solar1948
Posts: 22 +0
Solar1948...the following are my logs per the instructions
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.26.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
dan :: SOLAR1 [administrator]
2/26/2013 3:25:40 PM
mbam-log-2013-02-26 (15-25-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227608
Time elapsed: 1 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_29
Run by dan at 15:36:55 on 2013-02-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16286.13089 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\lxbfcoms.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\dan\AppData\Local\Akamai\netsession_win.exe
C:\Users\dan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\notepad.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, optimized for Bing and MSN
uProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
uURLSearchHooks: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - <orphaned>
mURLSearchHooks: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - <orphaned>
mURLSearchHooks: {c0415407-4ed2-48e1-900e-ee869abdd1f3} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Akamai NetSession Interface] "C:\Users\dan\AppData\Local\Akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Google Update] "C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{87A3B95A-461E-4D96-AE60-4C3661BEC43C} : DHCPNameServer = 192.168.0.1 205.171.2.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 lxbf_device;lxbf_device;C:\windows\System32\lxbfcoms.exe -service --> C:\windows\System32\lxbfcoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-20 1153368]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-17 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-23 2656280]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-23 317440]
R3 MBfilt;MBfilt;C:\windows\System32\drivers\MBfilt64.sys [2011-11-23 32344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-11-23 539240]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\windows\System32\drivers\RTL8192su.sys [2010-7-8 694888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\windows\System32\drivers\anvsnddrv.sys [2012-10-15 33872]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-11-16 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\drivers\hitmanpro37.sys [2013-2-25 32152]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-1-17 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\windows\System32\drivers\LVUVC64.sys [2011-8-19 4865568]
S3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-2-25 36680]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .ini: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: JSFile=C:\windows\System32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-26 20:09:05--------d-----w-C:\Program Files\Enigma Software Group
2013-02-26 20:07:53--------d-----w-C:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-02-26 20:07:53--------d-----w-C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-02-26 11:11:249162192----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{429EA41E-8C01-44E6-B836-BF520311360E}\mpengine.dll
2013-02-26 06:03:3332152----a-w-C:\windows\System32\drivers\hitmanpro37.sys
2013-02-26 05:16:1036680----a-w-C:\windows\System32\drivers\mbamchameleon.sys
2013-02-26 05:01:4671024----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-26 05:01:46691568----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
2013-02-26 04:35:37--------d-----w-C:\ProgramData\APN
2013-02-26 03:01:00--------d-----w-C:\Users\dan\AppData\Roaming\GlarySoft
2013-02-15 22:04:52208448----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 00:50:03996352----a-w-C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 00:50:03768000----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 10:10:375553512----a-w-C:\windows\System32\ntoskrnl.exe
2013-02-13 10:10:363967848----a-w-C:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 10:10:363913064----a-w-C:\windows\SysWow64\ntoskrnl.exe
2013-02-13 10:10:253153408----a-w-C:\windows\System32\win32k.sys
2013-02-13 10:10:227680----a-w-C:\windows\SysWow64\instnm.exe
2013-02-13 10:10:225120----a-w-C:\windows\SysWow64\wow32.dll
2013-02-13 10:10:2225600----a-w-C:\windows\SysWow64\setup16.exe
2013-02-13 10:10:22215040----a-w-C:\windows\System32\winsrv.dll
2013-02-13 10:10:222048----a-w-C:\windows\SysWow64\user.exe
2013-02-13 10:10:2214336----a-w-C:\windows\SysWow64\ntvdm64.dll
2013-02-13 10:10:20288088----a-w-C:\windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 10:10:201913192----a-w-C:\windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-01-17 08:28:58273840------w-C:\windows\System32\MpSigStub.exe
2013-01-09 01:19:092312704----a-w-C:\windows\System32\jscript9.dll
2013-01-09 01:12:031392128----a-w-C:\windows\System32\wininet.dll
2013-01-09 01:11:061494528----a-w-C:\windows\System32\inetcpl.cpl
2013-01-09 01:07:51173056----a-w-C:\windows\System32\ieUnatt.exe
2013-01-09 01:07:47599040----a-w-C:\windows\System32\vbscript.dll
2013-01-09 01:04:422382848----a-w-C:\windows\System32\mshtml.tlb
2013-01-08 22:11:211800704----a-w-C:\windows\SysWow64\jscript9.dll
2013-01-08 22:03:201129472----a-w-C:\windows\SysWow64\wininet.dll
2013-01-08 22:03:121427968----a-w-C:\windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02142848----a-w-C:\windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29420864----a-w-C:\windows\SysWow64\vbscript.dll
2013-01-08 21:56:232382848----a-w-C:\windows\SysWow64\mshtml.tlb
2013-01-04 04:43:2144032----a-w-C:\windows\apppatch\acwow64.dll
2012-12-16 17:11:2246080----a-w-C:\windows\System32\atmlib.dll
2012-12-16 14:45:03367616----a-w-C:\windows\System32\atmfd.dll
2012-12-16 14:13:28295424----a-w-C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:2034304----a-w-C:\windows\SysWow64\atmlib.dll
2012-12-14 23:49:2824176----a-w-C:\windows\System32\drivers\mbam.sys
2012-12-07 13:20:16441856----a-w-C:\windows\System32\Wpc.dll
2012-12-07 13:15:312746368----a-w-C:\windows\System32\gameux.dll
2012-12-07 12:26:17308736----a-w-C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:432576384----a-w-C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:0430720----a-w-C:\windows\System32\usk.rs
2012-12-07 11:20:0343520----a-w-C:\windows\System32\csrr.rs
2012-12-07 11:20:0323552----a-w-C:\windows\System32\oflc.rs
2012-12-07 11:20:0145568----a-w-C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:0144544----a-w-C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:0120480----a-w-C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:0020480----a-w-C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:5920480----a-w-C:\windows\System32\pegi.rs
2012-12-07 11:19:5846592----a-w-C:\windows\System32\fpb.rs
2012-12-07 11:19:5740960----a-w-C:\windows\System32\cob-au.rs
2012-12-07 11:19:5721504----a-w-C:\windows\System32\grb.rs
2012-12-07 11:19:5715360----a-w-C:\windows\System32\djctq.rs
2012-12-07 11:19:5655296----a-w-C:\windows\System32\cero.rs
2012-12-07 11:19:5551712----a-w-C:\windows\System32\esrb.rs
2012-11-30 05:45:35362496----a-w-C:\windows\System32\wow64win.dll
2012-11-30 05:45:35243200----a-w-C:\windows\System32\wow64.dll
2012-11-30 05:45:3513312----a-w-C:\windows\System32\wow64cpu.dll
2012-11-30 05:43:1216384----a-w-C:\windows\System32\ntvdm64.dll
2012-11-30 05:41:07424448----a-w-C:\windows\System32\KernelBase.dll
2012-11-30 04:53:59274944----a-w-C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48338432----a-w-C:\windows\System32\conhost.exe
2012-11-30 02:38:596144---ha-w-C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:594608---ha-w-C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:593584---ha-w-C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:593072---ha-w-C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 15:37:06.45 ===============
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.26.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
dan :: SOLAR1 [administrator]
2/26/2013 3:25:40 PM
mbam-log-2013-02-26 (15-25-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227608
Time elapsed: 1 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_29
Run by dan at 15:36:55 on 2013-02-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16286.13089 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\lxbfcoms.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\dan\AppData\Local\Akamai\netsession_win.exe
C:\Users\dan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\notepad.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, optimized for Bing and MSN
uProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
uURLSearchHooks: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - <orphaned>
mURLSearchHooks: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - <orphaned>
mURLSearchHooks: {c0415407-4ed2-48e1-900e-ee869abdd1f3} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Akamai NetSession Interface] "C:\Users\dan\AppData\Local\Akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Google Update] "C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{87A3B95A-461E-4D96-AE60-4C3661BEC43C} : DHCPNameServer = 192.168.0.1 205.171.2.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 lxbf_device;lxbf_device;C:\windows\System32\lxbfcoms.exe -service --> C:\windows\System32\lxbfcoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-20 1153368]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-17 450848]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-23 2656280]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-23 317440]
R3 MBfilt;MBfilt;C:\windows\System32\drivers\MBfilt64.sys [2011-11-23 32344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-11-23 539240]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\windows\System32\drivers\RTL8192su.sys [2010-7-8 694888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\windows\System32\drivers\anvsnddrv.sys [2012-10-15 33872]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-11-16 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\drivers\hitmanpro37.sys [2013-2-25 32152]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-1-17 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\windows\System32\drivers\LVUVC64.sys [2011-8-19 4865568]
S3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-2-25 36680]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .ini: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: JSFile=C:\windows\System32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-26 20:09:05--------d-----w-C:\Program Files\Enigma Software Group
2013-02-26 20:07:53--------d-----w-C:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-02-26 20:07:53--------d-----w-C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-02-26 11:11:249162192----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{429EA41E-8C01-44E6-B836-BF520311360E}\mpengine.dll
2013-02-26 06:03:3332152----a-w-C:\windows\System32\drivers\hitmanpro37.sys
2013-02-26 05:16:1036680----a-w-C:\windows\System32\drivers\mbamchameleon.sys
2013-02-26 05:01:4671024----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-26 05:01:46691568----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
2013-02-26 04:35:37--------d-----w-C:\ProgramData\APN
2013-02-26 03:01:00--------d-----w-C:\Users\dan\AppData\Roaming\GlarySoft
2013-02-15 22:04:52208448----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 00:50:03996352----a-w-C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 00:50:03768000----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 10:10:375553512----a-w-C:\windows\System32\ntoskrnl.exe
2013-02-13 10:10:363967848----a-w-C:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 10:10:363913064----a-w-C:\windows\SysWow64\ntoskrnl.exe
2013-02-13 10:10:253153408----a-w-C:\windows\System32\win32k.sys
2013-02-13 10:10:227680----a-w-C:\windows\SysWow64\instnm.exe
2013-02-13 10:10:225120----a-w-C:\windows\SysWow64\wow32.dll
2013-02-13 10:10:2225600----a-w-C:\windows\SysWow64\setup16.exe
2013-02-13 10:10:22215040----a-w-C:\windows\System32\winsrv.dll
2013-02-13 10:10:222048----a-w-C:\windows\SysWow64\user.exe
2013-02-13 10:10:2214336----a-w-C:\windows\SysWow64\ntvdm64.dll
2013-02-13 10:10:20288088----a-w-C:\windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 10:10:201913192----a-w-C:\windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-01-17 08:28:58273840------w-C:\windows\System32\MpSigStub.exe
2013-01-09 01:19:092312704----a-w-C:\windows\System32\jscript9.dll
2013-01-09 01:12:031392128----a-w-C:\windows\System32\wininet.dll
2013-01-09 01:11:061494528----a-w-C:\windows\System32\inetcpl.cpl
2013-01-09 01:07:51173056----a-w-C:\windows\System32\ieUnatt.exe
2013-01-09 01:07:47599040----a-w-C:\windows\System32\vbscript.dll
2013-01-09 01:04:422382848----a-w-C:\windows\System32\mshtml.tlb
2013-01-08 22:11:211800704----a-w-C:\windows\SysWow64\jscript9.dll
2013-01-08 22:03:201129472----a-w-C:\windows\SysWow64\wininet.dll
2013-01-08 22:03:121427968----a-w-C:\windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02142848----a-w-C:\windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29420864----a-w-C:\windows\SysWow64\vbscript.dll
2013-01-08 21:56:232382848----a-w-C:\windows\SysWow64\mshtml.tlb
2013-01-04 04:43:2144032----a-w-C:\windows\apppatch\acwow64.dll
2012-12-16 17:11:2246080----a-w-C:\windows\System32\atmlib.dll
2012-12-16 14:45:03367616----a-w-C:\windows\System32\atmfd.dll
2012-12-16 14:13:28295424----a-w-C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:2034304----a-w-C:\windows\SysWow64\atmlib.dll
2012-12-14 23:49:2824176----a-w-C:\windows\System32\drivers\mbam.sys
2012-12-07 13:20:16441856----a-w-C:\windows\System32\Wpc.dll
2012-12-07 13:15:312746368----a-w-C:\windows\System32\gameux.dll
2012-12-07 12:26:17308736----a-w-C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:432576384----a-w-C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:0430720----a-w-C:\windows\System32\usk.rs
2012-12-07 11:20:0343520----a-w-C:\windows\System32\csrr.rs
2012-12-07 11:20:0323552----a-w-C:\windows\System32\oflc.rs
2012-12-07 11:20:0145568----a-w-C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:0144544----a-w-C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:0120480----a-w-C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:0020480----a-w-C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:5920480----a-w-C:\windows\System32\pegi.rs
2012-12-07 11:19:5846592----a-w-C:\windows\System32\fpb.rs
2012-12-07 11:19:5740960----a-w-C:\windows\System32\cob-au.rs
2012-12-07 11:19:5721504----a-w-C:\windows\System32\grb.rs
2012-12-07 11:19:5715360----a-w-C:\windows\System32\djctq.rs
2012-12-07 11:19:5655296----a-w-C:\windows\System32\cero.rs
2012-12-07 11:19:5551712----a-w-C:\windows\System32\esrb.rs
2012-11-30 05:45:35362496----a-w-C:\windows\System32\wow64win.dll
2012-11-30 05:45:35243200----a-w-C:\windows\System32\wow64.dll
2012-11-30 05:45:3513312----a-w-C:\windows\System32\wow64cpu.dll
2012-11-30 05:43:1216384----a-w-C:\windows\System32\ntvdm64.dll
2012-11-30 05:41:07424448----a-w-C:\windows\System32\KernelBase.dll
2012-11-30 04:53:59274944----a-w-C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48338432----a-w-C:\windows\System32\conhost.exe
2012-11-30 02:38:596144---ha-w-C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:594608---ha-w-C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:593584---ha-w-C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:593072---ha-w-C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 15:37:06.45 ===============