Spencer Rippee
Posts: 16 +0
Hello,
Seem to be infected as of a couple hours ago and keep getting a pop up from Eset.
Malwarebytes log:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.03.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Spencer Rippee :: AVA-346250 [administrator]
Protection: Enabled
8/3/2012 3:38:40 PM
mbam-log-2012-08-03 (15-38-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233052
Time elapsed: 10 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 1
C:\Users\Spencer Rippee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
Files Detected: 5
C:\Users\Spencer Rippee\Desktop\SWGowns.exe (Backdoor.MSIL.PGen) -> Quarantined and deleted successfully.
C:\Users\Spencer Rippee\Local Settings\Temporary Internet Files\Content.IE5\LKX6GGFA\contacts[1].exe (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Users\Spencer Rippee\Local Settings\Temporary Internet Files\Content.IE5\OUWSRH70\about[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Spencer Rippee\Templates\Temp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Spencer Rippee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
(end)
GMER Log:
No Modifications
DDS Logs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1
Run by Spencer Rippee at 16:33:16 on 2012-08-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8182.6324 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
\\.\globalroot\systemroot\Installer\{f6396c8b-7cd8-c891-fcfb-5563e06568a6}\U
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.xfinity.com/?cid=insDate11012011
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Spencer Rippee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{238A328E-1A62-4163-8C74-F1EAF72F435F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F6D6E103-96F6-4C2C-B78D-5BF96C1D8E74} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Spencer Rippee\AppData\Roaming\Mozilla\Firefox\Profiles\85ctce9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://mmajunkie.com/
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Spencer Rippee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Spencer Rippee\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-7-9 913792]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-11 735960]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-3 655944]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-1-29 517632]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-14 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rzjoystk;Razer VJoystick;C:\Windows\system32\DRIVERS\rzjoystk.sys --> C:\Windows\system32\DRIVERS\rzjoystk.sys [?]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-21 136176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-5 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-21 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-6 113120]
S3 P1764;Sound Blaster Audigy;C:\Windows\system32\drivers\P1764.sys --> C:\Windows\system32\drivers\P1764.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-7-9 14544]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-15 1431888]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-08-03 22:37:56 -------- d-----w- C:\Users\Spencer Rippee\AppData\Roaming\Malwarebytes
2012-08-03 22:37:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-03 22:37:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-03 22:37:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-03 22:02:15 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-03 21:56:33 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-08-03 20:47:40 -------- d-----w- C:\ProgramData\7531CC8B00F12AADCDCCCA79F875F002
2012-08-03 15:35:22 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C241D998-8EBE-44F5-8004-C2EAA8334534}\mpengine.dll
2012-08-02 10:03:01 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-02 01:23:26 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-08-02 01:23:26 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-08-02 01:23:26 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-08-02 01:23:25 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-08-02 01:23:25 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-08-02 01:23:25 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-08-01 20:08:31 -------- d-----w- C:\ProgramData\Curse Client
2012-08-01 02:22:34 -------- d-----w- C:\ProgramData\EA Logs
2012-07-20 02:30:51 -------- d-----w- C:\Users\Spencer Rippee\AppData\Roaming\six-updater
2012-07-20 02:30:50 -------- d-----w- C:\Users\Spencer Rippee\AppData\Roaming\six-zsync
2012-07-20 02:30:20 -------- d-----w- C:\Program Files (x86)\SIX Projects
2012-07-20 02:23:06 -------- d-----w- C:\Users\Spencer Rippee\AppData\Local\ArmA 2 OA
2012-07-20 02:20:42 -------- d-----w- C:\Users\Spencer Rippee\AppData\Local\ArmA 2
2012-07-18 23:27:38 -------- d-----w- C:\ProgramData\Age of Empires 3
2012-07-17 03:32:49 -------- d-----w- C:\Users\Spencer Rippee\.thumbnails
2012-07-17 02:52:15 -------- d-----w- C:\Users\Spencer Rippee\AppData\Local\fontconfig
2012-07-17 02:52:14 -------- d-----w- C:\Users\Spencer Rippee\AppData\Local\gegl-0.2
2012-07-17 02:52:14 -------- d-----w- C:\Users\Spencer Rippee\.gimp-2.8
2012-07-17 02:50:42 -------- d-----w- C:\Program Files\GIMP 2
2012-07-17 00:35:29 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-07-15 19:06:02 -------- d-----w- C:\Users\Spencer Rippee\AppData\Roaming\Trine2
2012-07-15 18:31:53 -------- d-----w- C:\Users\Spencer Rippee\AppData\Local\Ubisoft Game Launcher
2012-07-09 23:31:29 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-09 23:31:29 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-09 23:30:21 24448 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-07-09 23:21:04 -------- d-----w- C:\ProgramData\IObit
2012-07-09 23:20:57 -------- d-----w- C:\Users\Spencer Rippee\AppData\Roaming\IObit
2012-07-09 23:20:52 -------- d-----w- C:\Program Files (x86)\IObit
.
==================== Find3M ====================
.
2012-08-03 05:18:27 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-03 05:18:27 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-03 05:18:12 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-08-01 02:37:02 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 16:33:57.49 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/27/2010 9:55:55 AM
System Uptime: 8/3/2012 3:58:11 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7P55D EVO
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | LGA1156 | 2667/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 460 GiB total, 70.974 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: epfwwfpr
Device ID: ROOT\LEGACY_EPFWWFPR\0000
Manufacturer:
Name: epfwwfpr
PNP Device ID: ROOT\LEGACY_EPFWWFPR\0000
Service: epfwwfpr
.
==== System Restore Points ===================
.
RP446: 8/2/2012 3:00:11 AM - Windows Update
RP447: 8/3/2012 1:26:54 PM - Removed Autodesk Material Library 2012.
RP448: 8/3/2012 1:36:21 PM - Removed GameFly
RP449: 8/3/2012 1:39:25 PM - Removed Comcast Desktop Software (v1.2.1)
RP450: 8/3/2012 1:39:57 PM - Removed Poker Wingman
RP451: 8/3/2012 1:40:48 PM - Removed Splashtop Streamer
RP452: 8/3/2012 1:41:25 PM - Removed Draft Analyzer 2010
RP453: 8/3/2012 1:41:48 PM - Removed Autodesk Material Library Base Resolution Image Library 2012.
RP454: 8/3/2012 1:45:49 PM - Removed Google Earth.
RP455: 8/3/2012 2:02:58 PM - Restore Operation
.
==== Installed Programs ======================
.
Acrobat.com
Acronis True Image OEM
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.6
Advanced SystemCare 5
Age of Empires® III: Complete Collection
Amazon Unbox Video
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
Autodesk Content Service
Bastion
Battlefield 3™
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
Borderlands
Cisco Connect
Counter-Strike: Source
Creative Audio Control Panel
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Curse Client
Day of Defeat: Source
Deus Ex: Human Revolution
Diablo III
Dragon Age II
Elder Scrolls V: Skyrim Prima Guide
ESET Online Scanner v3
ESN Sonar
ESPN Version 2.0.7.23
FARO LS 1.1.406.58
From Dust
Game Booster 3
Google Chrome
Google SketchUp 8
Google Update Helper
Half-Life
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 7 Update 4
JavaFX 2.1.0
Launchpad Enhanced
Left 4 Dead 2
LIMBO
MacroGoblin version 2.8.4.2
Malwarebytes Anti-Malware version 1.62.0.1300
Mass Effect 2
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
MLB 2K12
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mumble 1.2.3
Natural Selection 2
Need for Speed: Hot Pursuit
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.3
Origin
Pando Media Booster
Pandora
PunkBuster Services
QuickTime
Razer Naga
Razer Nostromo
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sid Meier's Civilization V
Six Updater
Sound Blaster Audigy
Star Wars: The Old Republic
StarCraft II
Steam
Super Meat Boy
swMSM
System Requirements Lab
Team Fortress 2
The Binding of Isaac
Trine 2
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
World of Warcraft
World of Warcraft Beta
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
8/3/2012 2:38:17 PM, Error: Service Control Manager [7009] -
.
==== End Of File ===========================
Seem to be infected as of a couple hours ago and keep getting a pop up from Eset.
- Malwarebytes Anti-Malware log
- GMER log
- DDS logs: both DDS.txt and Attach.txt
Malwarebytes log:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.03.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Spencer Rippee :: AVA-346250 [administrator]
Protection: Enabled
8/3/2012 3:38:40 PM
mbam-log-2012-08-03 (15-38-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233052
Time elapsed: 10 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 1
C:\Users\Spencer Rippee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
Files Detected: 5
C:\Users\Spencer Rippee\Desktop\SWGowns.exe (Backdoor.MSIL.PGen) -> Quarantined and deleted successfully.
C:\Users\Spencer Rippee\Local Settings\Temporary Internet Files\Content.IE5\LKX6GGFA\contacts[1].exe (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Users\Spencer Rippee\Local Settings\Temporary Internet Files\Content.IE5\OUWSRH70\about[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Spencer Rippee\Templates\Temp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Spencer Rippee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
(end)
GMER Log:
No Modifications
DDS Logs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1
Run by Spencer Rippee at 16:33:16 on 2012-08-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8182.6324 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
\\.\globalroot\systemroot\Installer\{f6396c8b-7cd8-c891-fcfb-5563e06568a6}\U
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.xfinity.com/?cid=insDate11012011
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Spencer Rippee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{238A328E-1A62-4163-8C74-F1EAF72F435F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F6D6E103-96F6-4C2C-B78D-5BF96C1D8E74} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Spencer Rippee\AppData\Roaming\Mozilla\Firefox\Profiles\85ctce9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://mmajunkie.com/
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Spencer Rippee\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Spencer Rippee\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-7-9 913792]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-11 735960]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-3 655944]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-1-29 517632]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-14 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rzjoystk;Razer VJoystick;C:\Windows\system32\DRIVERS\rzjoystk.sys --> C:\Windows\system32\DRIVERS\rzjoystk.sys [?]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-21 136176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-5 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-21 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-6 113120]
S3 P1764;Sound Blaster Audigy;C:\Windows\system32\drivers\P1764.sys --> C:\Windows\system32\drivers\P1764.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-7-9 14544]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-15 1431888]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-08-03 22:37:56 -------- d-----w- C:\Users\Spencer Rippee\AppData\Roaming\Malwarebytes
2012-08-03 22:37:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-03 22:37:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-03 22:37:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-03 22:02:15 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-03 21:56:33 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-08-03 20:47:40 -------- d-----w- C:\ProgramData\7531CC8B00F12AADCDCCCA79F875F002
2012-08-03 15:35:22 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C241D998-8EBE-44F5-8004-C2EAA8334534}\mpengine.dll
2012-08-02 10:03:01 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-02 01:23:26 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-08-02 01:23:26 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-08-02 01:23:26 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-08-02 01:23:25 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-08-02 01:23:25 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-08-02 01:23:25 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-08-01 20:08:31 -------- d-----w- C:\ProgramData\Curse Client
2012-08-01 02:22:34 -------- d-----w- C:\ProgramData\EA Logs
2012-07-20 02:30:51 -------- d-----w- C:\Users\Spencer Rippee\AppData\Roaming\six-updater
2012-07-20 02:30:50 -------- d-----w- C:\Users\Spencer Rippee\AppData\Roaming\six-zsync
2012-07-20 02:30:20 -------- d-----w- C:\Program Files (x86)\SIX Projects
2012-07-20 02:23:06 -------- d-----w- C:\Users\Spencer Rippee\AppData\Local\ArmA 2 OA
2012-07-20 02:20:42 -------- d-----w- C:\Users\Spencer Rippee\AppData\Local\ArmA 2
2012-07-18 23:27:38 -------- d-----w- C:\ProgramData\Age of Empires 3
2012-07-17 03:32:49 -------- d-----w- C:\Users\Spencer Rippee\.thumbnails
2012-07-17 02:52:15 -------- d-----w- C:\Users\Spencer Rippee\AppData\Local\fontconfig
2012-07-17 02:52:14 -------- d-----w- C:\Users\Spencer Rippee\AppData\Local\gegl-0.2
2012-07-17 02:52:14 -------- d-----w- C:\Users\Spencer Rippee\.gimp-2.8
2012-07-17 02:50:42 -------- d-----w- C:\Program Files\GIMP 2
2012-07-17 00:35:29 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-07-15 19:06:02 -------- d-----w- C:\Users\Spencer Rippee\AppData\Roaming\Trine2
2012-07-15 18:31:53 -------- d-----w- C:\Users\Spencer Rippee\AppData\Local\Ubisoft Game Launcher
2012-07-09 23:31:29 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-09 23:31:29 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-09 23:30:21 24448 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-07-09 23:21:04 -------- d-----w- C:\ProgramData\IObit
2012-07-09 23:20:57 -------- d-----w- C:\Users\Spencer Rippee\AppData\Roaming\IObit
2012-07-09 23:20:52 -------- d-----w- C:\Program Files (x86)\IObit
.
==================== Find3M ====================
.
2012-08-03 05:18:27 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-03 05:18:27 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-03 05:18:12 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-08-01 02:37:02 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 16:33:57.49 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/27/2010 9:55:55 AM
System Uptime: 8/3/2012 3:58:11 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7P55D EVO
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | LGA1156 | 2667/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 460 GiB total, 70.974 GiB free.
D: is CDROM (UDF)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: epfwwfpr
Device ID: ROOT\LEGACY_EPFWWFPR\0000
Manufacturer:
Name: epfwwfpr
PNP Device ID: ROOT\LEGACY_EPFWWFPR\0000
Service: epfwwfpr
.
==== System Restore Points ===================
.
RP446: 8/2/2012 3:00:11 AM - Windows Update
RP447: 8/3/2012 1:26:54 PM - Removed Autodesk Material Library 2012.
RP448: 8/3/2012 1:36:21 PM - Removed GameFly
RP449: 8/3/2012 1:39:25 PM - Removed Comcast Desktop Software (v1.2.1)
RP450: 8/3/2012 1:39:57 PM - Removed Poker Wingman
RP451: 8/3/2012 1:40:48 PM - Removed Splashtop Streamer
RP452: 8/3/2012 1:41:25 PM - Removed Draft Analyzer 2010
RP453: 8/3/2012 1:41:48 PM - Removed Autodesk Material Library Base Resolution Image Library 2012.
RP454: 8/3/2012 1:45:49 PM - Removed Google Earth.
RP455: 8/3/2012 2:02:58 PM - Restore Operation
.
==== Installed Programs ======================
.
Acrobat.com
Acronis True Image OEM
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.6
Advanced SystemCare 5
Age of Empires® III: Complete Collection
Amazon Unbox Video
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
Autodesk Content Service
Bastion
Battlefield 3™
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
Borderlands
Cisco Connect
Counter-Strike: Source
Creative Audio Control Panel
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Curse Client
Day of Defeat: Source
Deus Ex: Human Revolution
Diablo III
Dragon Age II
Elder Scrolls V: Skyrim Prima Guide
ESET Online Scanner v3
ESN Sonar
ESPN Version 2.0.7.23
FARO LS 1.1.406.58
From Dust
Game Booster 3
Google Chrome
Google SketchUp 8
Google Update Helper
Half-Life
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 7 Update 4
JavaFX 2.1.0
Launchpad Enhanced
Left 4 Dead 2
LIMBO
MacroGoblin version 2.8.4.2
Malwarebytes Anti-Malware version 1.62.0.1300
Mass Effect 2
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
MLB 2K12
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mumble 1.2.3
Natural Selection 2
Need for Speed: Hot Pursuit
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.3
Origin
Pando Media Booster
Pandora
PunkBuster Services
QuickTime
Razer Naga
Razer Nostromo
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sid Meier's Civilization V
Six Updater
Sound Blaster Audigy
Star Wars: The Old Republic
StarCraft II
Steam
Super Meat Boy
swMSM
System Requirements Lab
Team Fortress 2
The Binding of Isaac
Trine 2
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
World of Warcraft
World of Warcraft Beta
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
8/3/2012 2:38:17 PM, Error: Service Control Manager [7009] -
.
==== End Of File ===========================