKiller.2.8.16.0_23.02.2013_01.06.03_log.txt TDSSKiller.2.8.16.0_23.02.2013_01.17.22_log.txt
  7. ComboFix 13-02-23.01 - Phillip 02/23/2013 0:18.2.4 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6964 [GMT -8:00] Running from: c:\users\Phillip\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\2E8B4FC072.sys c:\users\Phillip\AppData\Local\Akamai\AIM\urbhy.dll c:\users\Phillip\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2013-01-23 to 2013-02-23 ))))))))))))))))))))))))))))))) . . 2013-02-22 22:03 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D988BDB6-06B8-4351-AA6A-8B43827536C6}\mpengine.dll 2013-02-21 18:14 . 2013-02-21 18:14 -------- d-----w- c:\programdata\ATI 2013-02-21 18:14 . 2013-02-21 18:14 -------- d-----w- c:\program files (x86)\AMD AVT 2013-02-21 18:13 . 2013-02-21 18:13 -------- d-----w- c:\program files (x86)\AMD APP 2013-02-14 08:11 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 08:11 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 23:19 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 23:19 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 23:19 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-13 23:19 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 23:19 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 23:19 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-13 23:19 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-13 23:19 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-13 23:19 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-13 23:19 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 23:18 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 23:18 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-02 02:29 . 2013-02-02 02:29 -------- d-----w- c:\program files\iPod 2013-02-02 02:29 . 2013-02-02 02:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-02-02 02:29 . 2013-02-02 02:30 -------- d-----w- c:\program files\iTunes 2013-02-02 02:29 . 2013-02-02 02:30 -------- d-----w- c:\program files (x86)\iTunes 2013-02-02 02:14 . 2013-02-02 02:14 -------- d-----w- c:\users\Phillip\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-17 21:31 . 2011-12-04 00:55 1682 --sha-w- c:\programdata\KGyGaAvL.sys 2013-02-14 08:14 . 2012-07-08 19:32 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-02-08 01:37 . 2012-04-09 08:03 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-08 01:37 . 2011-11-27 03:25 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-17 09:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-04 04:43 . 2013-02-13 23:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-19 23:45 . 2012-12-19 23:45 222720 ----a-w- c:\windows\system32\clinfo.exe 2012-12-19 23:44 . 2012-12-19 23:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-12-19 23:44 . 2012-12-19 23:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-12-19 23:44 . 2012-12-19 23:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll 2012-12-19 23:44 . 2012-12-19 23:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-12-19 23:44 . 2012-12-19 23:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll 2012-12-19 23:38 . 2012-12-19 23:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-12-19 23:34 . 2012-12-19 23:34 54784 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-19 23:34 . 2012-12-19 23:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-12-19 20:50 . 2011-10-26 01:35 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll 2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll 2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll 2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-12-19 20:09 . 2011-10-26 02:05 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-12-19 20:08 . 2011-10-26 02:04 1151488 ----a-w- c:\windows\system32\aticfx64.dll 2012-12-19 20:06 . 2012-04-06 02:13 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-12-19 19:59 . 2011-10-26 01:43 5087744 ----a-w- c:\windows\system32\atiumd6a.dll 2012-12-19 19:57 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe 2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe 2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-12-19 19:49 . 2011-10-26 01:46 7370752 ----a-w- c:\windows\system32\atidxx64.dll 2012-12-19 19:44 . 2011-10-26 01:32 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-12-19 19:44 . 2011-10-26 01:29 6786560 ----a-w- c:\windows\system32\atiumd64.dll 2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-12-19 19:33 . 2011-10-26 01:22 619008 ----a-w- c:\windows\system32\atiadlxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-12-19 19:31 . 2011-10-26 01:21 130048 ----a-w- c:\windows\system32\atiuxp64.dll 2012-12-19 19:31 . 2012-04-06 01:09 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-12-19 19:31 . 2011-10-26 01:21 104448 ----a-w- c:\windows\system32\atiu9p64.dll 2012-12-19 19:30 . 2011-10-26 01:20 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-12-16 17:11 . 2012-12-21 08:13 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 08:13 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 08:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 08:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-15 00:49 . 2012-06-26 05:41 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 13:20 . 2013-01-09 02:44 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 02:44 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 02:44 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 02:44 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 02:44 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 02:44 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 02:44 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 02:44 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 02:44 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 02:44 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 02:44 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 02:44 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 02:44 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 02:44 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 02:44 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 02:44 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 02:44 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-09 02:44 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 02:44 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-09 02:44 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-09 02:44 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 02:44 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 02:44 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-09 02:44 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 02:44 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 02:44 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-09 02:44 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-09 02:44 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-09 02:44 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-09 02:44 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-09 02:44 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 10:46 . 2013-01-09 02:44 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2012-12-05 01:58 . 2012-12-05 01:58 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-05 01:58 . 2012-12-05 01:58 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-05 01:58 . 2012-12-05 01:58 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-30 05:45 . 2013-01-09 02:43 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-11-30 05:45 . 2013-01-09 02:43 243200 ----a-w- c:\windows\system32\wow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-27 39408] "ares"="c:\program files (x86)\Ares\Ares.exe" [2010-10-27 1015808] "Akamai NetSession Interface"="c:\users\Phillip\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-25 3093624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416] "Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608] "Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] . c:\users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Phillip\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys [2009-04-16 25088] . . Contents of the 'Scheduled Tasks' folder . 2013-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 01:37] . 2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 03:25] . 2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-27 03:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-04 11464296] "MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://comcast.net/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\y4c32l2d.default\ . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Phillip\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll Wow6432Node-HKCU-Run-AIM - c:\users\Phillip\AppData\Local\Akamai\AIM\urbhy.dll . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-23 00:28:29 ComboFix-quarantined-files.txt 2013-02-23 08:28 ComboFix2.txt 2011-04-29 18:30 ComboFix3.txt 2011-04-29 05:02 . Pre-Run: 872,938,856,448 bytes free Post-Run: 874,778,087,424 bytes free . - - End Of File - - 5A3BFAD2AB26540D652EB1138E6E1D56
  8. Yeah it says windows cannot find it. Should I re-run combofix again?
  9. For some unknown reason my computer restarted itself during or after the scanning of Combofix so I'm not sure if there is a log already done. Should I re-run it again?
  10. Hi Gringo and thanks for replying so fast. Here are the reports you asked for: Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 9 Java 2 Runtime Environment, SE v1.4.2 Java version out of Date! Adobe Flash Player 11.5.502.149 Flash Player out of Date! Adobe Reader 10.1.1 Adobe Reader out of Date! Mozilla Firefox 18.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbam.exe windows defender MpCmdRun.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.9.2 Run by Phillip at 23:12:53 on 2013-02-22 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5777 [GMT -8:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\TiltWheelMouse.exe C:\Program Files (x86)\Ares\Ares.exe C:\Users\Phillip\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Windows\System32\rundll32.exe C:\Users\Phillip\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Phillip\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe \\.\globalroot\systemroot\svchost.exe -netsvcs C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\Phillip\Downloads\Defogger.exe C:\Windows\system32\svchost.exe -k defragsvc C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://comcast.net/ uWindow Title = Windows Internet Explorer provided by Yahoo! mWinlogon: Userinit = userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h uRun: [Akamai NetSession Interface] "C:\Users\Phillip\AppData\Local\Akamai\netsession_win.exe" uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [AIM] rundll32 "C:\Users\Phillip\AppData\Local\Akamai\AIM\urbhy.dll",NVDisplayCoInstallW mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent mRun: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun StartupFolder: C:\Users\Phillip\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Phillip\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file> IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{7C79A366-B347-406C-9396-FF60F2D2AF49} : DHCPNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [MouseDriver] TiltWheelMouse.exe x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\y4c32l2d.default\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-4-22 25824] R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 t_mouse.sys;iBall Advanced Mouse;C:\Windows\System32\drivers\t_mouse.sys [2009-4-16 25088] S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-11-17 46136] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-11-7 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-26 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-02-23 07:04:55 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D988BDB6-06B8-4351-AA6A-8B43827536C6}\offreg.dll 2013-02-23 06:53:10 20480 ----a-w- C:\Windows\svchost.exe 2013-02-22 22:03:49 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D988BDB6-06B8-4351-AA6A-8B43827536C6}\mpengine.dll 2013-02-21 18:14:01 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-02-21 18:13:55 -------- d-----w- C:\Program Files (x86)\AMD APP 2013-02-14 08:11:59 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 08:11:59 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 23:19:09 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-13 23:19:09 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 23:19:08 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 23:19:06 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-13 23:19:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 23:19:04 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 23:19:04 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 23:19:04 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-13 23:19:04 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 23:19:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 23:18:35 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-13 23:18:35 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-02 02:29:46 -------- d-----w- C:\Program Files\iPod 2013-02-02 02:29:45 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-02-02 02:29:45 -------- d-----w- C:\Program Files\iTunes 2013-02-02 02:29:45 -------- d-----w- C:\Program Files (x86)\iTunes 2013-02-02 02:14:20 -------- d-----w- C:\Users\Phillip\AppData\Local\Programs . ==================== Find3M ==================== . 2013-02-17 21:31:26 1682 --sha-w- C:\ProgramData\KGyGaAvL.sys 2013-02-08 01:37:13 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-08 01:37:13 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-17 09:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-19 23:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe 2012-12-19 23:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-12-19 23:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-12-19 23:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-12-19 23:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-12-19 23:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll 2012-12-19 23:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-12-19 23:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2012-12-19 23:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll 2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll 2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll 2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll 2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe 2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll 2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll 2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-12-05 01:58:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-05 01:58:34 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-12-05 01:58:34 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll . ============= FINISH: 23:13:23.04 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/25/2011 8:53:53 PM System Uptime: 2/22/2013 10:51:55 PM (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | M68MT-S2 Processor: AMD FX-4100 Quad-Core Processor | Socket M2 | 3600/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 812.506 GiB free. D: is CDROM () E: is FIXED (NTFS) - 146 GiB total, 88.548 GiB free. F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP147: 2/13/2013 3:15:14 PM - Windows Update RP148: 2/14/2013 12:10:19 AM - Windows Update RP149: 2/19/2013 3:07:30 PM - Windows Update RP151: 2/22/2013 10:32:53 PM - Windows Defender Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) AC3Filter 2.5b Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.1) Akamai NetSession Interface AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update Ares 2.1.7 AviSynth 2.5 Bonjour Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish D3DX10 DivX Setup Download Updater (AOL LLC) Dropbox GIMP 2.6.11 Google Toolbar for Internet Explorer Google Update Helper iTunes Java 2 Runtime Environment, SE v1.4.2 Java 7 Update 9 Java Auto Updater Junk Mail filter update League of Legends Malwarebytes Anti-Malware version 1.70.0.1100 Memeo AutoSync Memeo Instant Backup Memeo Send Memeo Share Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office File Validation Add-In Microsoft Office Office 64-bit Components 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Starter 2010 - English Microsoft Office Word 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Mozilla Firefox 18.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 NVIDIA Drivers Pando Media Booster QuickTime Realtek High Definition Audio Driver RGSS-RTP Standard RPG Maker VX RPG MAKER VX Ace RPG MAKER VX Ace RTP RPG Maker VX RTP Seagate Dashboard Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Shin Megami Tensei Imagine Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.6195 Vpskeys 4.3 Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows XP Mode WinRAR 4.01 (32-bit) Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 2/22/2013 10:52:11 PM, Error: Service Control Manager [7000] - The AODDriver4.2 service failed to start due to the following error: The system cannot find the file specified. 2/22/2013 10:13:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a001331000, 0x0000000000000000, 0xfffff800030cd43a, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022213-13618-01. 2/21/2013 11:50:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Phillip-PC\Phillip SID (S-1-5-21-2675668437-2806094590-1212162313-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 2/21/2013 10:10:16 AM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the AMD External Events Utility service to connect. 2/21/2013 10:10:16 AM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/18/2013 1:14:33 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 2/17/2013 7:36:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0x0000000000000000, 0xfffff80000b9c3d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021713-13275-01. . ==== End Of File ===========================
  11. Hello, I have this trojan that keeps reappearing no matter how many times I removed it with Malwarebytes scans. It seems that C:\Windows\svchost.exe keeps recreating itself once it is found and I am asked to restart my computer after the scan is complete. This is my latest mbam log from it: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.23.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Phillip :: PHILLIP-PC [administrator] 2/22/2013 10:14:58 PM mbam-log-2013-02-22 (22-14-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206022 Time elapsed: 3 minute(s), 13 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 3488 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Phillip\AppData\Local\Temp\1204.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end)
  12. Hi malwarebytes My computer has been a little unresponsive and slow these days and I feel like it has something to do with being infected with malware because it wasn't like this before. I've scanned it numerous times but nothing ever shows up so I'm wondering what I can do to fix this. It could possibly be a hardware problem because there has been a couple blackouts that could've fried something but I'm not too sure. Thanks in advance!
  13. Ah I see looks like I'm all set now, once again thank you Elise
  14. It looks like the newly infected stuff are from java. esetscan.txt
  15. Hi Elise , I'm having some problems when trying to run and install the java a window pops up and says its not a valid windows32 application or something. But the good news is I scanned and there's nothing detected so it seem my computer is clear now. Thank you Elise Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6479 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/30/2011 10:32:43 AM mbam-log-2011-04-30 (10-32-43).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 290437 Time elapsed: 42 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)