Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

Please help me with my problem - little white box top left

This is a discussion on Please help me with my problem - little white box top left within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I dont know whether this is a virus of some sort but when I start up my windows, there is


Reply
 
Thread Tools Search this Thread
Old 04-12-2012, 11:41 AM   #1
Registered Member
 
Join Date: Apr 2012
Posts: 13
OS: Windows 7 Home Premium



I dont know whether this is a virus of some sort but when I start up my windows, there is a tiny white box in the top left corner of the screen (see picture attached) . it stays there and whenever I try go on internet it keeps popping up in front so I have to click the screen again to make it go behind. however it keeps popping up every few seconds and is very annoying. I've tried scanning with malewarebytes however it does not fix the issue. It seems like a little window. Any help please? Thanks :)

I have made a log with DDS


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Zee at 19:24:20 on 2012-04-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8105.5364 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Zee\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\GuidedWays\QuranReciter\QuranReciter.exe
C:\Program Files (x86)\jre\bin\javaw.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\usermgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hide My IP 2009\HideMyIpSrv.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\wuauclt.exe
C:\Users\Zee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\wuauclt.exe
C:\windows\system32\msiexec.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Zee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\vssvc.exe
C:\windows\SoftwareDistribution\Download\Install\NDP40-KB2656368-x64.exe
c:\be595c47dfb34c73d65990fbd5c0fe\Setup.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\windows\system32\conhost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://nmd.msn.com
mStart Page = hxxp://nmd.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Zee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Facebook Update] "C:\Users\Zee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [TaskTray]
mRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
StartupFolder: C:\Users\Zee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Zee\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Zee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Zee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\QIR'AT~1.LNK - C:\Program Files (x86)\GuidedWays\QuranReciter\QuranReciter.exe
StartupFolder: C:\Users\Zee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\usermgr.lnk - C:\Windows\SysWOW64\usermgr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Zee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Zee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\windows\system32\HMIPCore.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{02F408B0-35BA-46D8-A183-9445000212FD} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [TaskTray]
mRun-x64: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun-x64: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
Hosts: 0.0.0.0 localhost
Hosts: 0.0.0.0 localhost
Hosts: 0.0.0.0 localhost
.
============= SERVICES / DRIVERS ===============
.
R0 ioatdma;Intel(R) QuickData Technology device;C:\windows\system32\Drivers\ioatdma.sys --> C:\windows\system32\Drivers\ioatdma.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-24 652360]
R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-2-11 124832]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 HideMyIpSRV;HideMyIpSRV;C:\Program Files (x86)\Hide My IP 2009\HideMyIpSrv.exe [2011-8-6 2396464]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\windows\system32\DRIVERS\lvrs64.sys --> C:\windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam C160(UVC);C:\windows\system32\DRIVERS\lvuvc64.sys --> C:\windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\windows\system32\drivers\MBfilt64.sys --> C:\windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\windows\system32\Drivers\ssadadb.sys --> C:\windows\system32\Drivers\ssadadb.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 ioatdma1;ioatdma1;C:\windows\system32\Drivers\qd162x64.sys --> C:\windows\system32\Drivers\qd162x64.sys [?]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\windows\system32\Drivers\qd262x64.sys --> C:\windows\system32\Drivers\qd262x64.sys [?]
S3 lvpopf64;Logitech POP Suppression Filter;C:\windows\system32\DRIVERS\lvpopf64.sys --> C:\windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\windows\system32\DRIVERS\LVPr2M64.sys --> C:\windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\drivers\nusb3hub.sys --> C:\windows\system32\drivers\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\drivers\nusb3xhc.sys --> C:\windows\system32\drivers\nusb3xhc.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\system32\DRIVERS\ssadbus.sys --> C:\windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\system32\DRIVERS\ssadmdfl.sys --> C:\windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\system32\DRIVERS\ssadmdm.sys --> C:\windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\system32\DRIVERS\ssadserd.sys --> C:\windows\system32\DRIVERS\ssadserd.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-12 18:21:37 -------- d-----w- C:\be595c47dfb34c73d65990fbd5c0fe
2012-04-12 18:20:27 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FFCAA4B-A6C4-4818-8875-E362D82079E7}\mpengine.dll
2012-04-12 12:01:25 -------- d-----w- C:\Program Files\CCleaner
2012-04-12 11:59:45 -------- d-----w- C:\Users\Zee\AppData\Roaming\PCPro
2012-04-12 11:59:45 -------- d-----w- C:\Users\Zee\AppData\Roaming\PC Cleaners
2012-04-12 11:59:36 5276432 ----a-w- C:\windows\uninst.exe
2012-04-12 11:59:36 -------- d-----w- C:\ProgramData\PC1Data
2012-04-12 10:45:22 -------- d-----w- C:\Users\Zee\AppData\Local\{8B27769A-4B7A-4589-98A7-B3A22E95F615}
2012-04-11 17:39:06 -------- d-----w- C:\Users\Zee\AppData\Local\{B50DEDE0-D492-4505-BF2E-BAFFD0FD58E5}
2012-04-10 12:59:21 -------- d-----w- C:\Users\Zee\AppData\Local\{162C95ED-8122-4414-AC50-3B89B9B540D3}
2012-04-08 23:56:58 -------- d-----w- C:\Users\Zee\AppData\Local\{1443FB5C-E155-4CF5-AC8C-213819E09C65}
2012-04-08 11:56:34 -------- d-----w- C:\Users\Zee\AppData\Local\{8715B4E3-8606-47E6-9B5B-DCF402443B51}
2012-04-07 11:54:10 -------- d-----w- C:\Users\Zee\AppData\Local\{474B1FE8-F1F7-40CF-8E81-C49F816A2B65}
2012-04-06 15:35:15 -------- d-----w- C:\Users\Zee\AppData\Local\{B1CF0650-71A8-4955-A118-2C55C2383B9A}
2012-04-05 11:52:50 -------- d-----w- C:\Users\Zee\AppData\Roaming\GetRightToGo
2012-04-05 11:33:48 -------- d-----w- C:\Users\Zee\AppData\Local\{4A6FA4AB-5760-42AE-B8ED-3892C520C4A2}
2012-04-04 23:33:24 -------- d-----w- C:\Users\Zee\AppData\Local\{791D134B-8E4B-4AD9-98ED-3B2307A83E91}
2012-04-04 11:33:12 -------- d-----w- C:\Users\Zee\AppData\Local\{C134F935-43FF-41F4-B061-F511A4A6FE2D}
2012-04-03 17:12:11 -------- d-----w- C:\Users\Zee\AppData\Local\{34E82B28-A19F-4261-BA72-011E454C8B60}
2012-04-02 10:43:36 -------- d-----w- C:\Users\Zee\AppData\Local\{50AC736E-C6C1-46AC-A15D-1F2EA765DD35}
2012-04-01 09:23:20 -------- d-----w- C:\Users\Zee\AppData\Local\{21C632A3-B859-4313-ADE8-F0F445F9E97F}
2012-03-31 11:53:08 -------- d-----w- C:\Users\Zee\AppData\Local\{4D786196-DAA0-41F4-B076-8171F4C18687}
2012-03-30 16:41:47 -------- d-----w- C:\Users\Zee\AppData\Local\{23DA1909-FA47-4925-9262-3A5C67CA6D01}
2012-03-29 15:36:36 -------- d-----w- C:\Users\Zee\AppData\Local\{417E8F3D-786B-4654-9ACA-D7A9777F03F2}
2012-03-28 17:04:12 -------- d-----w- C:\Users\Zee\AppData\Local\{05B33F33-74A9-4D14-B977-FBB6962850CB}
2012-03-28 17:03:54 -------- d-----w- C:\Users\Zee\AppData\Local\{0A869C7E-8596-405F-AA78-F8BEA1A77829}
2012-03-27 15:40:00 -------- d-----w- C:\Users\Zee\AppData\Local\{F87C5FE5-A32B-4464-B028-DFE39797406A}
2012-03-27 15:39:45 -------- d-----w- C:\Users\Zee\AppData\Local\{8D9692E1-DA2A-4FB4-9442-7B4667817341}
2012-03-26 16:49:49 -------- d-----w- C:\Users\Zee\AppData\Local\Research In Motion
2012-03-26 16:49:27 44032 ----a-w- C:\windows\System32\drivers\RimSerial_AMD64.sys
2012-03-26 16:49:14 -------- d-----w- C:\ProgramData\Research In Motion
2012-03-26 16:48:57 -------- d-----w- C:\Program Files (x86)\Research In Motion
2012-03-26 16:38:25 -------- d-----w- C:\Users\Zee\AppData\Roaming\Research In Motion
2012-03-26 16:37:33 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2012-03-26 15:09:25 -------- d-----w- C:\Users\Zee\AppData\Local\{63C3EA01-4DA3-4ED0-AD43-383D28C319CE}
2012-03-26 15:09:05 -------- d-----w- C:\Users\Zee\AppData\Local\{91EE3CDB-55CE-40DA-95BD-ACD840043A1C}
2012-03-25 23:08:32 -------- d-----w- C:\Users\Zee\AppData\Local\{C7C1768F-48B3-42A5-8E64-EEFF943A2AFD}
2012-03-25 23:08:22 -------- d-----w- C:\Users\Zee\AppData\Local\{A61A8742-7435-4D54-8205-C03F48C4B37B}
2012-03-25 11:07:40 -------- d-----w- C:\Users\Zee\AppData\Local\{CF238C91-23D8-4E41-8C07-37FE15384066}
2012-03-25 11:07:24 -------- d-----w- C:\Users\Zee\AppData\Local\{10CB0961-C8AE-4403-8D41-44C1FC15DE6A}
2012-03-24 18:56:13 -------- d-----w- C:\Users\Zee\AppData\Local\{19FE25C8-6178-44FB-ADCB-B81AFD582A9E}
2012-03-24 18:56:02 -------- d-----w- C:\Users\Zee\AppData\Local\{D326E897-2AF2-40FE-932E-7002E092AE04}
2012-03-24 11:42:21 -------- d-----w- C:\Program Files (x86)\Conduit
2012-03-24 11:42:19 -------- d-----w- C:\Users\Zee\AppData\Local\Conduit
2012-03-24 11:42:19 -------- d-----w- C:\Program Files (x86)\uTorrentControl2
2012-03-24 11:42:14 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-03-24 11:41:53 -------- d-----w- C:\Users\Zee\AppData\Roaming\uTorrent
2012-03-24 06:55:33 -------- d-----w- C:\Users\Zee\AppData\Local\{9A0942D7-86CC-41DA-8D01-94EEF2FB0CB9}
2012-03-24 06:55:21 -------- d-----w- C:\Users\Zee\AppData\Local\{73D85CE1-A09A-4D83-AAF9-2DE4C040F8E7}
2012-03-23 15:40:34 -------- d-----w- C:\Users\Zee\AppData\Local\{9C187973-5656-494A-908A-2F2144521DBD}
2012-03-23 15:40:01 -------- d-----w- C:\Users\Zee\AppData\Local\{2A833546-31B9-4AB4-AF2F-169061C30971}
2012-03-22 15:45:23 -------- d-----w- C:\Users\Zee\AppData\Local\{FFC4FEAC-BB75-4438-94E3-FE978D654238}
2012-03-22 15:45:05 -------- d-----w- C:\Users\Zee\AppData\Local\{D76950E9-0278-403C-AA70-556EA39FF60C}
2012-03-21 15:51:43 -------- d-----w- C:\Users\Zee\AppData\Local\{BB13799E-A8A1-4A19-93F8-216043134534}
2012-03-21 15:51:22 -------- d-----w- C:\Users\Zee\AppData\Local\{62993B8B-3984-4CBB-B717-6473D1983566}
2012-03-20 16:47:39 -------- d-----w- C:\Users\Zee\AppData\Local\{A89EB7AC-BCE0-4D33-B8EF-898316CC2F35}
2012-03-20 16:47:28 -------- d-----w- C:\Users\Zee\AppData\Local\{D1CB2A16-A04E-4EB2-9A40-E4D99B94639C}
2012-03-19 16:12:55 -------- d-----w- C:\Users\Zee\AppData\Local\{FD861FFC-0167-4918-B9C3-6DC2235CCEA1}
2012-03-19 16:12:42 -------- d-----w- C:\Users\Zee\AppData\Local\{670C4CD2-1623-40FD-8260-AC6F397FC733}
2012-03-18 20:35:43 -------- d-----w- C:\Users\Zee\AppData\Local\{D4513346-8073-4C16-A818-C0492AFB0B8E}
2012-03-18 20:35:32 -------- d-----w- C:\Users\Zee\AppData\Local\{DD35D0E7-36F2-423E-9A13-1EEAB14CF739}
2012-03-18 08:35:02 -------- d-----w- C:\Users\Zee\AppData\Local\{BE95202B-BCC4-4DDB-8E84-C74ADD4DBAFA}
2012-03-18 08:34:45 -------- d-----w- C:\Users\Zee\AppData\Local\{9618D3A2-6EE6-43C0-8868-033B4DB56967}
2012-03-17 12:25:07 -------- d-----w- C:\Users\Zee\AppData\Local\{5C24BBE3-2D41-4C26-B087-658200713E64}
2012-03-17 12:24:52 -------- d-----w- C:\Users\Zee\AppData\Local\{77486D2F-02AA-4C1E-8747-C010B169A2B4}
2012-03-16 15:52:11 -------- d-----w- C:\Users\Zee\AppData\Local\{4CA9FDC1-4F3D-469A-B29B-68BDEAE9E3E9}
2012-03-16 15:51:55 -------- d-----w- C:\Users\Zee\AppData\Local\{23DADA16-0D68-40A0-BE03-52B18570A4C0}
2012-03-15 15:46:46 -------- d-----w- C:\Users\Zee\AppData\Local\{B607200E-C3C1-45E6-8993-46287983D297}
2012-03-15 15:46:35 -------- d-----w- C:\Users\Zee\AppData\Local\{73DD836B-2882-4A4E-B327-88FB181CA5B5}
2012-03-14 18:58:48 -------- d-----w- C:\Program Files\iPod
2012-03-14 18:58:47 -------- d-----w- C:\Program Files\iTunes
2012-03-14 17:02:43 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-14 17:02:43 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 17:02:42 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-14 16:56:29 -------- d-----w- C:\Users\Zee\AppData\Local\{50A07865-5972-4396-93DA-EC17FB02AE3A}
2012-03-14 16:56:09 -------- d-----w- C:\Users\Zee\AppData\Local\{8020022F-AC91-4E16-BB01-53AFDE6BED95}
.
==================== Find3M ====================
.
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-15 11:01:50 52736 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2012-02-15 11:01:50 4547944 ----a-w- C:\windows\System32\usbaaplrc.dll
2012-02-14 17:55:04 276248 ----a-w- C:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 17:55:02 5886232 ----a-w- C:\windows\System32\GfxUI.exe
2012-02-14 17:55:02 511768 ----a-w- C:\windows\System32\igfxsrvc.exe
2012-02-14 17:55:02 440600 ----a-w- C:\windows\System32\SETFF1A.tmp
2012-02-14 17:55:02 398616 ----a-w- C:\windows\System32\SETFD53.tmp
2012-02-14 17:55:02 250136 ----a-w- C:\windows\System32\igfxext.exe
2012-02-14 17:55:02 184600 ----a-w- C:\windows\System32\difx64.exe
2012-02-14 17:55:02 170264 ----a-w- C:\windows\System32\SETFCC6.tmp
2012-02-14 17:53:26 90112 ----a-w- C:\windows\System32\igfxCoIn_v2653.dll
2012-02-14 17:47:40 8086528 ----a-w- C:\windows\System32\igdumd64.dll
2012-02-14 17:47:38 14692224 ----a-w- C:\windows\System32\drivers\igdkmd64.sys
2012-02-14 17:47:06 963912 ----a-w- C:\windows\SysWow64\igkrng600.bin
2012-02-14 17:47:06 963912 ----a-w- C:\windows\System32\igkrng600.bin
2012-02-14 17:47:06 79360 ----a-w- C:\windows\System32\igdde64.dll
2012-02-14 17:47:06 261208 ----a-w- C:\windows\SysWow64\igfcg600m.bin
2012-02-14 17:47:06 261208 ----a-w- C:\windows\System32\igfcg600m.bin
2012-02-14 17:44:54 6120960 ----a-w- C:\windows\SysWow64\igdumd32.dll
2012-02-14 17:44:24 58880 ----a-w- C:\windows\SysWow64\igdde32.dll
2012-02-14 17:42:58 9605632 ----a-w- C:\windows\System32\igd10umd64.dll
2012-02-14 17:35:26 7794688 ----a-w- C:\windows\SysWow64\igd10umd32.dll
2012-02-14 17:07:18 18125312 ----a-w- C:\windows\System32\ig4icd64.dll
2012-02-14 16:59:56 13209600 ----a-w- C:\windows\SysWow64\ig4icd32.dll
2012-02-14 16:56:42 110592 ----a-w- C:\windows\System32\hccutils.dll
2012-02-14 16:56:34 9216 ----a-w- C:\windows\System32\IGFXDEVLib.dll
2012-02-14 16:56:34 430080 ----a-w- C:\windows\System32\igfxdev.dll
2012-02-14 16:56:34 172032 ----a-w- C:\windows\System32\gfxSrvc.dll
2012-02-14 16:56:06 286208 ----a-w- C:\windows\System32\SET447.tmp
2012-02-14 16:56:04 142336 ----a-w- C:\windows\System32\igfxdo.dll
2012-02-14 16:56:02 9007616 ----a-w- C:\windows\System32\igfxress.dll
2012-02-14 16:55:06 25088 ----a-w- C:\windows\SysWow64\igfxexps32.dll
2012-02-14 16:54:36 321024 ----a-w- C:\windows\SysWow64\igfxdv32.dll
2012-02-14 16:53:08 524800 ----a-w- C:\windows\System32\iglhsip64.dll
2012-02-14 16:53:08 519680 ----a-w- C:\windows\SysWow64\iglhsip32.dll
2012-02-14 16:53:08 2967040 ----a-w- C:\windows\System32\igfxcmjit64.dll
2012-02-14 16:53:08 237056 ----a-w- C:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 16:53:08 2321408 ----a-w- C:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 16:53:08 213504 ----a-w- C:\windows\System32\iglhcp64.dll
2012-02-14 16:53:08 193024 ----a-w- C:\windows\System32\igfxcmrt64.dll
2012-02-14 16:53:08 177152 ----a-w- C:\windows\SysWow64\iglhcp32.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2011-08-13 00:43:51 18525555 ----a-w- C:\Program Files\Driver Genius Professional Edition v10.0.0.761.exe
2011-05-21 14:15:03 819984776 ----a-w- C:\Program Files (x86)\U_SFInstaller.exe
.
============= FINISH: 19:25:30.28 ===============
Attached Thumbnails
Click image for larger version

Name:	screenshot.png
Views:	72
Size:	1.05 MB
ID:	107974  

__________________
waistdeep is offline   Reply With Quote
Old 04-15-2012, 02:32 PM   #2
Registered Member
 
Join Date: Apr 2012
Posts: 13
OS: Windows 7 Home Premium



BUMP, please

__________________
waistdeep is offline   Reply With Quote
Old 04-15-2012, 03:16 PM   #3
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,358
OS: WinXP Home, Vista, Windows 7 64bit



Hi waistdeep,

When the box pops in front, does it get any bigger? Can you make out any writing in the borders at all?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 04-16-2012, 09:57 AM   #4
Registered Member
 
Join Date: Apr 2012
Posts: 13
OS: Windows 7 Home Premium



hey :) ok so now when i start up my computer this comes up (see new picture attached) wen i press "OK" the box disappears and everything is normal. But i still want to sort it out because it happens every start up and is quite annoying lol and thanks for the reply :)
Attached Thumbnails
Click image for larger version

Name:	Untitled.png
Views:	47
Size:	1.39 MB
ID:	108167  
__________________
waistdeep is offline   Reply With Quote
Old 04-16-2012, 05:46 PM   #5
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,358
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

How is the machine behaving? Any improvement?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 04-17-2012, 09:35 AM   #6
Registered Member
 
Join Date: Apr 2012
Posts: 13
OS: Windows 7 Home Premium



ok so i followed you instructions carefully and disabled any antivirus programs, closed all windows, and it went through the whole process, but when it restarted, i could not open any program at all, and it said "Illegal operation attempted on a registry key that has been marked for deletion" :S the white box did not appear in the top left however could not open anything up at all. i attached the log anyway...
Attached Files
File Type: txt ComboFix.txt (34.4 KB, 7 views)
__________________
waistdeep is offline   Reply With Quote
Old 04-17-2012, 12:37 PM   #7
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,358
OS: WinXP Home, Vista, Windows 7 64bit



All you need to do is reboot the machine and everything will be back to normal.

How is the machine after running ComboFix? Do you still see that little white box? Are you still getting the error on start up? Tell me what's happening.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 04-17-2012, 12:40 PM   #8
Registered Member
 
Join Date: Apr 2012
Posts: 13
OS: Windows 7 Home Premium



hey, nope im not getting any error message and the little box has gone, everything seemed normal until i tried to open a program, no program opened so i got scared and did a system restore lol i'll try again now, should be finished in 15 mins i'll reply on this then :)
__________________
waistdeep is offline   Reply With Quote
Old 04-17-2012, 12:54 PM   #9
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,358
OS: WinXP Home, Vista, Windows 7 64bit



Okay - since you did a System Restore, run ComboFix.exe again and post fresh log. :)
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 04-17-2012, 01:03 PM   #10
Registered Member
 
Join Date: Apr 2012
Posts: 13
OS: Windows 7 Home Premium



hello, i did combofix agen, and it went thru it all, waited for log to get created blahblahblah, then i restarted computer, and now the box haz come agen and same errorz on startup :/
__________________
waistdeep is offline   Reply With Quote
Old 04-17-2012, 01:04 PM   #11
Registered Member
 
Join Date: Apr 2012
Posts: 13
OS: Windows 7 Home Premium



forgot the log

ComboFix 12-04-16.04 - Zee 17/04/2012 20:44:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8105.6270 [GMT 1:00]
Running from: c:\users\Zee\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Your Product\lua5.1.dll
c:\users\Zee\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\vid_conv2.dll
c:\windows\SysWow64\vid_core2.dll
c:\windows\SysWow64\vid_format2.dll
c:\windows\SysWow64\vid_multi2.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 16:48 . 2012-04-17 16:48 -------- d-----w- c:\windows\system32\Macromed
2012-04-17 16:48 . 2012-04-17 16:48 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-17 15:57 . 2012-04-17 16:48 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-17 15:57 . 2012-04-17 16:48 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-16 18:19 . 2012-04-16 18:19 614400 ----a-w- c:\windows\AutoKMS.exe
2012-04-16 16:55 . 2012-03-13 19:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AC165FB-FE19-4FF7-87CB-DC551BE270A1}\mpengine.dll
2012-04-14 12:16 . 2012-04-14 12:16 39192 ----a-w- c:\windows\system32\Partizan.exe
2012-04-14 00:16 . 2012-04-14 00:16 2 --shatr- c:\windows\winstart.bat
2012-04-14 00:15 . 2012-04-16 16:43 -------- d-----w- c:\program files (x86)\UnHackMe
2012-04-13 23:52 . 2012-04-13 23:57 1644 ----a-w- c:\windows\system32\ASOROSet.bin
2012-04-13 23:45 . 2012-04-17 16:28 -------- d-----w- c:\users\Zee\AppData\Roaming\USBSafelyRemove
2012-04-13 23:44 . 2012-04-13 23:44 -------- d-----w- c:\programdata\USBSRService
2012-04-13 23:44 . 2012-04-13 23:45 -------- d-----w- c:\program files (x86)\USB Safely Remove
2012-04-13 23:41 . 2012-04-13 23:41 -------- d-----w- c:\users\Zee\AppData\Roaming\Systweak
2012-04-13 23:41 . 2011-12-21 11:37 18816 ----a-w- c:\windows\system32\roboot64.exe
2012-04-13 23:41 . 2012-04-13 23:42 -------- d-----w- c:\program files (x86)\RegClean Pro
2012-04-13 23:39 . 2010-02-25 16:51 29696 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-04-13 23:39 . 2012-04-13 23:40 -------- d-----w- c:\program files\CyberGhost VPN
2012-04-13 12:06 . 2012-04-13 12:06 -------- d-----w- c:\windows\en
2012-04-13 12:03 . 2012-03-08 17:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-13 12:00 . 2012-04-13 12:00 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\12bd4ef21cd196d02\MeshBetaRemover.exe
2012-04-13 12:00 . 2012-04-13 12:00 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\126edfac1cd196d01\DSETUP.dll
2012-04-13 12:00 . 2012-04-13 12:00 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\126edfac1cd196d01\DXSETUP.exe
2012-04-13 12:00 . 2012-04-13 12:00 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\126edfac1cd196d01\dsetup32.dll
2012-04-12 18:19 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 18:19 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 18:19 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 18:16 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 18:16 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 18:16 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 18:16 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 18:16 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 18:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 18:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 12:01 . 2012-04-12 12:01 -------- d-----w- c:\program files\CCleaner
2012-04-12 11:59 . 2012-04-12 12:00 -------- d-----w- c:\users\Zee\AppData\Roaming\PCPro
2012-04-12 11:59 . 2012-04-12 11:59 -------- d-----w- c:\users\Zee\AppData\Roaming\PC Cleaners
2012-04-12 11:59 . 2012-04-12 11:59 -------- d-----w- c:\programdata\PC1Data
2012-04-12 11:59 . 2012-04-12 11:57 5276432 ----a-w- c:\windows\uninst.exe
2012-04-05 11:52 . 2012-04-05 14:05 -------- d-----w- c:\users\Zee\AppData\Roaming\GetRightToGo
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-26 16:49 . 2012-03-26 16:49 -------- d-----w- c:\users\Zee\AppData\Local\Research In Motion
2012-03-26 16:49 . 2011-07-20 13:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-03-26 16:49 . 2012-03-26 16:49 -------- d-----w- c:\programdata\Research In Motion
2012-03-26 16:48 . 2012-03-26 16:48 -------- d-----w- c:\program files (x86)\Research In Motion
2012-03-26 16:38 . 2012-03-26 16:50 -------- d-----w- c:\users\Zee\AppData\Roaming\Research In Motion
2012-03-26 16:37 . 2012-03-26 16:48 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2012-03-24 11:42 . 2012-03-24 11:42 -------- d-----w- c:\program files (x86)\Conduit
2012-03-24 11:42 . 2012-03-24 11:42 -------- d-----w- c:\users\Zee\AppData\Local\Conduit
2012-03-24 11:42 . 2012-03-24 11:42 -------- d-----w- c:\program files (x86)\uTorrent
2012-03-24 11:41 . 2012-04-16 23:43 -------- d-----w- c:\users\Zee\AppData\Roaming\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 13:13 . 2011-05-21 12:54 884491184 ----a-w- c:\program files (x86)\U_SFInstaller.exe
2012-03-13 19:27 . 2011-05-20 20:10 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-17 06:38 . 2012-03-13 17:26 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 17:26 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 17:26 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 17:26 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-14 17:55 . 2012-02-14 17:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 17:55 . 2012-02-14 17:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-14 17:55 . 2012-02-14 17:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-14 17:55 . 2012-02-14 17:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-14 17:55 . 2012-02-14 17:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-14 17:55 . 2012-02-14 17:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-14 17:55 . 2012-02-14 17:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-14 17:55 . 2012-02-14 17:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-14 17:53 . 2012-02-14 17:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 17:47 . 2012-02-14 17:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-14 17:47 . 2012-02-14 17:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 17:47 . 2012-02-14 17:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-14 17:47 . 2012-02-14 17:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-14 17:47 . 2012-02-14 17:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-14 17:44 . 2011-03-26 00:12 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-14 17:44 . 2012-02-14 17:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-14 17:42 . 2011-03-26 00:05 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-14 17:35 . 2012-02-14 17:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-14 17:07 . 2012-02-14 17:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 16:59 . 2012-02-14 16:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 16:57 . 2012-02-14 16:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-14 16:57 . 2012-02-14 16:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-14 16:57 . 2012-02-14 16:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-14 16:57 . 2012-02-14 16:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-14 16:57 . 2012-02-14 16:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-14 16:57 . 2012-02-14 16:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-14 16:57 . 2012-02-14 16:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-14 16:57 . 2012-02-14 16:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-14 16:57 . 2012-02-14 16:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-14 16:57 . 2012-02-14 16:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-14 16:57 . 2012-02-14 16:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-14 16:57 . 2012-02-14 16:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-14 16:57 . 2011-03-03 12:50 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-14 16:57 . 2012-02-14 16:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-14 16:57 . 2012-02-14 16:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-14 16:57 . 2011-03-03 12:51 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 16:56 . 2011-03-03 12:50 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 16:56 . 2012-02-14 16:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 16:56 . 2012-02-14 16:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 16:56 . 2012-02-14 16:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 16:56 . 2012-02-14 16:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 16:56 . 2012-02-14 16:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 16:56 . 2011-03-03 12:50 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 16:55 . 2012-02-14 16:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-14 16:54 . 2012-02-14 16:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 16:53 . 2012-02-14 16:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 16:53 . 2012-02-14 16:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 16:53 . 2012-02-14 16:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 16:53 . 2012-02-14 16:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 16:53 . 2012-02-14 16:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 16:53 . 2012-02-14 16:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 16:53 . 2012-02-14 16:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 16:53 . 2012-02-14 16:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-10 16:54 . 2012-02-10 16:54 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2479336-3108-4681-8317-45163681AFFC}\gapaengine.dll
2012-02-10 06:36 . 2012-03-13 17:26 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 17:26 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-13 17:26 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 06:38 . 2012-03-13 17:26 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 17:26 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 17:26 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2011-08-13 00:43 . 2011-12-29 16:59 18525555 ----a-w- c:\program files\Driver Genius Professional Edition v10.0.0.761 + Crack [ChattChitto RG].exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Zee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Zee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Zee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-07-26 958352]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-07-26 3507088]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-07-26 20880]
"Facebook Update"="c:\users\Zee\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-11 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2011-09-09 247016]
"MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-22 124832]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
.
c:\users\Zee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Zee\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
usermgr.lnk - c:\windows\SysWOW64\usermgr.exe [2012-1-22 131072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2011-12-06 2430128]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP 2009\HideMyIpSrv.exe [2009-11-28 2396464]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Zee\AppData\Local\Temp\005AE.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-01-22 124832]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files (x86)\USB Safely Remove\USBSRService.exe [2012-01-31 1107288]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 16:48]
.
2012-04-17 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-04-16 18:19]
.
2012-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-161857729-121410765-3584816984-1000Core.job
- c:\users\Zee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 19:02]
.
2012-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-161857729-121410765-3584816984-1000UA.job
- c:\users\Zee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 19:02]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-161857729-121410765-3584816984-1000Core.job
- c:\users\Zee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 17:56]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-161857729-121410765-3584816984-1000UA.job
- c:\users\Zee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 17:56]
.
2012-04-15 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-04-13 11:36]
.
2012-04-13 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-04-13 11:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Zee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Zee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Zee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Zee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://nmd.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Zee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Zee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Zee\AppData\Local\Temp\005AE.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-161857729-121410765-3584816984-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:2b,7b,84,6e,2d,50,c2,33,e5,3f,74,14,a1,eb,5f,c6,93,ef,4a,f9,94,84,c9,
2f,f1,c7,93,a9,65,7c,cc,dc,5d,e5,a4,a1,3b,7c,56,da,d0,e0,2c,02,5c,21,e2,1a,\
"??"=hex:c0,75,28,4d,0f,64,03,fd,7c,e8,5a,8d,49,47,2b,95
.
[HKEY_USERS\S-1-5-21-161857729-121410765-3584816984-1000\Software\SecuROM\License information*]
"datasecu"=hex:d2,b4,ef,d6,82,46,d9,3b,b8,a5,11,3f,88,fd,bc,17,4a,c1,66,a6,d0,
7a,8a,d4,df,f4,ed,4b,5e,d4,7f,ae,15,de,79,57,d4,55,fe,c8,a2,b8,ca,4a,b2,b7,\
"rkeysecu"=hex:7b,1a,f8,df,95,66,86,1a,70,6c,f1,a7,a8,66,57,b3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Completion time: 2012-04-17 20:58:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 19:58
ComboFix2.txt 2012-04-17 16:19
ComboFix3.txt 2012-04-05 13:57
.
Pre-Run: 436,989,931,520 bytes free
Post-Run: 436,461,400,064 bytes free
.
- - End Of File - - 9DB0CE2E9803C872ACC4B54C3171C595
Attached Files
File Type: txt ComboFix.txt (34.5 KB, 4 views)
__________________
waistdeep is offline   Reply With Quote
Old 04-17-2012, 08:01 PM   #12
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,358
OS: WinXP Home, Vista, Windows 7 64bit



Please go to Virus Total
  • Use the Browse button to navigate to the following file
    c:\windows\AutoKMS.exe
    Double click the file so it shows up in the 'Upload a file' section.

  • Click 'Send File'
  • If you see a message 'File has already been analysed'. Click Reanalyse file now.
Post the link to those results in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 04-18-2012, 08:42 AM   #13
Registered Member
 
Join Date: Apr 2012
Posts: 13
OS: Windows 7 Home Premium



https://www.virustotal.com/file/acf6...1c73/analysis/
__________________
waistdeep is offline   Reply With Quote
Old 04-18-2012, 07:21 PM   #14
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,358
OS: WinXP Home, Vista, Windows 7 64bit



Let's get a full online scan done and see what else is lurking about. Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked

  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 04-21-2012, 02:08 PM   #15
Registered Member
 
Join Date: Apr 2012
Posts: 13
OS: Windows 7 Home Premium



C:\Program Files (x86)\EA GAMES\Need for Speed Most Wanted\NFSMW_BE_Plus_1-Error403.exe probably a variant of Win32/HackTool.CheatEngine.AB application
C:\Program Files (x86)\EA GAMES\Need for Speed Underground 2\NFS-CfgInstaller.exe probably a variant of Win32/Agent.BGXEFRB trojan
C:\Users\Zee\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110521192105181.rsc multiple threats
C:\Users\Zee\Desktop\Cracked Softwares Collection\CoolwareMax.Face.Off.Max.v3.4.0.6+KeygenPatch.rar a variant of Win32/HackTool.Patcher.A application
C:\Users\Zee\Desktop\Cracked Softwares Collection\CoolwareMax.WebcamMax.v7.5.9.6+KeygenPatch.rar a variant of Win32/HackTool.Patcher.A application
C:\Users\Zee\Desktop\Cracked Softwares Collection\Power ISO 5incl Keygen.rar a variant of Win32/Keygen.AW application
C:\Users\Zee\Desktop\Cracked Softwares Collection\Spyware Terminator Premium 2012 3.0.0.54+patch.rar a variant of Win32/HackTool.Patcher.T application
C:\Users\Zee\Documents\TDU\tduhack2.exe probably a variant of Win32/Spy.Agent.CJLCYRP trojan
C:\Users\Zee\Documents\TDU\Test Drive Unlimited v1.0 +5 TRAINER.rar a variant of Win32/GameHack.BA application
C:\Users\Zee\Videos\Share\127 Hours[2010]DvDrip[Eng]-FXG\Games\True_Crime_trn.exe probably a variant of Win32/Agent.CSOTSCW trojan
C:\Users\Zee\Videos\Share\127 Hours[2010]DvDrip[Eng]-FXG\Games\NFS UC\Electronic Arts\Need for Speed Undercover\NFSUC-WinXP.exe probably a variant of Win32/TrojanDownloader.Obfuscated.HGJZENH trojan
C:\Windows\AutoKMS.exe Win32/HackKMS application
__________________
waistdeep is offline   Reply With Quote
Old 04-21-2012, 09:57 PM   #16
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,358
OS: WinXP Home, Vista, Windows 7 64bit



I need to see what's installed. Run dds.scr again and please post both logs it produces.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 04-22-2012, 02:07 AM   #17
Registered Member
 
Join Date: Apr 2012
Posts: 13
OS: Windows 7 Home Premium



here we go :)
Attached Files
File Type: txt DDS.txt (34.6 KB, 3 views)
File Type: txt Attach.txt (9.8 KB, 6 views)
__________________
waistdeep is offline   Reply With Quote
Old 04-22-2012, 07:28 AM   #18
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,358
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. You can see by the Eset results that the cracked programs you downloaded, contain infection. (Note that it is also illegal.)

I see PowerISO installed - please uninstall it via Control Panel>Add or Remove Programs.

Next, open notepad and copy/paste the text in the code box below into it:

Quote:
File::
C:\Windows\AutoKMS.exe
C:\Users\Zee\Desktop\Cracked Softwares Collection\Spyware Terminator Premium 2012 3.0.0.54+patch.rar
C:\Users\Zee\Desktop\Cracked Softwares Collection\Power ISO 5incl Keygen.rar
C:\Users\Zee\Desktop\Cracked Softwares Collection\CoolwareMax.WebcamMax.v7.5.9.6+KeygenPatch.rar
C:\Users\Zee\Desktop\Cracked Softwares Collection\CoolwareMax.Face.Off.Max.v3.4.0.6+KeygenPatch.rar
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

How is machine behaving?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 04-22-2012, 11:41 AM   #19
Registered Member
 
Join Date: Apr 2012
Posts: 13
OS: Windows 7 Home Premium



no change at all, *sigh* should just give up ! :(
Attached Files
File Type: txt ComboFix.txt (37.3 KB, 2 views)
__________________
waistdeep is offline   Reply With Quote
Old 04-22-2012, 03:54 PM   #20
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,358
OS: WinXP Home, Vista, Windows 7 64bit



Not just yet. :)

Reboot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account.

Do you still get that error message and still see that little white box?

======================================

Restart and boot into Safe Mode with Networking.

How about now? Those same errors?

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 08:52 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts