Inactive MSN is sending inappropriate spam, my profile picture is being changed, etc

[chanlao]

Hello,

Earlier today someone told me that my msn name was changed to "cheerleader" and was sending him spam. I signed in myself to take a look and in fact my name was changed and my profile picture was changed to something inappropriate. So I changed my profile name and picture, changed my password and uninstalled messenger. To see if there was any success, I signed into messenger using my laptop and I found that my name was changed to "Camgirl", my status had a link, and my profile picture again was changed. I've warned everybody on my contacts list, but is there something I can do to get rid of this problem permanently? It seems to occur when I myself am not signed in.

Thanks.

Edit: I did a full scan using Microsoft Security Essentials and it came out clean

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[chanlao]

Thanks for your help! The logs are as follows:

Malwarebytes Anti-malware log:

to jMalwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122107

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/21/2011 3:31:21 PM
mbam-log-2011-12-21 (15-31-21).txt

Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 327243
Time elapsed: 16 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER log:

*it was blank*


DDS logs:

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Takkheanhlao at 20:58:15 on 2011-12-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6279 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
E:\WlanWpsSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
E:\InstantBurn\Win2K\IBurn.exe
E:\Power2Go\CLMLSvc.exe
E:\PowerDVD9\PDVD9Serv.exe
E:\wirelesscm.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
E:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
E:\Program Files (x86)\SUPERAnti\SASCORE64.EXE
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - E:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Steam] "E:\Steam\steam.exe" -silent
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [SUPERAntiSpyware] E:\Program Files (x86)\SUPERAnti\SUPERAntiSpyware.exe
mRun: [InstantBurn] E:\INSTAN~1\Win2K\IBurn.exe
mRun: [CLMLServer] "E:\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl9] E:\PowerDVD9\PDVD9Serv.exe
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePPShortCut] "E:\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdatePSTShortCut] "E:\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "E:\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - E:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - E:\wirelesscm.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - E:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - E:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{7A8090B3-41B9-4A08-B28D-D4A2A9C2E984} : DhcpNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{D989369E-61F2-4F66-B003-99FCC7934291} : DhcpNameServer = 192.168.1.1 184.16.33.54
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - E:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [InstantBurn] E:\INSTAN~1\Win2K\IBurn.exe
mRun-x64: [CLMLServer] "E:\Power2Go\CLMLSvc.exe"
mRun-x64: [RemoteControl9] E:\PowerDVD9\PDVD9Serv.exe
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [UpdatePPShortCut] "E:\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UpdatePSTShortCut] "E:\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "E:\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [AmazonGSDownloaderTray] E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Takkheanhlao\AppData\Roaming\Mozilla\Firefox\Profiles\82ajmokf.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\system32\DRIVERS\CLBStor.sys --> C:\Windows\system32\DRIVERS\CLBStor.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASKUTIL;SASKUTIL;E:\Program Files (x86)\SUPERAnti\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;E:\Program Files (x86)\SUPERAnti\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Amazon Download Agent;Amazon Download Agent;E:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-7-22 401920]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\system32\drivers\CLBUDF.sys --> C:\Windows\system32\drivers\CLBUDF.sys [?]
R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-21 366152]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-20 378984]
R2 WlanWpsSvc;WlanWpsSvc;E:\WlanWpsSvc.exe [2011-6-12 167936]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S1 SASDIFSV;SASDIFSV;E:\Program Files (x86)\SUPERAnti\sasdifsv64.sys [2011-7-22 14928]
S2 CLKMSVC10_54205E7F;CyberLink Product - 2011/06/10 07:07:28;E:\PowerDVD9\NavFilter\kmsvc.exe [2010-5-14 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-9 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-9 136176]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 NTIOLib_1_0_1;NTIOLib_1_0_1;E:\ControlCenter\NTIOLib_X64.sys [2011-6-9 14136]
S3 rak;rak;E:\Game\SoftnyxGame\RakionIS\Bin\rakion64.sys [2011-8-10 45176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-22 04:51:30 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBFACEFD-892B-4A60-A979-FBC90ABBFA91}\offreg.dll
2011-12-22 04:51:29 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBFACEFD-892B-4A60-A979-FBC90ABBFA91}\mpengine.dll
2011-12-22 00:30:11 -------- d-----w- C:\Users\Takkheanhlao\AppData\Roaming\SUPERAntiSpyware.com
2011-12-22 00:29:55 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-22 00:10:49 -------- d-----w- C:\Users\Takkheanhlao\AppData\Roaming\QFX Software
2011-12-22 00:10:49 -------- d-----w- C:\ProgramData\QFX Software
2011-12-22 00:09:57 222904 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys
2011-12-21 23:12:19 -------- d-----w- C:\Users\Takkheanhlao\AppData\Roaming\Malwarebytes
2011-12-21 23:12:04 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-21 23:12:01 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-21 19:21:39 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{C6161F04-305F-4533-AFC7-863897986109}
2011-12-21 19:21:17 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{F5B95CAB-B24C-4024-9937-DEE541A24F06}
2011-12-21 04:15:29 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{D6F76EA6-7C5A-47AB-AEEC-92DEA6B5592B}
2011-12-21 04:15:04 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{D5931360-999D-42F1-9F1D-5BC085643667}
2011-12-20 18:13:32 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{03645831-F8F1-4512-B7B9-94B096314045}
2011-12-19 21:25:21 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-12-19 19:41:26 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{12744CEE-9AB5-43A7-8108-8BBFA4E488BF}
2011-12-19 19:41:03 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{6B1ED290-1B20-45A5-A487-48A438C8E099}
2011-12-17 18:49:51 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{9296EAC1-2A00-4D37-8BD6-D9E83FB89892}
2011-12-17 18:49:29 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{F868859C-41BE-4811-A1E8-7981E6582629}
2011-12-17 05:48:26 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{BBB99849-D6A9-4A35-BF23-4C35E5AC9B58}
2011-12-17 05:48:26 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{A4EB884C-8604-41C6-8056-CCDD3ADE49F6}
2011-12-16 04:22:42 -------- d-----w- C:\Users\Takkheanhlao\AppData\Roaming\NVIDIA
2011-12-16 04:21:25 -------- d-----w- C:\Program Files (x86)\EA Games
2011-12-16 04:21:25 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2011-12-16 04:16:39 -------- d-----w- C:\ProgramData\Origin
2011-12-16 04:05:48 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\EA Core
2011-12-16 03:43:20 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{69C45C74-F17F-4D99-8C30-4B872E59EB02}
2011-12-16 03:42:57 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{476EA929-1C55-4CB1-8CB1-E016CA3F2301}
2011-12-15 19:28:33 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2011-12-15 19:28:33 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2011-12-15 19:28:33 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-12-15 19:28:33 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-12-15 19:28:33 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2011-12-15 19:28:33 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-12-15 16:56:26 -------- d-----w- C:\Users\Takkheanhlao\AppData\Roaming\Origin
2011-12-15 16:41:56 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{B09384D1-0B30-48A2-93E2-5097F5C7F896}
2011-12-15 16:41:33 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{F4D23DD9-48CC-45CB-9BF8-85D4FE41A940}
2011-12-15 04:40:54 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{C0BC8241-6FE0-4E62-BF22-F5E45F93C05A}
2011-12-15 04:40:31 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{9F4F4768-1BB8-4938-B7AA-899C87FCB4D8}
2011-12-14 16:46:01 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{391A995F-B3F3-4D33-A133-B56A472DFF6E}
2011-12-14 04:18:19 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{E64C7D74-BEA7-4D50-AB50-48183BEC2188}
2011-12-14 04:17:57 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{C9E7E33C-350F-4709-B090-3A3BA6B56CF6}
2011-12-14 04:02:03 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 04:02:02 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 04:02:02 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 04:02:02 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 04:02:00 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 04:02:00 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-13 03:29:54 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{3BA2A754-39B1-4BD5-85B2-AB4B244394D9}
2011-12-13 03:29:31 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{D9006716-7D85-4F7A-A65E-A34F838CD240}
2011-12-12 03:31:18 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{1526E245-048E-46E8-8E76-240A66F81600}
2011-12-12 03:31:06 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{B75AFB99-0D74-4966-80CB-E5EB0E75C79A}
2011-12-12 00:24:37 -------- d-----w- C:\Program Files (x86)\MSECache
2011-12-11 18:13:27 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{A8D43CEB-CE83-4D15-919D-687A53C1B841}
2011-12-11 18:13:04 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{E253EA55-456F-4C25-8954-19755EFD223E}
2011-12-11 06:57:09 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{01707D0D-CD79-45BF-865D-98B8CDC552C7}
2011-12-10 04:07:29 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{BCCDC89D-3B0C-4565-933E-4CF4F3CBFE22}
2011-12-10 04:07:05 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{F96FE107-86B9-47D3-A355-09E7308507A8}
2011-12-09 03:28:11 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{A17A1228-08EA-4F95-9D0E-37EA61BB06D3}
2011-12-09 03:27:52 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{D962A405-529A-4F1F-85B6-4EEDF361EBFC}
2011-12-08 04:05:51 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{8D299A36-9CF5-4B56-89ED-39820FCB01A3}
2011-12-07 03:27:02 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{A3E3B52E-966C-4D9A-93FD-8C2689AA691F}
2011-12-07 03:26:41 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{1F9D1EF5-8407-4FFF-B3C8-F32F93248807}
2011-12-06 04:03:34 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{ABA40711-8EF6-4C70-BFD0-AF4C74FFC293}
2011-12-06 04:03:10 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{69ED8FB4-5972-4B23-899A-1770EA686EF4}
2011-12-05 03:53:54 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{43329A9C-7A10-4E18-A37C-5F58650EAA3B}
2011-12-04 18:24:15 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{3E8373B6-A9F4-4971-AE5C-5AD719CA5C91}
2011-12-04 00:57:57 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{294798FF-8BEF-4966-A87D-163CD13DA6BA}
2011-12-04 00:57:36 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{3501E75C-6A47-4856-B374-332C41057851}
2011-12-03 17:44:51 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{9A6142AB-3F65-4C08-8520-2C8547CE1455}
2011-12-03 04:43:33 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{06647250-B633-4640-A059-80F6C5DF196E}
2011-12-03 04:43:11 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{AAEF26CE-EE1E-4E06-BCFD-40F812B2F770}
2011-12-02 03:43:31 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{1DA736CB-BC01-4CB6-9D9C-872A3F278325}
2011-12-02 03:43:08 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{46C45761-AFA6-4E3D-9281-3B1F5E0CA2B8}
2011-12-01 03:26:25 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{0E245503-F29F-475D-87C8-37292D6544F1}
2011-12-01 03:26:03 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{292CB7BE-4FEE-4027-BA65-348B60B7FAEA}
2011-11-30 03:23:44 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{F2EDB012-B3D9-4A9F-B5BF-361E8692D1E5}
2011-11-30 03:23:22 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{88929D6A-F988-435E-AEC4-95C4BF20BCF8}
2011-11-29 03:15:06 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{9537CA2C-CC2C-4568-87EB-FD9037777E1C}
2011-11-29 03:14:41 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{2A482A9E-E02B-4722-AC9C-161DE9E8F9B4}
2011-11-27 19:13:30 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{8D4FA863-A190-43DB-A2FC-FF7A20A9CDED}
2011-11-27 19:13:01 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{4DE08900-629D-465B-B3E2-ADFA64702C8C}
2011-11-27 07:08:59 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{CA19A8E0-B9E3-4AD1-B6E6-9BE3E2EEF330}
2011-11-27 07:08:39 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{F6FF9A37-B6DA-4970-96B7-0A143B661F8F}
2011-11-26 19:08:15 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{A247F917-3F32-4377-A153-609272CB4D2B}
2011-11-26 19:07:51 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{754050CA-7302-4F11-AEAB-16664BDAF801}
2011-11-26 06:48:42 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{7C56F13B-B06D-493E-AD3F-59724B4A53E4}
2011-11-26 06:48:20 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{61B4595E-5A7D-4684-B846-F21351C29D04}
2011-11-25 18:47:57 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{58A3E745-5876-4F2D-89A3-16786BD35859}
2011-11-25 18:47:34 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{79203E10-5A0B-4030-A87D-3E8DDD995AD0}
2011-11-25 06:42:41 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{2EFA35A1-310B-4520-AC1F-DCC80076D51E}
2011-11-25 06:42:21 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{106C99B2-8991-4D46-95B8-BD9F1B06F43D}
2011-11-24 18:41:58 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{80BCB7EF-639F-46EF-81AF-4C9D74FD9A6C}
2011-11-24 18:41:34 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{A1A8E3DC-2628-4516-A9A0-ED49B5322BEF}
2011-11-24 02:22:51 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{A94402C5-0F58-431D-A475-86209A8BA5CA}
2011-11-24 02:22:30 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{6DC907AA-5A80-4A02-A229-FB19CCE3D4CB}
2011-11-24 02:15:46 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{6C19D700-D9AA-4554-B2DE-62969797429B}
2011-11-23 04:53:55 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{2A1DBE2A-D0A7-4B68-82E7-4D917735E5F0}
2011-11-23 04:53:33 -------- d-----w- C:\Users\Takkheanhlao\AppData\Local\{5888D07F-34F1-474E-9D5B-F860381A686A}
.
==================== Find3M ====================
.
2011-11-19 17:07:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 20:58:26.99 ===============

 

[chanlao]

DDS cont.

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/9/2011 6:54:26 PM
System Uptime: 12/21/2011 4:11:29 PM (4 hours ago)
.
Motherboard: MSI | | 890FXA-GD70 (MS-7640)
Processor: AMD Phenom(tm) II X6 1090T Processor | CPU1 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 20.515 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 1863 GiB total, 1662.951 GiB free.
F: is FIXED (NTFS) - 373 GiB total, 270.164 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP124: 12/20/2011 1:59:49 PM - Windows Update
RP125: 12/21/2011 12:50:24 PM - Windows Live Essentials
RP126: 12/21/2011 12:51:00 PM - WLSetup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Amazon Games & Software Downloader
Apple Application Support
Apple Software Update
Bing Bar
Brink
Compatibility Pack for the 2007 Office system
ControlCenter
Crysis® 2
CyberLink Blu-ray Disc Suite
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD 9
CyberLink PowerProducer
D-Link DWA-130 Wireless N USB Adapter
D3DX10
DragonNest
EA Installer
EA Shared Game Component: Activation
Fallout 3 - Game of the Year Edition
Fallout: New Vegas
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Guild Wars
JMicron JMB36X Driver
Junk Mail filter update
KeyScrambler
Lara Croft and the Guardian of Light
League of Legends
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.2.1300
Mass Effect 2
Mesh Runtime
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 5.0.1 (x86 en-US)
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexon Game Manager
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Origin
Pando Media Booster
QuickTime
Rakion International
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Scabbar Mod ver 1.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Steam
Team Fortress 2
The Elder Scrolls V: Skyrim
The Last Remnant
The Witcher 2
The Witcher Enhanced Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
12/21/2011 12:50:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user Takkheanhlao-PC\Takkheanhlao SID (S-1-5-21-2444808997-28809257-1119365156-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/21/2011 11:19:13 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a004 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Signature version: 1.117.1455.0;1.117.1455.0 Engine version: 1.1.7903.0
12/20/2011 9:53:46 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MAC00224139D33D that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D989369E-61F2-4F66-B003-99FCC7934291}. The master browser is stopping or an election is being forced.
12/19/2011 9:21:26 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NEW-HOST that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D989369E-61F2-4F66-B003-99FCC7934291}. The master browser is stopping or an election is being forced.
12/17/2011 8:50:50 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80508001 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signature version: 1.117.1272.0;1.117.1272.0 Engine version: 1.1.7903.0
12/17/2011 10:48:28 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a004 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Signature version: 1.117.1189.0;1.117.1189.0 Engine version: 1.1.7903.0
12/16/2011 12:41:22 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer NEW-HOST-5 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D989369E-61F2-4F66-B003-99FCC7934291}. The master browser is stopping or an election is being forced.
12/15/2011 11:18:04 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

 

[chanlao]

I would also like to add that I had installed SuperAntiSpyware before I had received any reply to this thread. Thanks again.

 

[Broni]

I don't see much there so far....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[chanlao]

aswMBR log:

aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 21:20:03
-----------------------------
21:20:03.729 OS Version: Windows x64 6.1.7601 Service Pack 1
21:20:03.729 Number of processors: 6 586 0xA00
21:20:03.730 ComputerName: TAKKHEANHLAO-PC UserName: Takkheanhlao
21:20:04.076 Initialize success
21:20:52.934 AVAST engine defs: 11122102
21:22:24.177 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:22:24.179 Disk 0 Vendor: Hitachi_HDS723020BLA642 MN6OA5C0 Size: 1907729MB BusType: 3
21:22:24.180 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-3
21:22:24.182 Disk 1 Vendor: ST3400620AS 3.AAE Size: 381554MB BusType: 3
21:22:24.184 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
21:22:24.186 Disk 2 Vendor: Corsair_Performance3_SSD 1.1 Size: 61057MB BusType: 3
21:22:24.188 Disk 2 MBR read successfully
21:22:24.190 Disk 2 MBR scan
21:22:24.195 Disk 2 Windows 7 default MBR code
21:22:24.197 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:22:24.218 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
21:22:24.238 Service scanning
21:22:24.597 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:22:25.562 Modules scanning
21:22:25.574 Disk 2 trace - called modules:
21:22:25.590 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:22:25.601 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8007266060]
21:22:25.606 3 CLASSPNP.SYS[fffff8800199343f] -> nt!IofCallDriver -> [0xfffffa8006d38520]
21:22:25.610 5 ACPI.sys[fffff88000ee57a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006d3a060]
21:22:25.878 AVAST engine scan C:\Windows
21:22:27.527 AVAST engine scan C:\Windows\system32
21:23:46.541 AVAST engine scan C:\Windows\system32\drivers
21:23:51.689 AVAST engine scan C:\Users\Takkheanhlao
21:25:15.300 AVAST engine scan C:\ProgramData
21:25:21.746 Scan finished successfully
21:30:40.046 Disk 2 MBR has been saved successfully to "C:\Users\Takkheanhlao\Desktop\mbam\MBR.dat"
21:30:40.099 The log file has been saved successfully to "C:\Users\Takkheanhlao\Desktop\mbam\aswMBR.txt"
21:32:16.488 Disk 2 MBR has been saved successfully to "C:\Users\Takkheanhlao\Desktop\MBR.dat"
21:32:16.491 The log file has been saved successfully to "C:\Users\Takkheanhlao\Desktop\aswMBR.txt"


ComboFix.txt

ComboFix 11-12-21.02 - Takkheanhlao 12/21/2011 21:38:32.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6263 [GMT -8:00]
Running from: c:\users\Takkheanhlao\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-22 05:00 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DD4CFEA-4E0D-4EAA-94E5-AC773F9D690D}\mpengine.dll
2011-12-22 00:30 . 2011-12-22 00:30 -------- d-----w- c:\users\Takkheanhlao\AppData\Roaming\SUPERAntiSpyware.com
2011-12-22 00:29 . 2011-12-22 00:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-22 00:10 . 2011-12-22 00:10 -------- d-----w- c:\users\Takkheanhlao\AppData\Roaming\QFX Software
2011-12-22 00:10 . 2011-12-22 00:10 -------- d-----w- c:\programdata\QFX Software
2011-12-22 00:09 . 2011-12-15 00:46 222904 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-12-21 23:12 . 2011-12-21 23:12 -------- d-----w- c:\users\Takkheanhlao\AppData\Roaming\Malwarebytes
2011-12-21 23:12 . 2011-12-21 23:12 -------- d-----w- c:\programdata\Malwarebytes
2011-12-21 23:12 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-19 21:25 . 2011-12-19 21:25 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-12-16 04:22 . 2011-12-16 04:22 -------- d-----w- c:\users\Takkheanhlao\AppData\Roaming\NVIDIA
2011-12-16 04:21 . 2011-12-16 04:21 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-12-16 04:21 . 2011-12-16 04:21 -------- d-----w- c:\program files (x86)\EA Games
2011-12-16 04:21 . 2011-12-16 04:21 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2011-12-16 04:16 . 2011-12-16 04:19 -------- d-----w- c:\programdata\Origin
2011-12-16 04:05 . 2011-12-16 04:05 -------- d-----w- c:\users\Takkheanhlao\AppData\Local\EA Core
2011-12-15 19:28 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-12-15 19:28 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-12-15 19:28 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-12-15 19:28 . 2008-07-12 16:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-12-15 19:28 . 2008-07-12 16:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-12-15 19:28 . 2008-07-12 16:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-12-15 16:56 . 2011-12-15 17:05 -------- d-----w- c:\users\Takkheanhlao\AppData\Roaming\Origin
2011-12-14 04:02 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 04:02 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 04:02 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 04:02 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 04:02 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 04:02 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-12 00:24 . 2011-12-12 00:24 -------- d-----w- c:\program files (x86)\MSECache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 11:40 . 2011-06-13 14:31 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-19 17:07 . 2011-06-10 04:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-22 20:42 . 2011-10-22 20:43 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA8C433F-8866-402C-A56F-FA14EA49D1B1}\gapaengine.dll
2011-09-29 16:29 . 2011-11-11 17:15 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-25 19:12 . 2011-09-25 19:12 0 ---ha-w- c:\users\Takkheanhlao\AppData\Local\BITCA32.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\steam.exe" [2011-08-02 1242448]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-17 3077528]
"SUPERAntiSpyware"="e:\program files (x86)\SUPERAnti\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"InstantBurn"="e:\instan~1\Win2K\IBurn.exe" [2010-04-20 697640]
"CLMLServer"="e:\power2go\CLMLSvc.exe" [2009-11-02 103720]
"RemoteControl9"="e:\powerdvd9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]
"UpdatePPShortCut"="e:\powerproducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePSTShortCut"="e:\blu-ray disc suite\MUITransfer\MUIStartMenu.exe" [2010-05-29 222504]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AmazonGSDownloaderTray"="e:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="e:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - e:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Wireless Connection Manager.lnk - E:\wirelesscm.exe [2011-6-12 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_54205E7F;CyberLink Product - 2011/06/10 07:07;e:\powerdvd9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;e:\controlcenter\NTIOLib_X64.sys [2009-10-06 14136]
R3 rak;rak;e:\game\SoftnyxGame\RakionIS\Bin\rakion64.sys [2011-10-01 45176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [x]
S1 SASDIFSV;SASDIFSV;e:\program files (x86)\SUPERAnti\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;e:\program files (x86)\SUPERAnti\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;e:\program files (x86)\SUPERAnti\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Amazon Download Agent;Amazon Download Agent;e:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-21 378984]
S2 WlanWpsSvc;WlanWpsSvc;E:\WlanWpsSvc.exe [2008-06-27 167936]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
*Deregistered* - CLKMDRV10_54205E7F
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 20:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-10 04:34]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-10 04:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
FF - ProfilePath - c:\users\Takkheanhlao\AppData\Roaming\Mozilla\Firefox\Profiles\82ajmokf.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-The Witcher - Scabbard Mod_is1 - e:\program files (x86)\The Witcher Enhanced Edition\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2444808997-28809257-1119365156-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2444808997-28809257-1119365156-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2011-12-21 21:49:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-22 05:49
.
Pre-Run: 21,916,180,480 bytes free
Post-Run: 22,757,150,720 bytes free
.
- - End Of File - - B1A44916EFB44FDE2D96380D4D2C3993

 

[Broni]

I see nothing malicious.

I suggest you create new topic in Windows forum.

 

[chanlao]

I forgot to add that in fact it does not matter whether I am signed in or not; earlier it said I was signed in from 3 places, the unfamiliar being "HOME-PC". In my status there was a link that was most certainly spam/virus related: "happy holidays!! http://t.co/ZTEngu7"

 

[chanlao]

Alright, I'll do that. Thanks!