Thanks for the help Gringo!
First up, Security Check -
Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled!
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1
Java 7 Update 7
Java version out of Date! Adobe Flash Player 11.3.300.265
Flash Player out of Date! Mozilla Firefox (16.0.1)
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%
````````````````````End of Log`````````````````````` Now, the DDS logs.
dds.txt
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Razz at 23:44:13 on 2012-10-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3558.1615 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Razz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\Razz\AppData\Local\Akamai\netsession_win.exe
C:\Users\Razz\AppData\Local\Akamai\netsession_win.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ComicRack\ComicRack.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Windows\system32\svchost.exe --HiddenServiceDir "C:\Users\Razz\AppData\Roaming\tor\hidden_service" --HiddenServicePort "55080 127.0.0.1:55080"
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe (null)
C:\Windows\system32\svchost.exe ext "C:\Users\Razz\AppData\Roaming\Yfki\ywty.exe"
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Spotify Web Helper] "C:\Users\Razz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Google Update] "C:\Users\Razz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Razz\AppData\Local\Akamai\netsession_win.exe"
uRun: [{9336C397-5CBF-5CE4-D9F7-BFBB95A88110}] C:\Users\Razz\AppData\Roaming\Yfki\ywty.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{5B284EF4-03CD-4E46-A1ED-C28EB609E65C} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{8C4B8EDF-262F-47D3-9A66-0099E1C401C8} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{8C4B8EDF-262F-47D3-9A66-0099E1C401C8}\14E64627F69646455647865627 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{8C4B8EDF-262F-47D3-9A66-0099E1C401C8}\4556E676F694E6475627E65647E223330363 : DHCPNameServer = 10.23.6.1
TCP: Interfaces\{8C4B8EDF-262F-47D3-9A66-0099E1C401C8}\4556E676F694E6475627E65647E223431353 : DHCPNameServer = 10.24.15.1
TCP: Interfaces\{8C4B8EDF-262F-47D3-9A66-0099E1C401C8}\6596277696E6D4F62696C65602D4966496232303030214739302355636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8C4B8EDF-262F-47D3-9A66-0099E1C401C8}\74C41644F435 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8C4B8EDF-262F-47D3-9A66-0099E1C401C8}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CF925227-409A-486E-A644-E2252D9B9551} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mStart Page = hxxp://acer.msn.com
x64-mDefault_Page_URL = hxxp://acer.msn.com
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Razz\AppData\Roaming\Mozilla\Firefox\Profiles\wrlql4dj.default\
FF - plugin: C:\Users\Razz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Razz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-5-14 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-5-14 40064]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-24 283200]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2012-5-14 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2012-5-14 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2012-5-14 62776]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-14 204288]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-5-14 352336]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-5-14 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-11-2 255376]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-5 5739008]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-5-14 10207232]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-5-14 317952]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 114704]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-4-12 51240]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-13 85544]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-4 31232]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-5-14 53376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-9-10 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-23 257224]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-22 115168]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2009-4-7 25600]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\System32\drivers\nwusbser2.sys [2009-2-23 213376]
S3 StMp3Recx64;Player Recovery Device Control Driver;C:\Windows\System32\drivers\StMp3Recx64.sys [2007-1-12 26112]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-4 738152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-23 06:42:59 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67A9A93C-8CF4-487E-BD3B-DB8AB96B9DEC}\mpengine.dll
2012-10-22 23:19:09 388096 ----a-r- C:\Users\Razz\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-22 23:19:08 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-10-22 12:17:02 -------- d-----w- C:\Users\Razz\AppData\Roaming\cYo
2012-10-22 12:17:02 -------- d-----w- C:\Users\Razz\AppData\Local\cYo
2012-10-22 12:14:08 -------- d-----w- C:\Program Files\ComicRack
2012-10-22 07:57:27 -------- d-----w- C:\Users\Razz\AppData\Roaming\Yfki
2012-10-22 07:57:27 -------- d-----w- C:\Users\Razz\AppData\Roaming\Raav
2012-10-22 07:57:24 -------- d-----w- C:\Users\Razz\AppData\Roaming\tor
2012-10-22 06:00:50 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-21 09:07:15 -------- d-----w- C:\Users\Razz\AppData\Local\SKIDROW
2012-10-21 09:05:01 -------- d-----w- C:\Program Files (x86)\NAMCO BANDAI Games
2012-10-19 21:50:09 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4256662-D822-48D6-814F-07A4C76F04FE}\gapaengine.dll
2012-10-19 17:47:11 -------- d-----w- C:\Users\Razz\AppData\Roaming\Ubisoft
2012-10-19 09:12:51 -------- d-----w- C:\Users\Razz\AppData\Local\Newshosting
2012-10-19 09:12:50 -------- d-----w- C:\Users\Razz\AppData\Local\CrashRpt
2012-10-19 09:12:45 -------- d-----w- C:\ProgramData\Caphyon
2012-10-19 09:04:25 -------- d-----w- C:\Users\Razz\AppData\Roaming\Newshosting
2012-10-17 09:26:24 -------- d-----w- C:\Program Files (x86)\The Walking Dead
2012-10-13 05:29:22 -------- d-----w- C:\Users\Razz\AppData\Local\FFsplit
2012-10-13 05:26:09 -------- d-----w- C:\Program Files (x86)\FFsplit
2012-10-13 05:20:30 -------- d-----w- C:\Users\Razz\AppData\Local\SplitMediaLabs
2012-10-13 05:18:10 -------- d-----w- C:\ProgramData\SplitMediaLabs
2012-10-13 05:18:10 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2012-10-13 05:17:09 -------- d-----w- C:\Users\Razz\AppData\Roaming\SplitMediaLabs
2012-10-13 03:22:13 -------- d-----w- C:\ProgramData\RELOADED
2012-10-13 02:53:01 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2012-10-11 19:08:07 -------- d-----w- C:\Users\Razz\AppData\Local\sabnzbd
2012-10-11 19:04:58 -------- d-----w- C:\Program Files (x86)\SABnzbd
2012-10-11 03:50:36 -------- d-----w- C:\Program Files (x86)\StarCraft
2012-10-10 07:18:39 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 07:18:39 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 07:18:39 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 07:18:38 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 07:18:38 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 07:18:38 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 07:18:26 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-06 07:19:29 -------- d-----w- C:\ProgramData\.mono
2012-10-06 07:19:25 -------- d-----w- C:\Users\Razz\AppData\Roaming\.mono
2012-10-06 07:17:31 -------- d-----w- C:\Users\Razz\AppData\Roaming\Pokémon Trading Card Game Online
2012-10-06 02:43:56 -------- d-----w- C:\Users\Razz\AppData\Roaming\Rovio
2012-10-06 02:42:31 -------- d-----w- C:\Program Files (x86)\Rovio
2012-10-02 10:12:26 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-28 09:54:15 -------- d-----w- C:\Users\Razz\AppData\Roaming\Mimo
2012-09-27 04:34:39 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-26 02:18:27 -------- d-----w- C:\Users\Razz\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-09-26 02:18:19 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-09-25 20:17:17 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-24 23:57:59 -------- d-----w- C:\Users\Razz\AppData\Local\{BC40CE9E-F6BF-4EF9-A302-EE507A12B382}
2012-09-24 23:57:59 -------- d-----w- C:\Users\Razz\AppData\Local\{30D22333-912B-4403-9832-DDDAE205962B}
.
==================== Find3M ====================
.
2012-10-07 05:22:11 16 ----a-w- C:\Users\Razz\AppData\Roaming\msregsvv.dll
2012-09-27 04:34:28 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-27 04:34:28 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-21 21:03:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 21:03:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-08 10:22:19 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-23 03:58:44 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-08-23 03:56:40 47616 ----a-w- C:\Windows\SysWow64\ff_acm.acm
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-25 22:51:44 42440 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-07-25 22:51:44 28104 ----a-w- C:\Windows\System32\xfcodec64.dll
.
============= FINISH: 23:44:42.67 ===============
And
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/23/2012 8:30:19 PM
System Uptime: 10/22/2012 8:45:14 PM (3 hours ago)
.
Motherboard: Acer | | Aspire 5560
Processor: AMD A6-3420M APU with Radeon HD Graphics | Socket FS1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 190.481 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP85: 10/22/2012 4:18:42 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Agatha Christie - Death on the Nile
Akamai NetSession Interface
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Amnesia - The Dark Descent
AmpliTube 3 version 3.8.0
Apple Application Support
Apple Software Update
ASIO4ALL
Assassin's Creed
Assassin's Creed II
Backup Manager V3
Bad Piggies
Bejeweled 2 Deluxe
Broadcom Card Reader Driver Installer
Broadcom Gigabit NetLink Controller
Build-a-lot 4 - Power Source
Castle Crashers
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
Chuzzle Deluxe
clear.fi
clear.fi Client
ComicRack v0.9.156
Cradle of Rome 2
D3DX10
DAEMON Tools Lite
DarksidersInstaller
Digsby
Dishonored
Dolby Advanced Audio v2
Dora's World Adventure
Dual-Core Optimizer
DVD Flick 1.3.0.7
Evernote v. 4.5.1
FATE: The Cursed King
ffdshow v1.2.4486 [2012-08-25]
FFsplit version Alpha
Final Drive: Nitro
FL Studio 10
Galerie de photos Windows Live
Google Chrome
Google Talk Plugin
Governor of Poker 2 Premium Edition
Guitar Pro 5.2
Guitar Pro 6
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
HiJackThis
I Am Alive
Identity Card
IK Multimedia Authorization Manager version 1.0.5
IL Download Manager
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Jewel Match 3
Junk Mail filter update
Launch Manager
League of Legends
Lexicon Alpha Driver
Media Go
Media Go Video Playback Engine 1.92.162.06140
Media Manager for WALKMAN 1.2
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobile Broadband Generic Drivers
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
Mystery of Mortlake Mansion
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Native Instruments Controller Editor
Native Instruments Guitar Rig 5
Native Instruments Service Center
newsXpresso
NOOK for PC
NTI Media Maker 9
Pando Media Booster
Penguins!
Plants vs. Zombies - Game of the Year
Pokémon Trading Card Game Online
Polar Bowler
Polar Golfer
QuickTime
Rayman Origins
Realtek High Definition Audio Driver
REAPER (x64)
Resident Evil: Operation Raccoon City
Ridge Racer Unbounded
RocketDock 1.3.5
SABnzbd 0.7.4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Shredder
Skype™ 5.11
Spotify
StarCraft
StarCraft II
Steam
Super Meat Boy
Super Street Fighter IV: Arcade Edition
Synaptics Pointing Device Driver
System Requirements Lab CYRI
Team Fortress 2
The Binding of Isaac
The KMPlayer (remove only)
The Walking Dead © 3 version 1
Torchlight
Tunngle beta
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Vegas Pro 11.0
Virtual Villagers 5 - New Believers
VLC media player 2.0.3
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xfire (remove only)
XSplit
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
10/22/2012 3:50:52 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/22/2012 1:56:57 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: containerfile:_C:\Users\Razz\Downloads\htd-re4.iso;file:_C:\Users\Razz\AppData\Roaming\Microsoft\Windows\Recent\htd-re4.iso.lnk;file:_C:\Users\Razz\Downloads\htd-re4.iso->install.exe->(WExtract)->1.exe;file:_C:\Users\Razz\Downloads\htd-re4.iso->launcher.exe->(WExtract)->1.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: HomosaurusRex\Razz Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x800700df Error description: The file size exceeds the limit allowed and cannot be saved. Signature Version: AV: 1.139.293.0, AS: 1.139.293.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
10/20/2012 8:53:17 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.2 with the system having network hardware address 00-0A-E4-40-85-6D. Network operations on this system may be disrupted as a result.
10/15/2012 11:02:26 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.2 with the system having network hardware address D8-6B-F7-C3-84-FC. Network operations on this system may be disrupted as a result.
.
==== End Of File ===========================
Just a quick note -
That "worm" alert from MSE was a false positive from something else I was installing off a disc copy I hade made the day prior. And the conflicting network address is from my router resetting while me and other users were connected. My IPA that was assigned to my computer was given to someone else before my computer requested a new one.