coflyfisher
Posts: 14 +0
Hi All,
I went through the 5 step process, here are the logs.Any help would be appreciated. Thanks
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.17.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-PC [administrator]
Protection: Enabled
5/17/2012 3:05:14 PM
mbam-log-2012-05-17 (15-05-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218861
Time elapsed: 7 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DAT1C8D.tmp.exe (Trojan.FakeAlert) -> Data: C:\Users\Chris\AppData\Local\Temp\DAT1C8D.tmp.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Chris\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
(end)
GMER was blankl
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Chris at 15:31:41 on 2012-05-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3564.1922 [GMT -6:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Jump Desktop\JumpService.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Webroot\WRSA.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Nuance\PDF Create! 6\pdfcreate6hook.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Jump Desktop] C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe autorun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [DAT1C8D.tmp.exe] C:\Users\Chris\AppData\Local\Temp\DAT1C8D.tmp.exe
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75} : DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75}\157756374775966696 : DhcpNameServer = 192.168.9.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75}\45154565E4 : DhcpNameServer = 192.168.0.1 8.8.8.8
TCP: Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{D11BE09D-1EBD-4033-83A0-0256BB21F28F} : DhcpNameServer = 192.168.0.1 205.171.2.25
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"
mRun-x64: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe
Hosts: 69.10.57.36 www.google-analytics.com.
Hosts: 69.10.57.36 ad-emea.doubleclick.net.
Hosts: 69.10.57.36 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7r01hjhb.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
R0 WRkrn;WRkrn;C:\windows\system32\drivers\WRkrn.sys --> C:\windows\system32\drivers\WRkrn.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-7-15 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-7-15 91296]
R2 JumpDesktop;Jump Desktop Service;C:\Program Files (x86)\Jump Desktop\JumpService.exe [2011-12-21 7680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-17 654408]
R2 MSSQL$IAC;SQL Server (IAC);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-15 1153368]
R2 SGDrv;SGDrv;C:\windows\system32\DRIVERS\SGdrv64.sys --> C:\windows\system32\DRIVERS\SGdrv64.sys [?]
R2 SSPORT;SSPORT;\??\C:\windows\system32\Drivers\SSPORT.sys --> C:\windows\system32\Drivers\SSPORT.sys [?]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-2-15 679608]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\system32\DRIVERS\btath_flt.sys --> C:\windows\system32\DRIVERS\btath_flt.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\system32\drivers\btath_a2dp.sys --> C:\windows\system32\drivers\btath_a2dp.sys [?]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\system32\drivers\btath_avdt.sys --> C:\windows\system32\drivers\btath_avdt.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\system32\DRIVERS\btath_bus.sys --> C:\windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\system32\DRIVERS\btath_hcrp.sys --> C:\windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\system32\DRIVERS\btath_lwflt.sys --> C:\windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\system32\DRIVERS\btath_rcp.sys --> C:\windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys --> C:\windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 129976]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-05-17 21:02:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2012-05-17 21:02:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-17 21:02:24 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-05-17 21:02:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-17 12:26:41 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16BC3F29-267E-4633-9C38-CA5263D58620}\offreg.dll
2012-05-17 03:46:38 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-15 23:13:57 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-15 23:13:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-15 22:59:30 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16BC3F29-267E-4633-9C38-CA5263D58620}\mpengine.dll
2012-05-14 05:38:38 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-14 05:38:35 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-14 05:38:34 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-12 15:33:28 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-12 15:33:28 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-12 15:33:27 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-12 15:33:27 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-12 15:33:26 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 15:33:26 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-12 15:32:05 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-12 15:31:29 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-12 15:31:27 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 15:31:27 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 15:31:27 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 15:31:26 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 15:31:26 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 17:01:06 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-05-10 17:00:58 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-05-10 17:00:14 -------- d-----w- C:\IAC Files
2012-05-02 16:11:20 -------- d-----w- C:\Users\Chris\AppData\Local\{9E30258F-EB01-4747-8C8E-45413E3BD73E}
2012-05-02 16:10:57 -------- d-----w- C:\Users\Chris\AppData\Local\{6C04213D-E7DF-48A1-AADB-ECB12E31BF15}
2012-05-02 16:10:15 -------- d-----w- C:\Users\Chris\AppData\Local\{1B624856-CFB4-46FE-91DB-646E2BE32CA0}
2012-05-02 16:10:05 -------- d-----w- C:\Users\Chris\AppData\Local\{5760D95B-77B2-474B-A6B8-CF73F5C2A936}
2012-05-02 15:53:27 -------- d-----w- C:\Users\Chris\AppData\Local\{0F9BF396-87E3-4343-BB18-C45C8CAA2C07}
2012-05-02 15:53:03 -------- d-----w- C:\Users\Chris\AppData\Local\{F4208B22-5A87-41FF-9081-62F462A3C1EF}
2012-04-23 19:44:01 -------- d-----w- C:\Users\Chris\AppData\Local\NPE
2012-04-19 20:27:05 -------- d-----w- C:\Users\Chris\AppData\Local\{C285000B-A3C0-4D5A-BBAF-743CCB9B15EB}
2012-04-19 20:26:50 -------- d-----w- C:\Users\Chris\AppData\Local\{0CC155D2-1FF6-442F-8882-0F5B12D8F232}
2012-04-19 20:25:18 -------- d-----w- C:\Users\Chris\AppData\Local\{186CEFB9-B9FA-4F92-98FA-2A811645C989}
.
==================== Find3M ====================
.
2012-05-17 03:46:46 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-17 03:46:46 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-16 19:51:35 148152 ----a-w- C:\windows\SysWow64\WRusr.dll
2012-05-16 19:51:35 112656 ----a-w- C:\windows\System32\drivers\WRkrn.sys
2012-05-16 19:51:35 100760 ----a-w- C:\windows\System32\WRusr.dll
2012-04-12 00:25:04 60304 ----a-w- C:\Users\Chris\g2mdlhlpx.exe
2012-03-01 06:46:16 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-23 16:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2010-01-26 17:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
.
============= FINISH: 15:33:03.00 ===============
I went through the 5 step process, here are the logs.Any help would be appreciated. Thanks
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.17.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-PC [administrator]
Protection: Enabled
5/17/2012 3:05:14 PM
mbam-log-2012-05-17 (15-05-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218861
Time elapsed: 7 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DAT1C8D.tmp.exe (Trojan.FakeAlert) -> Data: C:\Users\Chris\AppData\Local\Temp\DAT1C8D.tmp.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Chris\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
(end)
GMER was blankl
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Chris at 15:31:41 on 2012-05-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3564.1922 [GMT -6:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Jump Desktop\JumpService.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Webroot\WRSA.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Nuance\PDF Create! 6\pdfcreate6hook.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Jump Desktop] C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe autorun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [DAT1C8D.tmp.exe] C:\Users\Chris\AppData\Local\Temp\DAT1C8D.tmp.exe
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75} : DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75}\157756374775966696 : DhcpNameServer = 192.168.9.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75}\45154565E4 : DhcpNameServer = 192.168.0.1 8.8.8.8
TCP: Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{D11BE09D-1EBD-4033-83A0-0256BB21F28F} : DhcpNameServer = 192.168.0.1 205.171.2.25
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"
mRun-x64: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe
Hosts: 69.10.57.36 www.google-analytics.com.
Hosts: 69.10.57.36 ad-emea.doubleclick.net.
Hosts: 69.10.57.36 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7r01hjhb.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
R0 WRkrn;WRkrn;C:\windows\system32\drivers\WRkrn.sys --> C:\windows\system32\drivers\WRkrn.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-7-15 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-7-15 91296]
R2 JumpDesktop;Jump Desktop Service;C:\Program Files (x86)\Jump Desktop\JumpService.exe [2011-12-21 7680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-17 654408]
R2 MSSQL$IAC;SQL Server (IAC);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-15 1153368]
R2 SGDrv;SGDrv;C:\windows\system32\DRIVERS\SGdrv64.sys --> C:\windows\system32\DRIVERS\SGdrv64.sys [?]
R2 SSPORT;SSPORT;\??\C:\windows\system32\Drivers\SSPORT.sys --> C:\windows\system32\Drivers\SSPORT.sys [?]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-2-15 679608]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\system32\DRIVERS\btath_flt.sys --> C:\windows\system32\DRIVERS\btath_flt.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\system32\drivers\btath_a2dp.sys --> C:\windows\system32\drivers\btath_a2dp.sys [?]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\system32\drivers\btath_avdt.sys --> C:\windows\system32\drivers\btath_avdt.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\system32\DRIVERS\btath_bus.sys --> C:\windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\system32\DRIVERS\btath_hcrp.sys --> C:\windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\system32\DRIVERS\btath_lwflt.sys --> C:\windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\system32\DRIVERS\btath_rcp.sys --> C:\windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys --> C:\windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 129976]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-05-17 21:02:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2012-05-17 21:02:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-17 21:02:24 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-05-17 21:02:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-17 12:26:41 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16BC3F29-267E-4633-9C38-CA5263D58620}\offreg.dll
2012-05-17 03:46:38 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-15 23:13:57 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-15 23:13:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-15 22:59:30 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16BC3F29-267E-4633-9C38-CA5263D58620}\mpengine.dll
2012-05-14 05:38:38 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-14 05:38:35 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-14 05:38:34 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-12 15:33:28 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-12 15:33:28 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-12 15:33:27 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-12 15:33:27 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-12 15:33:26 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 15:33:26 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-12 15:32:05 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-12 15:31:29 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-12 15:31:27 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 15:31:27 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 15:31:27 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 15:31:26 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 15:31:26 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 17:01:06 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-05-10 17:00:58 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-05-10 17:00:14 -------- d-----w- C:\IAC Files
2012-05-02 16:11:20 -------- d-----w- C:\Users\Chris\AppData\Local\{9E30258F-EB01-4747-8C8E-45413E3BD73E}
2012-05-02 16:10:57 -------- d-----w- C:\Users\Chris\AppData\Local\{6C04213D-E7DF-48A1-AADB-ECB12E31BF15}
2012-05-02 16:10:15 -------- d-----w- C:\Users\Chris\AppData\Local\{1B624856-CFB4-46FE-91DB-646E2BE32CA0}
2012-05-02 16:10:05 -------- d-----w- C:\Users\Chris\AppData\Local\{5760D95B-77B2-474B-A6B8-CF73F5C2A936}
2012-05-02 15:53:27 -------- d-----w- C:\Users\Chris\AppData\Local\{0F9BF396-87E3-4343-BB18-C45C8CAA2C07}
2012-05-02 15:53:03 -------- d-----w- C:\Users\Chris\AppData\Local\{F4208B22-5A87-41FF-9081-62F462A3C1EF}
2012-04-23 19:44:01 -------- d-----w- C:\Users\Chris\AppData\Local\NPE
2012-04-19 20:27:05 -------- d-----w- C:\Users\Chris\AppData\Local\{C285000B-A3C0-4D5A-BBAF-743CCB9B15EB}
2012-04-19 20:26:50 -------- d-----w- C:\Users\Chris\AppData\Local\{0CC155D2-1FF6-442F-8882-0F5B12D8F232}
2012-04-19 20:25:18 -------- d-----w- C:\Users\Chris\AppData\Local\{186CEFB9-B9FA-4F92-98FA-2A811645C989}
.
==================== Find3M ====================
.
2012-05-17 03:46:46 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-17 03:46:46 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-16 19:51:35 148152 ----a-w- C:\windows\SysWow64\WRusr.dll
2012-05-16 19:51:35 112656 ----a-w- C:\windows\System32\drivers\WRkrn.sys
2012-05-16 19:51:35 100760 ----a-w- C:\windows\System32\WRusr.dll
2012-04-12 00:25:04 60304 ----a-w- C:\Users\Chris\g2mdlhlpx.exe
2012-03-01 06:46:16 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-23 16:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2010-01-26 17:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
.
============= FINISH: 15:33:03.00 ===============