View Full Version : ib.adnxs.com Popup
Getting popup when i go to facebook, and any time someone puts a word up here, such as "Start" or "click" i get hover over ads. VERY ANNOYING!
please help :S
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by RaxinII at 22:29:10 on 2012-09-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4560 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Dwm.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.thexcrew.com/games/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin
mRun: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
mRun: [RTSS] "C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.101.19.192 75.101.19.224
TCP: Interfaces\{3AE77AF7-CAEB-48E2-83DC-68ACC2FA10B4} : DhcpNameServer = 75.101.19.192 75.101.19.224
TCP: Interfaces\{E83A24C4-71D2-468A-9438-D4223A345EA7} : DhcpNameServer = 75.101.19.192 75.101.19.224
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
mRun-x64: [RTSS] "C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RaxinII\AppData\Roaming\Mozilla\Firefox\Profiles\4ztevud9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\RaxinII\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\RaxinII\AppData\Roaming\Mozilla\Firefox\Profiles\4ztevud9.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Users\RaxinII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\RaxinII\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=101641
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - dc51e7ed0000000000008c89a532e01d
FF - user.js: extensions.BabylonToolbar_i.hardId - dc51e7ed0000000000008c89a532e01d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15402
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:15:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-26 1153368]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AODDriver;AODDriver;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-1-31 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SaiK0728;SaiK0728;C:\Windows\system32\DRIVERS\SaiK0728.sys --> C:\Windows\system32\DRIVERS\SaiK0728.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
S3 AmdTools64;AMD Special Tools Driver;C:\Windows\system32\DRIVERS\AmdTools64.sys --> C:\Windows\system32\DRIVERS\AmdTools64.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2011-12-14 18360]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-01 14:49:47 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7051E6AC-C4A9-4756-8284-B8195462A560}\offreg.dll
2012-09-01 14:48:42 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7051E6AC-C4A9-4756-8284-B8195462A560}\mpengine.dll
2012-09-01 10:01:25 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-30 09:51:15 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-30 09:10:09 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-27 08:19:29 -------- d-----w- C:\Program Files\Microsoft Device Center
2012-08-27 07:43:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-27 07:43:16 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-08-27 06:36:38 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-27 06:31:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-27 02:42:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-27 02:42:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-15 06:14:57 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-14 22:58:17 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-14 22:58:17 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-14 22:58:17 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-14 22:58:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-14 21:52:50 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-14 21:52:49 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-14 21:52:44 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-14 21:52:44 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-14 21:52:44 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-14 21:52:25 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-14 21:52:23 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-10 06:40:14 -------- d-----w- C:\Users\RaxinII\AppData\Local\SCE
.
==================== Find3M ====================
.
2012-08-31 06:14:56 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-31 06:14:56 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-31 06:14:19 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-08-14 22:34:39 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 22:34:39 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-22 09:59:10 925184 ----a-w- C:\Windows\expstart.exe
2012-06-27 04:38:30 46176 ----a-w- C:\Windows\System32\drivers\point64.sys
2012-06-27 04:38:30 23648 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys
2012-06-27 04:18:11 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
.
============= FINISH: 22:29:44.69 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-01 22:32:44
-----------------------------
22:32:44.956 OS Version: Windows x64 6.1.7601 Service Pack 1
22:32:44.957 Number of processors: 4 586 0x503
22:32:44.959 ComputerName: WHITEDRAGON UserName: RaxinII
22:32:45.827 Initialize success
22:32:55.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:32:55.173 Disk 0 Vendor: Size: 0MB BusType: 0
22:32:55.182 Disk 0 MBR read successfully
22:32:55.184 Disk 0 MBR scan
22:32:55.186 Disk 0 Windows 7 default MBR code
22:32:55.188 Disk 0 MBR hidden
22:32:55.191 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:32:55.196 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
22:32:55.213 Disk 0 scanning C:\Windows\system32\drivers
22:33:05.515 Service scanning
22:33:13.867 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
22:33:23.489 Modules scanning
22:33:23.495 Disk 0 trace - called modules:
22:33:23.515 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:33:23.521 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aad790]
22:33:23.525 3 CLASSPNP.SYS[fffff880019a943f] -> nt!IofCallDriver -> [0xfffffa80075689b0]
22:33:23.533 5 ACPI.sys[fffff88000f837a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079e8060]
22:33:23.537 Scan finished successfully
22:33:36.659 Disk 0 MBR has been saved successfully to "C:\Users\RaxinII\Documents\MBR.dat"
22:33:36.709 The log file has been saved successfully to "C:\Users\RaxinII\Documents\aswMBR.txt"
Update:
Now when i go to youtube i get the same popup.
I get a flash overlay on every window i go to (does not get in the way, flash blocker (firefox) blocks it, i just get the square on the top left corner.
I also get "searchenhance" stuff that pops up when i google something.
Hope this helps.
Noticed a new symptom, when i hover over the text that pops up a hover over window, it says "Enhanced Text" dont know if that helps at all. i will continue to look for more clues.
Any help is greatly appreciated.
as mentioned before i get a flash overlay on my screen (blocked by flashblocker). i managed to find out where the flash is coming from
<< location of the flash.
My apologies, i have used your forums i the past, i had no intention of bumping my post. only updating you with more information.
Providing a Dr. with all the symptoms may bring you to a cure faster than leaving out information.
As to the links, is there another way i can send you this information? maybe through PM or in an email?
Hi,
If help still needed post fresh DDS logs (= copy-paste dds.txt & attach.txt contents).
updated:
i found a fake notepad.exe file in C:\Windows\notepad.exe, it was write protected, i managed to get rid of it, i have not received anymore popups. I do still occasionally get that flash popup.
Problems found:
Babylon toolbar
Conduit search
flash overlay
EhancedSearch when googling
Ehancedtext (or textenhanced) when hovering over product names
Youtube video's in firefox no longer load (work in chrome, so i'm looking into a fix... may be related)
Hi,
If help still needed post fresh DDS logs (= copy-paste dds.txt & attach.txt contents).
I don't see attach.txt contents pasted there. Please post its contents too.
DDS.TXT
---------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by RaxinII at 0:54:11 on 2012-09-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4610 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Users\RaxinII\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.thexcrew.com/games/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Google Update] "C:\Users\RaxinII\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
mRun: [RTSS] "C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.101.19.192 75.101.19.224
TCP: Interfaces\{3AE77AF7-CAEB-48E2-83DC-68ACC2FA10B4} : DhcpNameServer = 75.101.19.192 75.101.19.224
TCP: Interfaces\{E83A24C4-71D2-468A-9438-D4223A345EA7} : DhcpNameServer = 75.101.19.192 75.101.19.224
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
mRun-x64: [RTSS] "C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RaxinII\AppData\Roaming\Mozilla\Firefox\Profiles\4ztevud9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\RaxinII\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\RaxinII\AppData\Roaming\Mozilla\Firefox\Profiles\4ztevud9.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Users\RaxinII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\RaxinII\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=101641
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - dc51e7ed0000000000008c89a532e01d
FF - user.js: extensions.BabylonToolbar_i.hardId - dc51e7ed0000000000008c89a532e01d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15402
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:15:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-26 1153368]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AODDriver;AODDriver;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-1-31 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SaiK0728;SaiK0728;C:\Windows\system32\DRIVERS\SaiK0728.sys --> C:\Windows\system32\DRIVERS\SaiK0728.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250568]
S3 AmdTools64;AMD Special Tools Driver;C:\Windows\system32\DRIVERS\AmdTools64.sys --> C:\Windows\system32\DRIVERS\AmdTools64.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2011-12-14 18360]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-09 05:47:22 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DECF6124-1380-4EEF-8857-51B1700B26F2}\mpengine.dll
2012-09-08 05:47:29 9310152 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 10:18:34 -------- d-----w- C:\Program Files (x86)\FileASSASSIN
2012-08-30 09:51:15 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-30 09:10:09 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-27 08:19:29 -------- d-----w- C:\Program Files\Microsoft Device Center
2012-08-27 07:43:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-27 07:43:16 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-08-27 06:36:38 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-27 06:31:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-27 02:42:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-27 02:42:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-15 06:14:57 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-14 22:58:17 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-14 22:58:17 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-14 22:58:17 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-14 22:58:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-14 21:52:50 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-14 21:52:49 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-14 21:52:44 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-14 21:52:44 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-14 21:52:44 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-14 21:52:25 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-14 21:52:23 956928 ----a-w- C:\Windows\System32\localspl.dll
.
==================== Find3M ====================
.
2012-09-08 07:30:59 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-09-08 07:30:59 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-09-08 07:30:32 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-09-02 22:33:09 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-02 22:33:09 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-22 09:59:10 925184 ----a-w- C:\Windows\expstart.exe
2012-06-27 04:38:30 46176 ----a-w- C:\Windows\System32\drivers\point64.sys
2012-06-27 04:38:30 23648 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys
2012-06-27 04:18:11 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 0:54:45.45 ===============
_______________________________________________________
ATTACH.TXT
---------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/2/2010 6:12:26 PM
System Uptime: 9/6/2012 10:36:21 PM (50 hours ago)
.
Motherboard: MSI | | 870S-G46 (MS-7599)
Processor: AMD Phenom(tm) II X4 840 Processor | CPU1 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 33.973 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP743: 9/6/2012 7:48:47 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
AMD OverDrive
AMD USB Filter Driver
AMD VISION Engine Control Center
Android SDK Tools
Application Profiles
Artisteer 2
Artisteer 3
AutoHotkey 1.0.48.05
Battlefield 3™
Battlelog Web Plugins
Call of Duty Black Ops - Remote Console
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Company of Heroes
Curse Client
D3DX10
Diablo II
Diablo III
Digital Copy
ESET Online Scanner v3
ESN Sonar
Feed Viewer for Windows SideShow
FileASSASSIN
Freemake Video Converter version 2.0.0
Futuremark SystemInfo
GIMP 2.6.10
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
GTA San Andreas
Hero Editor V1.03
HijackThis 2.0.2
HydraVision
Install Creator
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 31
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Matrix-ks
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 15.0 (x86 en-US)
MSI Afterburner 1.5.1
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
Notepad++
OpenAL
OpenOffice.org 3.3
Origin
Overwolf
Picasa 3
Planetside
PunkBuster Services
QuickTime
Rapture3D 2.4.8 Game
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Spybot - Search & Destroy
StarCraft II
Steam
Super-Charger
TeamSpeak 3 Client
The Lord of the Rings FREE Trial
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows SideShow Managed Runtime 1.0
WinPcap 4.1.1
World of Warcraft
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
9/6/2012 10:41:50 PM, Error: Microsoft-Windows-HttpEvent [15006] - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.
9/6/2012 10:40:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/6/2012 10:36:45 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
9/6/2012 10:36:45 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel Security. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
9/6/2012 10:36:37 PM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it.
9/5/2012 3:02:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.434.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee2 Error description: The operation timed out
.
==== End Of File ===========================
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
LOG.TXT
--------------------------------
ComboFix 12-09-09.02 - RaxinII 09/09/2012 11:06:25.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4614 [GMT -7:00]
Running from: c:\users\RaxinII\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 18:20 . 2012-09-09 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 18:20 . 2012-09-09 18:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-09-09 05:47 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DECF6124-1380-4EEF-8857-51B1700B26F2}\mpengine.dll
2012-09-08 05:47 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 10:18 . 2012-09-02 10:18 -------- d-----w- c:\program files (x86)\FileASSASSIN
2012-08-30 09:10 . 2012-08-30 09:10 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-27 08:19 . 2012-08-27 08:20 -------- d-----w- c:\program files\Microsoft Device Center
2012-08-27 07:43 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-27 07:43 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-27 06:36 . 2012-08-27 06:36 -------- d-----w- c:\program files (x86)\ESET
2012-08-27 06:31 . 2012-08-27 06:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-27 02:42 . 2012-08-31 12:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-27 02:42 . 2012-08-27 02:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-15 06:14 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-14 22:58 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-14 22:58 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-14 22:58 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-14 22:58 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-14 21:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-14 21:52 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-14 21:52 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-14 21:52 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 21:52 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-14 21:52 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-14 21:52 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 21:52 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 08:04 . 2010-04-03 07:36 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-09 08:04 . 2010-04-03 02:54 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-09 08:03 . 2010-04-03 02:54 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-02 22:33 . 2012-03-31 00:34 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-02 22:33 . 2011-05-16 08:38 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 07:45 . 2010-04-03 01:40 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-22 09:59 . 2011-06-29 02:11 925184 ----a-w- c:\windows\expstart.exe
2012-06-27 04:38 . 2012-06-27 04:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys
2012-06-27 04:38 . 2012-06-27 04:38 23648 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2012-06-27 04:18 . 2010-04-03 02:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-09-14 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"MSIAfterburner"="c:\program files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" [2010-02-01 44344]
"RTSS"="c:\program files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" [2009-11-06 24576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 250568]
R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 36328]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-30 114144]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\\OverwolfUpdater.exe [2012-07-16 18360]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-04-03 19952]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-21 1255736]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AODDriver;AODDriver;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2011-06-20 12904]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-02-01 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-01-21 129024]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 22:33]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 05:46]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 05:46]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2711299830-1496499618-1074572894-1001Core.job
- c:\users\RaxinII\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 08:31]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2711299830-1496499618-1074572894-1001UA.job
- c:\users\RaxinII\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 08:31]
.
2012-09-09 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2012-08-27 22:31]
.
2012-09-09 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2012-08-27 22:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.thexcrew.com/games/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.101.19.192 75.101.19.224
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\RaxinII\AppData\Roaming\Mozilla\Firefox\Profiles\4ztevud9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=101641
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - dc51e7ed0000000000008c89a532e01d
FF - user.js: extensions.BabylonToolbar_i.hardId - dc51e7ed0000000000008c89a532e01d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15402
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:15
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2711299830-1496499618-1074572894-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:0c,26,31,0b,9c,61,3d,53,d3,2b,f8,65,05,6c,76,9c,90,e3,ad,25,ce,
93,8f,dc,91,1e,42,73,08,26,20,08,94,a6,31,d6,43,fb,43,89,55,1b,a5,d0,62,2c,\
"rkeysecu"=hex:0d,a2,f2,43,3e,79,77,dd,3e,52,a2,7b,46,d3,91,95
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-09 11:39:43
ComboFix-quarantined-files.txt 2012-09-09 18:39
.
Pre-Run: 37,529,104,384 bytes free
Post-Run: 36,928,237,568 bytes free
.
- - End Of File - - 61F7938E7A449EBF2EC2DC3F1EF6D5FC
_____________________________________________________________
dds.txt
-------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by RaxinII at 11:50:35 on 2012-09-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4908 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.thexcrew.com/games/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
mRun: [RTSS] "C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.101.19.192 75.101.19.224
TCP: Interfaces\{3AE77AF7-CAEB-48E2-83DC-68ACC2FA10B4} : DhcpNameServer = 75.101.19.192 75.101.19.224
TCP: Interfaces\{E83A24C4-71D2-468A-9438-D4223A345EA7} : DhcpNameServer = 75.101.19.192 75.101.19.224
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
mRun-x64: [RTSS] "C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RaxinII\AppData\Roaming\Mozilla\Firefox\Profiles\4ztevud9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\RaxinII\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\RaxinII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\RaxinII\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=101641
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - dc51e7ed0000000000008c89a532e01d
FF - user.js: extensions.BabylonToolbar_i.hardId - dc51e7ed0000000000008c89a532e01d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15402
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:15:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-26 1153368]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AODDriver;AODDriver;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-1-31 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SaiK0728;SaiK0728;C:\Windows\system32\DRIVERS\SaiK0728.sys --> C:\Windows\system32\DRIVERS\SaiK0728.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250568]
S3 AmdTools64;AMD Special Tools Driver;C:\Windows\system32\DRIVERS\AmdTools64.sys --> C:\Windows\system32\DRIVERS\AmdTools64.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2011-12-14 18360]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-09 18:40:59 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04BC8CE3-2FBD-470D-A847-5B3D53978787}\mpengine.dll
2012-09-09 18:03:35 98816 ----a-w- C:\Windows\sed.exe
2012-09-09 18:03:35 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-09 18:03:35 256000 ----a-w- C:\Windows\PEV.exe
2012-09-09 18:03:35 208896 ----a-w- C:\Windows\MBR.exe
2012-09-08 05:47:29 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 10:18:34 -------- d-----w- C:\Program Files (x86)\FileASSASSIN
2012-08-27 08:19:29 -------- d-----w- C:\Program Files\Microsoft Device Center
2012-08-27 07:43:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-27 07:43:16 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-08-27 06:36:38 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-27 06:31:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-27 02:42:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-27 02:42:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-15 06:14:57 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-14 22:58:17 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-14 22:58:17 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-14 22:58:17 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-14 22:58:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-14 21:52:50 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-14 21:52:49 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-14 21:52:44 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-14 21:52:44 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-14 21:52:44 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-14 21:52:25 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-14 21:52:23 956928 ----a-w- C:\Windows\System32\localspl.dll
.
==================== Find3M ====================
.
2012-09-09 08:04:14 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-09-09 08:04:14 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-09-09 08:03:55 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-09-02 22:33:09 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-02 22:33:09 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-22 09:59:10 925184 ----a-w- C:\Windows\expstart.exe
2012-06-27 04:38:30 46176 ----a-w- C:\Windows\System32\drivers\point64.sys
2012-06-27 04:38:30 23648 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys
2012-06-27 04:18:11 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 11:51:10.51 ===============
Hi again,
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Firefox::
FF - ProfilePath - c:\users\RaxinII\AppData\Roaming\Mozilla\Firefox\Profiles\4ztevud9.default\
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=101641
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - dc51e7ed0000000000008c89a532e01d
FF - user.js: extensions.BabylonToolbar_i.hardId - dc51e7ed0000000000008c89a532e01d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15402
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:15
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 7 Update 7 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u7-windows-i586.exe to install the newest version.
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Ran all scans, ESET found nothing, symptoms are still there. Popup to titled location, and flash overlay.
Logs are posted and attached.
Log.txt
-------------------------
ComboFix 12-09-12.03 - RaxinII 09/12/2012 20:55:41.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6125 [GMT -7:00]
Running from: c:\users\RaxinII\Downloads\ComboFix.exe
Command switches used :: c:\users\RaxinII\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 04:02 . 2012-09-13 04:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-13 04:02 . 2012-09-13 04:02 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-09-13 03:53 . 2012-09-13 03:53 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-13 03:53 . 2012-09-13 03:53 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-13 03:53 . 2012-09-13 03:53 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-13 03:53 . 2012-09-13 03:53 188904 ----a-w- c:\windows\system32\java.exe
2012-09-13 03:50 . 2012-09-13 03:53 -------- d-sh--w- c:\windows\Installer
2012-09-12 19:43 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8916A53B-2C82-4111-BAC6-366D07F83EC6}\mpengine.dll
2012-09-11 19:49 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 19:49 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 19:49 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 19:49 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 19:49 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 19:49 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 19:49 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 05:47 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 10:18 . 2012-09-02 10:18 -------- d-----w- c:\program files (x86)\FileASSASSIN
2012-08-27 08:19 . 2012-08-27 08:20 -------- d-----w- c:\program files\Microsoft Device Center
2012-08-27 07:43 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-27 07:43 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-27 06:36 . 2012-08-27 06:36 -------- d-----w- c:\program files (x86)\ESET
2012-08-27 06:31 . 2012-08-27 06:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-27 02:42 . 2012-08-31 12:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-27 02:42 . 2012-08-27 02:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-15 06:14 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-14 22:58 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-14 22:58 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-14 22:58 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-14 22:58 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-14 21:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-14 21:52 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-14 21:52 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-14 21:52 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-14 21:52 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-14 21:52 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-14 21:52 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-14 21:52 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 03:53 . 2012-03-24 05:32 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 03:53 . 2012-03-24 05:32 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-12 10:00 . 2010-04-03 01:40 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-10 01:03 . 2010-04-03 07:36 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-10 01:03 . 2010-04-03 02:54 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-10 01:03 . 2010-04-03 02:54 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-22 09:59 . 2011-06-29 02:11 925184 ----a-w- c:\windows\expstart.exe
2012-06-27 04:38 . 2012-06-27 04:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys
2012-06-27 04:38 . 2012-06-27 04:38 23648 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2012-06-27 04:18 . 2010-04-03 02:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-09_18.20.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-03 07:52 . 2012-09-12 19:39 42204 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-12 19:39 38216 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-03 01:48 . 2012-09-12 19:39 17116 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2711299830-1496499618-1074572894-1001_UserData.bin
+ 2009-07-14 05:30 . 2012-09-12 10:17 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-08-28 06:14 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb8023x.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb80236.sys
+ 2012-09-11 19:49 . 2012-07-04 20:26 41472 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismpx.sys
+ 2012-09-11 19:49 . 2012-07-04 20:26 35840 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismp6.sys
+ 2009-07-14 04:46 . 2012-09-12 19:08 91616 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-09-07 05:36 . 2012-09-07 05:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-12 19:37 . 2012-09-12 19:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-07 05:36 . 2012-09-07 05:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-12 19:37 . 2012-09-12 19:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-09-12 19:41 662408 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-26 03:47 662408 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-26 03:47 122236 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-12 19:41 122236 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-09-12 10:17 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-08-28 06:14 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-09-12 10:17 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-08-27 08:21 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:31 . 2012-08-15 08:55 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2012-09-12 10:17 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:01 . 2012-09-12 19:36 284036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-07 05:35 284036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-13 03:50 . 2012-09-13 03:50 480256 c:\windows\Installer\1c46209.msi
+ 2009-07-14 04:45 . 2012-09-12 10:22 7194466 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-08-27 10:20 7194466 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-04-03 07:49 . 2012-09-07 05:35 4338640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-04-03 07:49 . 2012-09-12 19:20 4338640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2012-09-12 10:17 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-08-27 10:16 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-06-23 10:17 . 2012-09-12 19:20 11590904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2711299830-1496499618-1074572894-1001-8192.dat
+ 2012-09-07 09:41 . 2012-09-07 09:41 30936064 c:\windows\Installer\1c46471.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"MSIAfterburner"="c:\program files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" [2010-02-01 44344]
"RTSS"="c:\program files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" [2009-11-06 24576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176]
R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 36328]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\\OverwolfUpdater.exe [2012-07-16 18360]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-04-03 19952]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-21 1255736]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AODDriver;AODDriver;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2011-06-20 12904]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-02-01 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-01-21 129024]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 05:46]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 05:46]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2711299830-1496499618-1074572894-1001Core.job
- c:\users\RaxinII\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 08:31]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2711299830-1496499618-1074572894-1001UA.job
- c:\users\RaxinII\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 08:31]
.
2012-09-12 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2012-08-27 22:31]
.
2012-09-12 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2012-08-27 22:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.thexcrew.com/games/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.101.19.192 75.101.19.224
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\RaxinII\AppData\Roaming\Mozilla\Firefox\Profiles\4ztevud9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2711299830-1496499618-1074572894-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:0c,26,31,0b,9c,61,3d,53,d3,2b,f8,65,05,6c,76,9c,90,e3,ad,25,ce,
93,8f,dc,91,1e,42,73,08,26,20,08,94,a6,31,d6,43,fb,43,89,55,1b,a5,d0,62,2c,\
"rkeysecu"=hex:0d,a2,f2,43,3e,79,77,dd,3e,52,a2,7b,46,d3,91,95
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-12 21:04:14
ComboFix-quarantined-files.txt 2012-09-13 04:04
ComboFix2.txt 2012-09-12 19:29
ComboFix3.txt 2012-09-09 18:39
.
Pre-Run: 40,552,304,640 bytes free
Post-Run: 40,316,944,384 bytes free
.
- - End Of File - - A0DAC9B35B8A9A5C55B9AE3DAE8C89A8
__________________________________________________
DDS.txt
--------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by RaxinII at 2:56:58 on 2012-09-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.4744 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\RaxinII\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.thexcrew.com/games/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
mRun: [RTSS] "C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.101.19.192 75.101.19.224
TCP: Interfaces\{3AE77AF7-CAEB-48E2-83DC-68ACC2FA10B4} : DhcpNameServer = 75.101.19.192 75.101.19.224
TCP: Interfaces\{E83A24C4-71D2-468A-9438-D4223A345EA7} : DhcpNameServer = 75.101.19.192 75.101.19.224
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
mRun-x64: [RTSS] "C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RaxinII\AppData\Roaming\Mozilla\Firefox\Profiles\4ztevud9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\RaxinII\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\RaxinII\AppData\Roaming\Mozilla\Firefox\Profiles\4ztevud9.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Users\RaxinII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\RaxinII\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-26 1153368]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AODDriver;AODDriver;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-1-31 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SaiK0728;SaiK0728;C:\Windows\system32\DRIVERS\SaiK0728.sys --> C:\Windows\system32\DRIVERS\SaiK0728.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-13 250568]
S3 AmdTools64;AMD Special Tools Driver;C:\Windows\system32\DRIVERS\AmdTools64.sys --> C:\Windows\system32\DRIVERS\AmdTools64.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2011-12-14 18360]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-13 09:17:41 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 09:17:41 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-13 06:54:37 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{654F0C03-2D87-4226-A70F-8CBCD0182763}\mpengine.dll
2012-09-13 03:53:40 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-13 03:50:26 -------- d-sh--w- C:\Windows\Installer
2012-09-11 19:49:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-11 19:49:40 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-11 19:49:39 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-11 19:49:39 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-11 19:49:38 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-11 19:49:38 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-11 19:49:38 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-11 05:47:23 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-09 18:03:35 98816 ----a-w- C:\Windows\sed.exe
2012-09-09 18:03:35 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-09 18:03:35 256000 ----a-w- C:\Windows\PEV.exe
2012-09-09 18:03:35 208896 ----a-w- C:\Windows\MBR.exe
2012-09-02 10:18:34 -------- d-----w- C:\Program Files (x86)\FileASSASSIN
2012-08-27 08:19:29 -------- d-----w- C:\Program Files\Microsoft Device Center
2012-08-27 07:43:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-27 07:43:16 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-08-27 06:36:38 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-27 06:31:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-27 02:42:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-27 02:42:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-15 06:14:57 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-14 22:58:17 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-14 22:58:17 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-14 22:58:17 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-14 22:58:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-14 21:52:50 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-14 21:52:49 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-14 21:52:44 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-14 21:52:44 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-14 21:52:44 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-14 21:52:25 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-14 21:52:23 956928 ----a-w- C:\Windows\System32\localspl.dll
.
==================== Find3M ====================
.
2012-09-13 03:53:33 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-13 03:53:33 1034216 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-09-10 01:03:53 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-09-10 01:03:53 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-09-10 01:03:39 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-22 09:59:10 925184 ----a-w- C:\Windows\expstart.exe
2012-06-27 04:38:30 46176 ----a-w- C:\Windows\System32\drivers\point64.sys
2012-06-27 04:38:30 23648 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys
2012-06-27 04:18:11 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 2:57:47.49 ===============
________________________________________________
Attach.txt
---------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/2/2010 6:12:26 PM
System Uptime: 9/12/2012 12:36:50 PM (14 hours ago)
.
Motherboard: MSI | | 870S-G46 (MS-7599)
Processor: AMD Phenom(tm) II X4 840 Processor | CPU1 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 37.008 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP744: 9/9/2012 11:03:37 AM - ComboFix created restore point
RP745: 9/9/2012 10:47:36 PM - Windows Update
RP746: 9/12/2012 3:00:11 AM - Windows Update
RP747: 9/12/2012 8:50:37 PM - Installed Java SE Development Kit 7 Update 7 (64-bit)
RP748: 9/12/2012 8:52:00 PM - Installed Java 7 Update 7 (64-bit)
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
AMD OverDrive
AMD USB Filter Driver
AMD VISION Engine Control Center
Android SDK Tools
Application Profiles
Artisteer 2
Artisteer 3
AutoHotkey 1.0.48.05
Battlefield 3™
Battlelog Web Plugins
Call of Duty Black Ops - Remote Console
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Company of Heroes
Curse Client
D3DX10
Diablo II
Diablo III
Digital Copy
ESN Sonar
Feed Viewer for Windows SideShow
FileASSASSIN
Freemake Video Converter version 2.0.0
Futuremark SystemInfo
GIMP 2.6.10
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
GTA San Andreas
Hero Editor V1.03
HijackThis 2.0.2
HydraVision
Install Creator
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 31
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Matrix-ks
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 15.0.1 (x86 en-US)
MSI Afterburner 1.5.1
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
Notepad++
OpenOffice.org 3.3
Origin
Overwolf
Picasa 3
Planetside
PunkBuster Services
QuickTime
Rapture3D 2.4.8 Game
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Spybot - Search & Destroy
StarCraft II
Steam
Super-Charger
TeamSpeak 3 Client
The Lord of the Rings FREE Trial
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows SideShow Managed Runtime 1.0
World of Warcraft
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
9/9/2012 3:24:38 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR11.
9/9/2012 11:16:13 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/6/2012 10:40:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/12/2012 9:02:28 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/12/2012 12:53:03 PM, Error: Microsoft-Windows-HttpEvent [15006] - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.
9/12/2012 12:37:11 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
9/12/2012 12:37:11 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel Security. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
9/12/2012 12:37:06 PM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it.
9/12/2012 12:27:09 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
9/12/2012 12:21:45 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================
___________________________________________________________
is it possible it is injected into firefox itself? nothing shows on the addons installed or the extensions. i just surfed facebook and youtube, (sites that showed infection symptoms) with internet explorer and nothing showed up. i believe its a virus that is specifically targeting firefox. any ideas on how to remove it?
I will try the good ol fashioned uninstall, hard boot, reinstall of firefox. however if you come up with anything else, please let me know.
just did as described at the bottom of last post. guess what? virus is gone. it injected itself directly into firefox. may want to update spybot for this problem if possible. pm me if you would like to exchange emails for a full list of symptoms.
Hi,
I was going to ask if you had Text Enhance in your list of addons in Firefox but sounds like problem doesn't exist anymore. Let me know if that's the case and I'll post an instruction set of the final steps.
the problems are all gone now. like i said, it injected itself directly into firefox. there was no enhanced text addon installed (atleast not on the list). but after uninstalling Firefox and reinstalling, all the popups and enhanced text are gone now.
Good. Let's see the final steps then :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool: