Afrosammy
Posts: 24 +0
I've used MWB to attempt to remove it, but every time it do it comes back at some point less than two hours later. I know EXACTLY how I got it because I was being stupid and careless. There was some music I was downloading, and I mistakenly hit one of the fake "download now" links, and before I noticed the file was different from the others, it was too late. There was some kind of flashplayer installer involved as well.
Besides redirecting things on google after I click them (but not all the time for some reason), it's also made me unable to access my Gmail account because it says my browsers cookies are disabled. A few other websites tell me this as well despite them definitely being enabled. This not only happens in Firefox, but Internet Explorer as well. Besides that, I haven't noticed it doing anything else odd, but it's probably screwing things up behind the scenes as well. Anywhere, here's the info I need to paste, starting with MWB logs.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.11.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
afrosammy :: AFROSAMMY-PC [administrator]
2/11/2013 12:11:21 AM
mbam-log-2013-02-11 (00-11-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270729
Time elapsed: 7 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000032.@ (Trojan.Clicker) -> Quarantined and deleted successfully.
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.13.2
Run by afrosammy at 1:41:58 on 2013-02-13
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.8191.5294 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.108\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.239\deploy\LolClient.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN34624778402302316&ctid=CT3268494&SSPV=SP_IENSP06
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SMessaging] C:\Users\afrosammy\AppData\Local\Strongvault Online Backup\SMessaging.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5CD69964-B7CC-476A-A253-4A530DF3CBD3} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{CE3735C2-2E93-4DBA-B0BD-3D9E0A48E49E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F01E3132-A3E1-4CCC-AE59-A950F4F4B92E} : DHCPNameServer = 7.254.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&SearchSource=3&q={searchTerms}&sspv=SP_FFNSP06&CUI=UN21817309582264818
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\afrosammy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-11 16:24; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-5 8704]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-11 14456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-10 283200]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-14 1236968]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-8 3467768]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-10-31 66728]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
R3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2011-9-29 27136]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-19 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-2-11 38096]
S3 Neo_nic;VPN Client Device Driver - nic;C:\Windows\System32\drivers\Neo_0052.sys [2012-1-20 30072]
S3 Neo_po;VPN Client Device Driver - po;C:\Windows\System32\drivers\Neo_0112.sys [2012-1-20 30072]
S3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0049.sys [2012-1-20 30072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-1-5 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-1-5 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-19 738152]
S3 WatAdminSvc;WatAdminSvc;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-4 1255736]
.
=============== Created Last 30 ================
.
2013-02-12 03:01:36 38096 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2013-02-12 03:00:59 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-02-12 02:15:55 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\LavasoftStatistics
2013-02-11 22:26:40 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-02-11 22:25:54 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-02-11 22:25:54 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-02-11 22:24:46 -------- d-----w- C:\Users\afrosammy\AppData\Local\adawarebp
2013-02-11 22:24:46 -------- d-----w- C:\ProgramData\blekko toolbars
2013-02-11 22:24:45 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-02-11 22:24:41 -------- d-----w- C:\Program Files (x86)\adawaretb
2013-02-11 22:24:40 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-02-11 22:24:07 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\Ad-Aware Antivirus
2013-02-11 10:47:52 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2013-02-11 02:43:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2013-02-09 11:04:51 -------- d-----w- C:\Users\afrosammy\Archer.2009.S04E04.Midnight.Ron.720p.WEB-DL.x264.AAC
2013-02-09 04:52:23 -------- d-----w- C:\Users\afrosammy\AppData\Local\SplitMediaLabs
2013-02-09 04:50:59 -------- d-----w- C:\ProgramData\SplitMediaLabs
2013-02-09 04:50:59 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2013-02-09 04:50:15 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\SplitMediaLabs
2013-02-06 01:07:16 -------- d-----w- C:\Users\afrosammy\AppData\Local\TERA
2013-02-05 20:35:13 -------- d-----w- C:\ProgramData\HappyCloud
2013-02-05 06:33:28 -------- d-----w- C:\Program Files (x86)\Peach Princess
2013-02-04 04:04:52 -------- d-----w- C:\Users\afrosammy\Spice and Wolf Complete Series
2013-02-02 22:54:44 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-02 11:00:26 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\Malwarebytes
2013-02-02 10:56:33 -------- d-----w- C:\ProgramData\Tarma Installer
2013-02-02 10:41:15 -------- d-----w- C:\Users\afrosammy\AppData\Local\CRE
2013-02-02 10:40:10 -------- d-----w- C:\Users\afrosammy\AppData\Local\VisualBeeExe
2013-02-02 10:39:26 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2013-02-02 10:39:09 -------- d-----w- C:\Users\afrosammy\AppData\Local\Stronghold_LLC
2013-02-02 10:38:56 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-02-02 10:38:49 -------- d-----w- C:\ProgramData\VisualBee
2013-02-02 10:38:11 -------- d-----w- C:\Users\afrosammy\AppData\Local\Coupon Companion Plugin
2013-01-31 16:42:40 5999736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-01-27 04:22:49 -------- d-----w- C:\Users\afrosammy\.swt
2013-01-26 03:43:02 -------- d-----w- C:\Program Files (x86)\Carpe Fulgur
.
==================== Find3M ====================
.
2013-02-08 16:56:40 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 16:56:40 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-02 22:54:35 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-02-02 22:54:35 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-11 05:24:22 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-11 05:24:22 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-10 21:25:54 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-01 04:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-12-01 00:40:21 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 1:43:22.62 ===============
Besides redirecting things on google after I click them (but not all the time for some reason), it's also made me unable to access my Gmail account because it says my browsers cookies are disabled. A few other websites tell me this as well despite them definitely being enabled. This not only happens in Firefox, but Internet Explorer as well. Besides that, I haven't noticed it doing anything else odd, but it's probably screwing things up behind the scenes as well. Anywhere, here's the info I need to paste, starting with MWB logs.
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.11.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
afrosammy :: AFROSAMMY-PC [administrator]
2/11/2013 12:11:21 AM
mbam-log-2013-02-11 (00-11-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270729
Time elapsed: 7 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{f8f70f40-8854-39e8-8e6b-bb3aa68ca65e}\U\80000032.@ (Trojan.Clicker) -> Quarantined and deleted successfully.
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.13.2
Run by afrosammy at 1:41:58 on 2013-02-13
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.8191.5294 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.108\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.239\deploy\LolClient.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN34624778402302316&ctid=CT3268494&SSPV=SP_IENSP06
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SMessaging] C:\Users\afrosammy\AppData\Local\Strongvault Online Backup\SMessaging.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5CD69964-B7CC-476A-A253-4A530DF3CBD3} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{CE3735C2-2E93-4DBA-B0BD-3D9E0A48E49E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F01E3132-A3E1-4CCC-AE59-A950F4F4B92E} : DHCPNameServer = 7.254.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&SearchSource=3&q={searchTerms}&sspv=SP_FFNSP06&CUI=UN21817309582264818
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\afrosammy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-11 16:24; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\afrosammy\AppData\Roaming\Mozilla\Firefox\Profiles\irxpqbgp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-5 8704]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-11 14456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-10 283200]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-14 1236968]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-8 3467768]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-10-31 66728]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
R3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2011-9-29 27136]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-19 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-2-11 38096]
S3 Neo_nic;VPN Client Device Driver - nic;C:\Windows\System32\drivers\Neo_0052.sys [2012-1-20 30072]
S3 Neo_po;VPN Client Device Driver - po;C:\Windows\System32\drivers\Neo_0112.sys [2012-1-20 30072]
S3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0049.sys [2012-1-20 30072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-1-5 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-1-5 59392]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-19 738152]
S3 WatAdminSvc;WatAdminSvc;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-4 1255736]
.
=============== Created Last 30 ================
.
2013-02-12 03:01:36 38096 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2013-02-12 03:00:59 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-02-12 02:15:55 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\LavasoftStatistics
2013-02-11 22:26:40 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-02-11 22:25:54 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-02-11 22:25:54 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-02-11 22:24:46 -------- d-----w- C:\Users\afrosammy\AppData\Local\adawarebp
2013-02-11 22:24:46 -------- d-----w- C:\ProgramData\blekko toolbars
2013-02-11 22:24:45 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-02-11 22:24:41 -------- d-----w- C:\Program Files (x86)\adawaretb
2013-02-11 22:24:40 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-02-11 22:24:07 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\Ad-Aware Antivirus
2013-02-11 10:47:52 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2013-02-11 02:43:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2013-02-09 11:04:51 -------- d-----w- C:\Users\afrosammy\Archer.2009.S04E04.Midnight.Ron.720p.WEB-DL.x264.AAC
2013-02-09 04:52:23 -------- d-----w- C:\Users\afrosammy\AppData\Local\SplitMediaLabs
2013-02-09 04:50:59 -------- d-----w- C:\ProgramData\SplitMediaLabs
2013-02-09 04:50:59 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2013-02-09 04:50:15 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\SplitMediaLabs
2013-02-06 01:07:16 -------- d-----w- C:\Users\afrosammy\AppData\Local\TERA
2013-02-05 20:35:13 -------- d-----w- C:\ProgramData\HappyCloud
2013-02-05 06:33:28 -------- d-----w- C:\Program Files (x86)\Peach Princess
2013-02-04 04:04:52 -------- d-----w- C:\Users\afrosammy\Spice and Wolf Complete Series
2013-02-02 22:54:44 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-02 11:00:26 -------- d-----w- C:\Users\afrosammy\AppData\Roaming\Malwarebytes
2013-02-02 10:56:33 -------- d-----w- C:\ProgramData\Tarma Installer
2013-02-02 10:41:15 -------- d-----w- C:\Users\afrosammy\AppData\Local\CRE
2013-02-02 10:40:10 -------- d-----w- C:\Users\afrosammy\AppData\Local\VisualBeeExe
2013-02-02 10:39:26 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2013-02-02 10:39:09 -------- d-----w- C:\Users\afrosammy\AppData\Local\Stronghold_LLC
2013-02-02 10:38:56 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-02-02 10:38:49 -------- d-----w- C:\ProgramData\VisualBee
2013-02-02 10:38:11 -------- d-----w- C:\Users\afrosammy\AppData\Local\Coupon Companion Plugin
2013-01-31 16:42:40 5999736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-01-27 04:22:49 -------- d-----w- C:\Users\afrosammy\.swt
2013-01-26 03:43:02 -------- d-----w- C:\Program Files (x86)\Carpe Fulgur
.
==================== Find3M ====================
.
2013-02-08 16:56:40 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 16:56:40 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-02 22:54:35 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-02-02 22:54:35 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-11 05:24:22 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-11 05:24:22 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-10 21:25:54 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-01 04:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-12-01 00:40:21 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 1:43:22.62 ===============