kennyf

Ok Will Do. Thanks

Thanks - Everything uninstalled. My searches are working great. No problems at all . Again Thanks.

Results of screen317's Security Check version 0.99.32 Windows 7 x64 (UAC is disabled!) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Adobe Reader X (10.1.2) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe ``````````End of Log````````````

Thanks Alot for your help and putting up with my impatience. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=dc6c3ad59a89ee4ea946c8c501bbdd3a # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-23 12:28:14 # local_time=2012-03-23 07:28:14 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 95128 84044380 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=121621 # found=0 # cleaned=0 # scan_time=4764 Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Adobe Reader X (10.1.2) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe ``````````End of Log````````````

Problem with Redirect seems to be corrected. No problems yet.

Files were submitted and received. ComboFix 12-03-22.01 - Kenny 03/22/2012 10:33:04.6.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2911 [GMT -5:00] Running from: c:\users\Kenny\Desktop\ComboFix.exe Command switches used :: c:\users\Kenny\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWOW64\KBDDCAN.DLL c:\windows\SysWOW64\mffc100enu.dll c:\windows\SysWOW64\reeg.exe c:\windows\SysWOW64\taasklist.exe . . ((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 ))))))))))))))))))))))))))))))) . . 2012-03-22 15:36 . 2012-03-22 15:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-03-22 15:36 . 2012-03-22 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-21 21:07 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A915995-60EE-434B-9FE2-166526F59D79}\mpengine.dll 2012-03-21 20:11 . 2012-03-21 20:11 -------- d-----w- c:\windows\CheckSur 2012-03-21 11:20 . 2012-03-21 13:35 -------- d-----w- c:\programdata\Lavasoft 2012-03-19 19:53 . 2012-03-19 19:53 -------- d-----w- c:\programdata\NVIDIA 2012-03-19 19:53 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-03-19 19:53 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll 2012-03-19 19:53 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll 2012-03-19 19:53 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-03-19 19:53 . 2012-02-29 20:59 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-03-19 19:53 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-03-19 19:52 . 2012-03-19 19:52 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-03-16 22:06 . 2012-03-16 22:07 -------- d-----w- c:\programdata\SecTaskMan 2012-03-16 16:23 . 2012-03-16 16:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-16 16:23 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-16 12:12 . 2012-03-16 12:12 -------- d-----w- c:\windows\SysWow64\3021 2012-03-15 02:39 . 2012-03-19 14:26 -------- d-----w- c:\program files\Oracle 2012-03-15 02:38 . 2012-01-10 18:28 750488 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-15 02:38 . 2012-01-10 18:28 660368 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-15 02:37 . 2012-03-15 02:38 -------- d-----w- c:\program files\Java 2012-03-14 10:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 10:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 10:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 09:32 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 09:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 09:32 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 09:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 09:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 09:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 09:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 09:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 09:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 09:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-12 20:42 . 2012-03-12 20:42 -------- d-----w- c:\users\Kenny\AppData\Roaming\Malwarebytes 2012-03-12 19:44 . 2012-03-12 19:44 -------- d-----w- c:\program files\Enigma Software Group 2012-03-12 19:43 . 2012-03-12 20:11 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP 2012-03-12 12:07 . 2012-03-12 12:07 -------- d-----w- c:\program files (x86)\PC Tools 2012-03-12 12:05 . 2012-03-12 20:24 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-03-12 12:05 . 2012-02-24 15:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-03-12 12:04 . 2012-03-12 12:36 -------- d-----w- c:\programdata\PC Tools 2012-03-12 02:49 . 2012-03-12 02:49 -------- d-----w- c:\windows\Downloaded Installations 2012-03-11 23:07 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-11 22:04 . 2012-03-11 22:04 39184 ----a-w- c:\windows\system32\Partizan.exe 2012-03-11 21:55 . 2012-03-15 02:52 2 --shatr- c:\windows\winstart.bat 2012-03-11 19:33 . 2012-03-11 19:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3688C9F-6EBA-48AD-8376-27B33CC3ACB2}\gapaengine.dll 2012-03-11 19:32 . 2012-03-11 19:32 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-03-11 19:31 . 2012-03-11 19:32 -------- d-----w- c:\program files\Microsoft Security Client 2012-03-11 18:24 . 2012-03-11 18:24 -------- d-----w- c:\program files (x86)\Trend Micro 2012-03-11 04:29 . 2012-03-11 04:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-11 04:09 . 2012-03-11 04:09 -------- d-----w- c:\programdata\Malwarebytes 2012-03-10 01:23 . 2012-03-01 19:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13BE0816-07C1-44AD-8B7A-734327D20984}\mpengine.dll 2012-03-09 14:11 . 2012-03-16 12:12 -------- d-----w- c:\windows\SysWow64\2055 2012-03-09 14:10 . 2012-03-09 14:10 -------- d-----w- c:\windows\SysWow64\2002 2012-03-08 03:37 . 2012-03-08 03:37 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-03-05 03:27 . 2012-03-09 17:34 -------- d-----w- c:\program files (x86)\Games 2012-02-26 17:38 . 2012-01-17 12:45 72512 ----a-w- c:\windows\system32\nvapo64v.dll 2012-02-26 17:38 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-02-26 17:38 . 2012-01-17 12:46 31040 ----a-w- c:\windows\system32\nvhdap64.dll 2012-02-26 17:38 . 2012-01-17 12:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2012-02-26 17:38 . 2012-03-19 19:53 -------- d-----w- c:\program files\NVIDIA Corporation 2012-02-26 17:37 . 2012-03-19 19:53 -------- d-----w- C:\NVIDIA 2012-02-24 12:07 . 1999-11-10 18:05 86016 ----a-w- c:\windows\unvise32qt.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-15 03:36 . 2011-09-19 15:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-23 15:18 . 2011-09-19 16:00 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-03 12:00 . 2012-02-03 12:00 164992 ----a-w- c:\windows\SysWow64\drivers\athsgt.sys 2012-02-03 12:00 . 2012-02-03 12:00 12544 ----a-w- c:\windows\SysWow64\drivers\limsgt.sys 2012-01-04 10:44 . 2012-02-15 11:52 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-04 08:58 . 2012-02-15 11:52 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2011-12-31 23:19 . 2011-10-13 11:23 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2011-12-31 23:19 . 2011-10-13 11:23 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-12-31 23:19 . 2011-10-13 11:23 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2011-12-31 23:19 . 2011-10-13 11:23 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-12-30 06:26 . 2012-02-15 11:52 515584 ----a-w- c:\windows\system32\timedate.cpl 2011-12-30 05:27 . 2012-02-15 11:52 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2011-12-28 03:59 . 2012-02-15 11:52 498688 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((( SnapShot_2012-03-22_00.39.00 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-03-22 00:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-03-22 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-03-22 00:16 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-03-22 00:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-03-22 00:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-03-22 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-09-19 16:05 . 2012-03-22 14:43 43742 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-03-22 14:43 45844 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-09-19 15:51 . 2012-03-22 14:43 12814 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3974904213-1714037821-1548854753-1001_UserData.bin + 2011-09-19 15:24 . 2012-03-22 12:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-09-19 15:24 . 2012-03-21 23:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-09-19 15:24 . 2012-03-22 12:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-09-19 15:24 . 2012-03-21 23:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-03-22 12:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-03-21 23:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-22 15:37 . 2012-03-22 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-22 00:38 . 2012-03-22 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-03-22 15:37 . 2012-03-22 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-03-22 00:38 . 2012-03-22 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-03-22 00:20 662446 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-03-22 14:46 662446 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-03-22 14:46 122242 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-03-22 00:20 122242 c:\windows\system32\perfc009.dat + 2012-03-22 12:26 . 2012-03-22 12:26 318448 c:\windows\system32\FNTCACHE.DAT - 2012-03-22 00:15 . 2012-03-22 00:15 318448 c:\windows\system32\FNTCACHE.DAT - 2009-07-14 05:12 . 2012-03-21 11:26 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2012-03-22 03:56 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:01 . 2012-03-22 15:36 291168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-03-22 00:37 291168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-09-19 17:13 . 2012-03-22 15:36 47443522 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3974904213-1714037821-1548854753-1001-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X] "adaware_XP"="reg.exe delete HKCU\Software\adaware" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.exe [2012-01-21 240408] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 hexmagic;hexmagic;c:\windows\system32\drivers\hexmagic.sys [x] R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.exe [2012-01-21 192792] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x] S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.cbsnews.com/?ocid=MIE8MSNB/ mLocal Page = c:\windows\system32\blank.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-3974904213-1714037821-1548854753-1001) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-3974904213-1714037821-1548854753-1001) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:de,c3,8d,0f,b5,ef,fe,33,23,9c,d6,63,2d,f7,42,f2,bb,d6,3b,49,9a,ed,77, 84,dd,84,45,e8,ac,28,db,3f,96,8f,50,06,e6,d5,85,5a,61,d1,19,7f,24,e6,53,2a,\ "??"=hex:1b,5c,00,6c,19,29,b6,60,a7,81,26,f9,6d,5e,cb,bb . [HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\SecuROM\License information*] "datasecu"=hex:30,d1,14,ac,0d,c6,af,15,6b,19,cf,47,74,9b,89,bf,19,50,34,0c,b4, 69,50,af,26,b1,00,c1,a4,17,00,89,ca,74,00,94,ce,ad,fb,7d,45,05,a0,6c,1f,f4,\ "rkeysecu"=hex:05,34,13,a2,22,06,63,9f,9d,7d,81,00,92,99,7c,60 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\09\05\17\0e\0b\06?" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-03-22 10:41:50 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-22 15:41 ComboFix2.txt 2012-03-22 00:42 ComboFix3.txt 2012-03-17 14:54 . Pre-Run: 243,452,563,456 bytes free Post-Run: 243,409,743,872 bytes free . - - End Of File - - 4EB3F626379BE2C9516A52711E0A786B

. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Kenny at 19:43:38 on 2012-03-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2864 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\SearchIndexer.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\notepad.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.cbsnews.com/?ocid=MIE8MSNB/ BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Groove Folder Synchronization: {0f802439-432b-1c45-7cd3-59de607400c2} - C:\Windows\SysWOW64\KBDDCAN.DLL BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Adobe PDF Link Helper: {2e90012a-40c7-6932-71ff-6eb3583b4beb} - C:\Windows\SysWow64\mffc100enu.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll" TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{037AEAC4-C825-4164-8D9F-487EA929E4E3} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{23186FDD-D6B1-418E-8FCD-806ABA5FA22A} : DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Groove Folder Synchronization: {0F802439-432B-1C45-7CD3-59DE607400C2} - C:\Windows\SysWOW64\KBDDCAN.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Adobe PDF Link Helper: {2E90012A-40C7-6932-71FF-6EB3583B4BEB} - C:\Windows\SysWow64\mffc100enu.dll BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll" TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.EXE [2012-1-21 192792] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-16 652360] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?] R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?] R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.EXE [2012-1-21 240408] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-03-22 00:38:59 -------- d-----w- C:\$RECYCLE.BIN 2012-03-22 00:31:10 98816 ----a-w- C:\Windows\sed.exe 2012-03-22 00:31:10 518144 ----a-w- C:\Windows\SWREG.exe 2012-03-22 00:31:10 256000 ----a-w- C:\Windows\PEV.exe 2012-03-22 00:31:10 208896 ----a-w- C:\Windows\MBR.exe 2012-03-21 21:07:50 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A915995-60EE-434B-9FE2-166526F59D79}\mpengine.dll 2012-03-21 20:52:34 45056 ----a-w- C:\Windows\SysWow64\taasklist.exe 2012-03-21 20:52:16 45056 ----a-w- C:\Windows\SysWow64\reeg.exe 2012-03-21 20:11:11 -------- d-----w- C:\Windows\CheckSur 2012-03-19 20:05:38 -------- d-----w- C:\Users\Kenny\AppData\Roaming\DAEMON Tools Lite 2012-03-19 20:05:36 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2012-03-19 19:53:16 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-03-19 19:53:15 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-03-19 19:53:15 6074176 ----a-w- C:\Windows\System32\nvcpl.dll 2012-03-19 19:53:15 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-03-19 19:53:15 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-03-19 19:53:15 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-03-19 19:52:37 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2012-03-16 22:06:56 -------- d-----w- C:\ProgramData\SecTaskMan 2012-03-16 16:23:56 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-16 16:23:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-16 12:12:10 -------- d-----w- C:\Windows\SysWow64\3021 2012-03-15 02:39:22 -------- d-----w- C:\Program Files\Oracle 2012-03-15 02:38:51 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-03-15 02:38:51 660368 ----a-w- C:\Windows\System32\deployJava1.dll 2012-03-14 10:52:53 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-14 10:52:52 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-14 10:52:52 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-14 09:32:11 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-14 09:32:11 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-14 09:32:11 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-14 09:29:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-14 09:29:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-14 09:29:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-14 09:29:30 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-14 09:29:30 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-14 09:29:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-14 09:29:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-12 20:42:29 -------- d-----w- C:\Users\Kenny\AppData\Roaming\Malwarebytes 2012-03-12 19:44:09 -------- d-----w- C:\Program Files\Enigma Software Group 2012-03-12 19:43:10 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP 2012-03-12 12:07:34 -------- d-----w- C:\Program Files (x86)\PC Tools 2012-03-12 12:05:17 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2012-03-12 12:05:17 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2012-03-12 12:04:57 -------- d-----w- C:\ProgramData\PC Tools 2012-03-12 02:49:59 -------- d-----w- C:\Windows\Downloaded Installations 2012-03-11 23:07:42 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-11 22:04:33 39184 ----a-w- C:\Windows\System32\Partizan.exe 2012-03-11 21:55:36 2 --shatr- C:\Windows\winstart.bat 2012-03-11 19:33:04 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3688C9F-6EBA-48AD-8376-27B33CC3ACB2}\gapaengine.dll 2012-03-11 19:32:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-03-11 19:31:58 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-03-11 18:24:27 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-03-11 04:29:48 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-03-11 04:09:38 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-10 01:23:48 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{13BE0816-07C1-44AD-8B7A-734327D20984}\mpengine.dll 2012-03-09 14:11:03 -------- d-----w- C:\Windows\SysWow64\2055 2012-03-09 14:10:37 -------- d-----w- C:\Windows\SysWow64\2002 2012-03-08 03:52:35 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-03-08 03:37:58 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2012-03-05 03:27:25 -------- d-----w- C:\Program Files (x86)\Games 2012-02-26 17:38:42 72512 ----a-w- C:\Windows\System32\nvapo64v.dll 2012-02-26 17:38:42 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2012-02-26 17:38:41 31040 ----a-w- C:\Windows\System32\nvhdap64.dll 2012-02-26 17:38:41 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2012-02-26 17:38:22 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-02-26 17:37:48 -------- d-----w- C:\NVIDIA 2012-02-24 12:07:10 86016 ----a-w- C:\Windows\unvise32qt.exe . ==================== Find3M ==================== . 2012-03-15 03:36:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-02-03 12:00:14 164992 ----a-w- C:\Windows\SysWow64\drivers\athsgt.sys 2012-02-03 12:00:11 12544 ----a-w- C:\Windows\SysWow64\drivers\limsgt.sys 2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2011-12-31 23:19:13 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2011-12-31 23:19:13 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2011-12-31 23:19:13 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2011-12-31 23:19:13 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl 2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys . ============= FINISH: 19:43:57.72 ===============

Ok SHA256: 13b94170474d864e31e803cb3e7a1e75508d33f665ad8f02a5462258c78f7297 SHA1: 96ca07dd648892a6e3c120776bafda0c741ac018 MD5: 8b53a5bd8af3c7eecc424cf2489cdfd1 File size: 72.0 KB ( 73728 bytes ) File name: C:\Windows\SysWOW64\KBDDCAN.DLL File type: Win32 DLL Detection ratio: 0 / 43 Analysis date: 2012-03-22 00:19:06 UTC ( 1 minute ago ) 0 0 Antivirus Result Update AhnLab-V3 - 20120321 AntiVir - 20120321 Antiy-AVL - 20120321 Avast - 20120320 AVG - 20120321 BitDefender - 20120321 ByteHero - 20120319 CAT-QuickHeal - 20120321 ClamAV - 20120321 Commtouch - 20120321 Comodo - 20120321 DrWeb - 20120321 Emsisoft - 20120321 eSafe - 20120321 eTrust-Vet - 20120321 F-Prot - 20120321 F-Secure - 20120322 Fortinet - 20120321 GData - 20120321 Ikarus - 20120321 Jiangmin - 20120321 K7AntiVirus - 20120321 Kaspersky - 20120322 McAfee - 20120322 McAfee-GW-Edition - 20120321 Microsoft - 20120321 NOD32 - 20120321 Norman - 20120321 nProtect - 20120321 Panda - 20120321 PCTools - 20120319 Prevx - 20120322 Rising - 20120321 Sophos - 20120321 SUPERAntiSpyware - 20120322 Symantec - 20120321 TheHacker - 20120321 TrendMicro - 20120321 TrendMicro-HouseCall - 20120321 VBA32 - 20120321 VIPRE - 20120321 ViRobot - 20120321 VirusBuster - 20120321 · Comments · Additional information No comments More comments Leave your comment... ? Rich Text Area Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! Sign in Join the community An error occurred ssdeep 1536:E+R6LhFN7lqbWj66P6nWq1rIrCoMDuOlAs:ECchX7kSY1MbOlAs TrID Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) ExifTool MIMEType.................: application/octet-stream Subsystem................: Windows GUI MachineType..............: Intel 386 or later, and compatibles TimeStamp................: 2012:01:16 22:13:19+01:00 FileType.................: Win32 DLL PEType...................: PE32 CodeSize.................: 45056 LinkerVersion............: 7.1 EntryPoint...............: 0x4dbe InitializedDataSize......: 45056 SubsystemVersion.........: 4.0 ImageVersion.............: 0.0 OSVersion................: 4.0 UninitializedDataSize....: 0 Portable Executable structural information PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 43494 45056 6.53 8379b61e95bea7d3f8f5702f16d15b3e .rdata 49152 8656 12288 3.78 7fd87dcef8fcaec13020316203125bc0 .data 61440 23544 4096 3.53 687000e84ee4980d9071468282697f72 .reloc 86016 5284 8192 3.44 fcf1ebd3503d524de80de8f990001739 PE Imports....................: ADVAPI32.dll RegQueryValueExA, RegCloseKey, RegOpenKeyExA KERNEL32.dll GetVersionExA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, FlushFileBuffers, InterlockedDecrement, WideCharToMultiByte, MultiByteToWideChar, LoadLibraryA, GetTickCount, GetLastError, LocalFree, GetProcAddress, FreeLibrary, lstrlenA, GetSystemInfo, VirtualProtect, GetCurrentProcessId, QueryPerformanceCounter, RtlUnwind, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCommandLineA, HeapFree, HeapAlloc, RaiseException, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, GetModuleHandleA, HeapReAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, HeapSize, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, UnhandledExceptionFilter, WriteFile, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, IsBadWritePtr, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, InitializeCriticalSection, GetLocaleInfoA, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW OLEAUT32.dll -, -, - PE Exports....................: D, l, l, C, a, n, U, n, l, o, a, d, N, o, w, ,, , D, l, l, G, e, t, C, l, a, s, s, O, b, j, e, c, t First seen by VirusTotal 2012-01-21 20:48:22 UTC ( 2 months ago ) Last seen by VirusTotal 2012-03-22 00:07:53 UTC ( 12 minutes ago ) File names (max. 25) 1. C:\Windows\SysWOW64\mffc100enu.dll 2. C:\Windows\SysWOW64\KBDDCAN.DLL 3. IMMAGEHLP.DLL 4. NVWRSSFR.DLL 5. MIIGISOL.DLL 6. MIIGISOL.DLL 7. HTTPAPPI.DLL 8. CLBCATEEX.DLL 9. IASS.DLL 10. APPHELLP.DLL 11. 3 12. CSCAPPI.DLL 13. CSCAPPI.DLL 14. CSCAPPI.DLL 15. cmicryptinsttall.dll 16. SQQLWID.DLL 17. PKU22U.DLL 18. mfc100ddeu.dll 19. MQUUTIL.DLL 20. DRRT.DLL 21. KBDUUSR.DLL 22. 29E144CA00A02C49207B013EC693C300A60A0C1D.dll 23. ACTTXPRXY.DLL SHA256: 13b94170474d864e31e803cb3e7a1e75508d33f665ad8f02a5462258c78f7297 SHA1: 96ca07dd648892a6e3c120776bafda0c741ac018 MD5: 8b53a5bd8af3c7eecc424cf2489cdfd1 File size: 72.0 KB ( 73728 bytes ) File name: C:\Windows\SysWOW64\mffc100enu.dll File type: Win32 DLL Detection ratio: 0 / 43 Analysis date: 2012-03-22 00:22:02 UTC ( 1 minute ago ) 0 0 Antivirus Result Update AhnLab-V3 - 20120321 AntiVir - 20120321 Antiy-AVL - 20120321 Avast - 20120320 AVG - 20120321 BitDefender - 20120321 ByteHero - 20120319 CAT-QuickHeal - 20120321 ClamAV - 20120321 Commtouch - 20120321 Comodo - 20120321 DrWeb - 20120321 Emsisoft - 20120321 eSafe - 20120321 eTrust-Vet - 20120321 F-Prot - 20120321 F-Secure - 20120322 Fortinet - 20120321 GData - 20120321 Ikarus - 20120321 Jiangmin - 20120321 K7AntiVirus - 20120321 Kaspersky - 20120322 McAfee - 20120322 McAfee-GW-Edition - 20120321 Microsoft - 20120321 NOD32 - 20120321 Norman - 20120321 nProtect - 20120321 Panda - 20120321 PCTools - 20120319 Prevx - 20120322 Rising - 20120321 Sophos - 20120321 SUPERAntiSpyware - 20120322 Symantec - 20120321 TheHacker - 20120321 TrendMicro - 20120321 TrendMicro-HouseCall - 20120321 VBA32 - 20120321 VIPRE - 20120321 ViRobot - 20120321 VirusBuster - 20120321 · Comments · Additional information No comments More comments Leave your comment... ? Rich Text Area Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! Sign in Join the community An error occurred ssdeep 1536:E+R6LhFN7lqbWj66P6nWq1rIrCoMDuOlAs:ECchX7kSY1MbOlAs TrID Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) ExifTool MIMEType.................: application/octet-stream Subsystem................: Windows GUI MachineType..............: Intel 386 or later, and compatibles TimeStamp................: 2012:01:16 22:13:19+01:00 FileType.................: Win32 DLL PEType...................: PE32 CodeSize.................: 45056 LinkerVersion............: 7.1 EntryPoint...............: 0x4dbe InitializedDataSize......: 45056 SubsystemVersion.........: 4.0 ImageVersion.............: 0.0 OSVersion................: 4.0 UninitializedDataSize....: 0 Portable Executable structural information PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 43494 45056 6.53 8379b61e95bea7d3f8f5702f16d15b3e .rdata 49152 8656 12288 3.78 7fd87dcef8fcaec13020316203125bc0 .data 61440 23544 4096 3.53 687000e84ee4980d9071468282697f72 .reloc 86016 5284 8192 3.44 fcf1ebd3503d524de80de8f990001739 PE Imports....................: ADVAPI32.dll RegQueryValueExA, RegCloseKey, RegOpenKeyExA KERNEL32.dll GetVersionExA, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, FlushFileBuffers, InterlockedDecrement, WideCharToMultiByte, MultiByteToWideChar, LoadLibraryA, GetTickCount, GetLastError, LocalFree, GetProcAddress, FreeLibrary, lstrlenA, GetSystemInfo, VirtualProtect, GetCurrentProcessId, QueryPerformanceCounter, RtlUnwind, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCommandLineA, HeapFree, HeapAlloc, RaiseException, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, GetModuleHandleA, HeapReAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, HeapSize, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, UnhandledExceptionFilter, WriteFile, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, IsBadWritePtr, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, InitializeCriticalSection, GetLocaleInfoA, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW OLEAUT32.dll -, -, - PE Exports....................: D, l, l, C, a, n, U, n, l, o, a, d, N, o, w, ,, , D, l, l, G, e, t, C, l, a, s, s, O, b, j, e, c, t First seen by VirusTotal 2012-01-21 20:48:22 UTC ( 2 months ago ) Last seen by VirusTotal 2012-03-22 00:07:53 UTC ( 12 minutes ago ) File names (max. 25) 1. C:\Windows\SysWOW64\mffc100enu.dll 2. C:\Windows\SysWOW64\KBDDCAN.DLL 3. IMMAGEHLP.DLL 4. NVWRSSFR.DLL 5. MIIGISOL.DLL 6. MIIGISOL.DLL 7. HTTPAPPI.DLL 8. CLBCATEEX.DLL 9. IASS.DLL 10. APPHELLP.DLL 11. 3 12. CSCAPPI.DLL 13. CSCAPPI.DLL 14. CSCAPPI.DLL 15. cmicryptinsttall.dll 16. SQQLWID.DLL 17. PKU22U.DLL 18. mfc100ddeu.dll 19. MQUUTIL.DLL 20. DRRT.DLL 21. KBDUUSR.DLL 22. 29E144CA00A02C49207B013EC693C300A60A0C1D.dll 23. ACTTXPRXY.DLL ComboFix 12-03-21.02 - Kenny 03/21/2012 19:32:41.5.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2795 [GMT -5:00] Running from: c:\users\Kenny\Desktop\ComboFix.exe Command switches used :: c:\users\Kenny\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Kenny\AppData\Roaming\Local c:\users\Kenny\AppData\Roaming\Local\FalloutNV\Fallout.ini c:\users\Kenny\AppData\Roaming\Local\FalloutNV\FalloutPrefs.ini c:\users\Kenny\AppData\Roaming\Local\FalloutNV\NVDLCList.txt c:\users\Kenny\AppData\Roaming\Local\FalloutNV\plugins.txt c:\users\Kenny\AppData\Roaming\Local\FalloutNV\RendererInfo.txt c:\windows\Tasks\At1.job c:\windows\Tasks\At2.job . . ((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 ))))))))))))))))))))))))))))))) . . 2012-03-22 00:37 . 2012-03-22 00:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-03-22 00:37 . 2012-03-22 00:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-21 21:07 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A915995-60EE-434B-9FE2-166526F59D79}\mpengine.dll 2012-03-21 20:52 . 2009-07-14 01:14 45056 ----a-w- c:\windows\SysWow64\taasklist.exe 2012-03-21 20:52 . 2009-07-14 01:14 45056 ----a-w- c:\windows\SysWow64\reeg.exe 2012-03-21 20:11 . 2012-03-21 20:11 -------- d-----w- c:\windows\CheckSur 2012-03-21 11:20 . 2012-03-21 13:35 -------- d-----w- c:\programdata\Lavasoft 2012-03-19 20:05 . 2012-03-19 20:30 -------- d-----w- c:\users\Kenny\AppData\Roaming\DAEMON Tools Lite 2012-03-19 20:05 . 2012-03-19 20:05 -------- d-----w- c:\programdata\DAEMON Tools Lite 2012-03-19 19:53 . 2012-03-19 19:53 -------- d-----w- c:\programdata\NVIDIA 2012-03-19 19:53 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-03-19 19:53 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll 2012-03-19 19:53 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll 2012-03-19 19:53 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-03-19 19:53 . 2012-02-29 20:59 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-03-19 19:53 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-03-19 19:52 . 2012-03-19 19:52 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-03-16 22:06 . 2012-03-16 22:07 -------- d-----w- c:\programdata\SecTaskMan 2012-03-16 16:23 . 2012-03-16 16:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-16 16:23 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-16 12:12 . 2012-03-16 12:12 -------- d-----w- c:\windows\SysWow64\3021 2012-03-15 02:39 . 2012-03-19 14:26 -------- d-----w- c:\program files\Oracle 2012-03-15 02:38 . 2012-01-10 18:28 750488 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-15 02:38 . 2012-01-10 18:28 660368 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-15 02:37 . 2012-03-15 02:38 -------- d-----w- c:\program files\Java 2012-03-14 10:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 10:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 10:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 09:32 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 09:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 09:32 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 09:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 09:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 09:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 09:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 09:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 09:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 09:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-12 20:42 . 2012-03-12 20:42 -------- d-----w- c:\users\Kenny\AppData\Roaming\Malwarebytes 2012-03-12 19:44 . 2012-03-12 19:44 -------- d-----w- c:\program files\Enigma Software Group 2012-03-12 19:43 . 2012-03-12 20:11 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP 2012-03-12 12:07 . 2012-03-12 12:07 -------- d-----w- c:\program files (x86)\PC Tools 2012-03-12 12:05 . 2012-03-12 20:24 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-03-12 12:05 . 2012-02-24 15:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-03-12 12:04 . 2012-03-12 12:36 -------- d-----w- c:\programdata\PC Tools 2012-03-12 02:49 . 2012-03-12 02:49 -------- d-----w- c:\windows\Downloaded Installations 2012-03-11 23:07 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-11 22:04 . 2012-03-11 22:04 39184 ----a-w- c:\windows\system32\Partizan.exe 2012-03-11 21:55 . 2012-03-15 02:52 2 --shatr- c:\windows\winstart.bat 2012-03-11 19:33 . 2012-03-11 19:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3688C9F-6EBA-48AD-8376-27B33CC3ACB2}\gapaengine.dll 2012-03-11 19:32 . 2012-03-11 19:32 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-03-11 19:31 . 2012-03-11 19:32 -------- d-----w- c:\program files\Microsoft Security Client 2012-03-11 18:24 . 2012-03-11 18:24 -------- d-----w- c:\program files (x86)\Trend Micro 2012-03-11 04:29 . 2012-03-11 04:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-11 04:09 . 2012-03-11 04:09 -------- d-----w- c:\programdata\Malwarebytes 2012-03-10 01:23 . 2012-03-01 19:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13BE0816-07C1-44AD-8B7A-734327D20984}\mpengine.dll 2012-03-09 14:11 . 2012-03-16 12:12 -------- d-----w- c:\windows\SysWow64\2055 2012-03-09 14:10 . 2012-03-09 14:10 -------- d-----w- c:\windows\SysWow64\2002 2012-03-08 03:37 . 2012-03-08 03:37 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-03-05 03:27 . 2012-03-09 17:34 -------- d-----w- c:\program files (x86)\Games 2012-02-26 17:38 . 2012-01-17 12:45 72512 ----a-w- c:\windows\system32\nvapo64v.dll 2012-02-26 17:38 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-02-26 17:38 . 2012-01-17 12:46 31040 ----a-w- c:\windows\system32\nvhdap64.dll 2012-02-26 17:38 . 2012-01-17 12:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2012-02-26 17:38 . 2012-03-19 19:53 -------- d-----w- c:\program files\NVIDIA Corporation 2012-02-26 17:37 . 2012-03-19 19:53 -------- d-----w- C:\NVIDIA 2012-02-24 12:07 . 1999-11-10 18:05 86016 ----a-w- c:\windows\unvise32qt.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-15 03:36 . 2011-09-19 15:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-23 15:18 . 2011-09-19 16:00 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-03 12:00 . 2012-02-03 12:00 164992 ----a-w- c:\windows\SysWow64\drivers\athsgt.sys 2012-02-03 12:00 . 2012-02-03 12:00 12544 ----a-w- c:\windows\SysWow64\drivers\limsgt.sys 2012-01-04 10:44 . 2012-02-15 11:52 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-04 08:58 . 2012-02-15 11:52 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2011-12-31 23:19 . 2011-10-13 11:23 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2011-12-31 23:19 . 2011-10-13 11:23 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-12-31 23:19 . 2011-10-13 11:23 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2011-12-31 23:19 . 2011-10-13 11:23 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-12-30 06:26 . 2012-02-15 11:52 515584 ----a-w- c:\windows\system32\timedate.cpl 2011-12-30 05:27 . 2012-02-15 11:52 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2011-12-28 03:59 . 2012-02-15 11:52 498688 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-03-17_14.50.35 ))))))))))))))))))))))))))))))))))))))))) . - 2012-03-10 18:16 . 2012-02-10 04:13 61248 c:\windows\SysWOW64\OpenCL.dll + 2012-03-19 19:51 . 2012-03-01 00:02 61248 c:\windows\SysWOW64\OpenCL.dll + 2009-07-14 04:54 . 2012-03-22 00:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-03-17 14:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-03-22 00:16 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-03-17 14:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-03-22 00:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-03-17 14:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-09-19 16:05 . 2012-03-21 20:56 43584 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-03-22 00:19 45812 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-09-19 15:51 . 2012-03-22 00:19 12714 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3974904213-1714037821-1548854753-1001_UserData.bin - 2012-03-10 18:16 . 2012-02-10 04:13 68928 c:\windows\system32\OpenCL.dll + 2012-03-19 19:51 . 2012-03-01 00:02 68928 c:\windows\system32\OpenCL.dll + 2009-07-14 05:30 . 2012-03-19 20:29 86016 c:\windows\system32\DriverStore\infpub.dat - 2009-07-14 05:30 . 2012-03-15 22:08 86016 c:\windows\system32\DriverStore\infpub.dat - 2012-03-10 18:16 . 2012-01-17 12:46 31040 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhdap64.dll + 2012-03-19 19:51 . 2012-01-17 12:46 31040 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhdap64.dll + 2012-03-19 19:51 . 2012-01-17 12:45 72512 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvapo64v.dll - 2012-03-10 18:16 . 2012-01-17 12:45 72512 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvapo64v.dll + 2012-03-19 19:51 . 2012-03-01 00:02 68928 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\OpenCL64.dll + 2012-03-19 19:51 . 2012-03-01 00:02 61248 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\OpenCL.dll + 2012-03-19 19:51 . 2012-03-01 00:02 28992 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvpciflt.sys - 2011-09-19 15:24 . 2012-03-17 14:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-09-19 15:24 . 2012-03-21 23:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-09-19 15:24 . 2012-03-21 23:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-09-19 15:24 . 2012-03-17 14:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-03-21 23:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-03-17 14:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-18 23:17 . 2012-03-18 23:17 35328 c:\windows\Steam\steamapps\common\csi hard evidence\support\DirectX\DSETUP.dll + 2012-03-18 23:12 . 2012-03-18 23:12 41984 c:\windows\Steam\steamapps\common\csi hard evidence\support\DirectX\cfgmgr32.dll - 2011-05-05 12:16 . 2012-03-16 13:57 71464 c:\windows\Steam\GameOverlayUI.exe + 2011-05-05 12:16 . 2012-03-21 15:07 71464 c:\windows\Steam\GameOverlayUI.exe - 2011-05-05 12:16 . 2012-03-16 13:57 86824 c:\windows\Steam\bin\x64launcher.exe + 2011-05-05 12:16 . 2012-03-21 15:07 86824 c:\windows\Steam\bin\x64launcher.exe - 2009-07-14 04:46 . 2012-03-14 12:17 94368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 04:46 . 2012-03-22 00:21 94368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-03-20 14:08 . 2012-03-20 14:08 28160 c:\windows\Installer\b414a9.msi + 2012-03-16 12:12 . 2012-03-19 01:08 7086 c:\windows\SysWOW64\3021\inf3021.dat + 2012-03-19 19:51 . 2012-03-01 00:02 4096 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdetx.dll + 2012-03-19 19:51 . 2012-03-01 00:02 4096 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdet.dll + 2012-03-22 00:38 . 2012-03-22 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-17 14:50 . 2012-03-17 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-17 14:50 . 2012-03-17 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-22 00:38 . 2012-03-22 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-03-17 14:39 662446 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-03-22 00:20 662446 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-03-17 14:39 122242 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-03-22 00:20 122242 c:\windows\system32\perfc009.dat + 2012-03-15 02:38 . 2012-03-15 02:38 264584 c:\windows\system32\javaws.exe - 2012-03-17 14:49 . 2012-03-17 14:50 318448 c:\windows\system32\FNTCACHE.DAT + 2012-03-22 00:15 . 2012-03-22 00:15 318448 c:\windows\system32\FNTCACHE.DAT + 2009-07-14 05:30 . 2012-03-19 20:29 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-03-15 22:08 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-03-19 20:29 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:30 . 2012-03-15 22:08 143360 c:\windows\system32\DriverStore\infstor.dat - 2012-03-10 18:16 . 2012-01-17 12:45 188224 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhda64v.sys + 2012-03-19 19:51 . 2012-01-17 12:45 188224 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhda64v.sys + 2012-03-19 19:51 . 2012-01-17 12:45 156480 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhda64.sys - 2012-03-10 18:16 . 2012-01-17 12:45 156480 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvhda64.sys + 2012-03-19 19:51 . 2012-03-01 00:02 962368 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvumdshimx.dll + 2012-03-19 19:51 . 2012-03-01 00:02 812352 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvumdshim.dll + 2012-03-19 19:51 . 2012-03-01 00:02 249152 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvkflt.sys + 2012-03-19 19:51 . 2012-03-01 00:02 260416 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvinitx.dll + 2012-03-19 19:51 . 2012-03-01 00:02 215360 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvinit.dll + 2012-03-19 19:51 . 2012-03-01 00:02 202752 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdxgiwrapx.dll + 2012-03-19 19:51 . 2012-03-01 00:02 182080 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdxgiwrap.dll + 2012-03-19 19:51 . 2012-03-01 00:02 325888 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdrsdb.bin + 2012-03-19 19:51 . 2012-03-01 00:02 301376 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdecodemft32.dll + 2012-03-19 19:51 . 2012-03-01 00:02 364352 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdecodemft.dll + 2012-03-19 19:51 . 2012-03-01 00:02 261120 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\Nvd3d9wrapx.dll + 2012-03-19 19:51 . 2012-03-01 00:02 236352 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\Nvd3d9wrap.dll + 2012-03-19 19:51 . 2012-03-01 00:02 224064 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\dbInstaller.exe + 2009-07-14 05:12 . 2012-03-21 11:26 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:12 . 2012-03-17 14:47 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2011-05-05 12:16 . 2012-03-16 13:57 284456 c:\windows\Steam\WriteMiniDump.exe + 2011-05-05 12:16 . 2012-03-21 15:07 284456 c:\windows\Steam\WriteMiniDump.exe + 2011-05-05 12:16 . 2012-03-21 15:07 721192 c:\windows\Steam\vstdlib_s64.dll - 2011-05-05 12:16 . 2012-03-16 13:57 721192 c:\windows\Steam\vstdlib_s64.dll + 2011-05-05 12:16 . 2012-03-21 15:07 444200 c:\windows\Steam\vstdlib_s.dll - 2011-05-05 12:16 . 2012-03-16 13:57 444200 c:\windows\Steam\vstdlib_s.dll + 2011-05-05 12:16 . 2012-03-21 15:07 347944 c:\windows\Steam\tier0_s64.dll - 2011-05-05 12:16 . 2012-03-16 13:57 347944 c:\windows\Steam\tier0_s64.dll - 2011-05-05 12:16 . 2012-03-16 13:57 272168 c:\windows\Steam\tier0_s.dll + 2011-05-05 12:16 . 2012-03-21 15:07 272168 c:\windows\Steam\tier0_s.dll - 2011-05-05 12:16 . 2012-03-16 13:57 210728 c:\windows\Steam\steamerrorreporter.exe + 2011-05-05 12:16 . 2012-03-21 15:07 210728 c:\windows\Steam\steamerrorreporter.exe + 2012-03-18 23:21 . 2012-03-18 23:21 163840 c:\windows\Steam\steamapps\common\csi hard evidence\um.dll + 2012-03-18 23:07 . 2012-03-18 23:07 341264 c:\windows\Steam\steamapps\common\csi hard evidence\support\DirectX\setupapi.dll + 2012-03-18 23:07 . 2012-03-18 23:07 140288 c:\windows\Steam\steamapps\common\csi hard evidence\support\DirectX\dxsetup.exe + 2012-03-18 23:17 . 2012-03-18 23:17 962560 c:\windows\Steam\steamapps\common\csi hard evidence\Register\RegistrationReminder.exe + 2012-03-18 23:15 . 2012-03-18 23:15 193024 c:\windows\Steam\steamapps\common\csi hard evidence\binkw32.dll + 2011-05-05 12:16 . 2012-03-21 15:07 780584 c:\windows\Steam\GameOverlayRenderer64.dll - 2011-05-05 12:16 . 2012-03-16 13:57 780584 c:\windows\Steam\GameOverlayRenderer64.dll - 2011-05-05 12:16 . 2012-03-16 13:57 595752 c:\windows\Steam\GameOverlayRenderer.dll + 2011-05-05 12:16 . 2012-03-21 15:07 595752 c:\windows\Steam\GameOverlayRenderer.dll - 2011-05-05 12:16 . 2012-03-16 13:57 122864 c:\windows\Steam\CSERHelper.dll + 2011-05-05 12:16 . 2012-03-21 15:07 122864 c:\windows\Steam\CSERHelper.dll + 2011-05-05 12:16 . 2012-03-21 15:07 321320 c:\windows\Steam\crashhandler.dll - 2011-05-05 12:16 . 2012-03-16 13:57 321320 c:\windows\Steam\crashhandler.dll - 2011-06-09 12:55 . 2012-03-16 13:57 669480 c:\windows\Steam\bin\vgui2_s.dll + 2011-06-09 12:55 . 2012-03-21 15:07 669480 c:\windows\Steam\bin\vgui2_s.dll + 2011-05-05 12:16 . 2012-03-21 15:07 198440 c:\windows\Steam\bin\vaudio_speex.dll - 2011-05-05 12:16 . 2012-03-16 13:57 198440 c:\windows\Steam\bin\vaudio_speex.dll - 2011-03-16 15:42 . 2012-03-16 13:57 489256 c:\windows\Steam\bin\SteamService.exe + 2011-03-16 15:42 . 2012-03-21 15:07 489256 c:\windows\Steam\bin\SteamService.exe - 2011-05-05 12:16 . 2012-03-16 13:57 179808 c:\windows\Steam\bin\nattypeprobe.dll + 2011-05-05 12:16 . 2012-03-21 15:07 179808 c:\windows\Steam\bin\nattypeprobe.dll - 2011-06-09 12:55 . 2012-03-16 13:57 454952 c:\windows\Steam\bin\mss32.dll + 2011-06-09 12:55 . 2012-03-21 15:07 454952 c:\windows\Steam\bin\mss32.dll + 2011-05-05 12:16 . 2012-03-21 15:07 173864 c:\windows\Steam\bin\FileSystem_Steam.dll - 2011-05-05 12:16 . 2012-03-16 13:57 173864 c:\windows\Steam\bin\FileSystem_Steam.dll - 2011-06-09 12:55 . 2012-03-16 13:57 907048 c:\windows\Steam\bin\chromehtml.dll + 2011-06-09 12:55 . 2012-03-21 15:07 907048 c:\windows\Steam\bin\chromehtml.dll - 2012-03-16 13:57 . 2012-03-16 13:57 123192 c:\windows\Steam\bin\avutil-51.dll + 2012-03-16 13:57 . 2012-03-21 15:07 123192 c:\windows\Steam\bin\avutil-51.dll + 2012-03-16 13:57 . 2012-03-21 15:07 190776 c:\windows\Steam\bin\avformat-53.dll - 2012-03-16 13:57 . 2012-03-16 13:57 190776 c:\windows\Steam\bin\avformat-53.dll + 2012-03-16 13:57 . 2012-03-21 15:07 123192 c:\windows\Steam\avutil-51.dll - 2012-03-16 13:57 . 2012-03-16 13:57 123192 c:\windows\Steam\avutil-51.dll - 2009-07-14 05:01 . 2012-03-17 14:49 291168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-03-22 00:37 291168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-03-19 19:51 . 2012-03-01 00:02 7713088 c:\windows\SysWOW64\nvwgf2um.dll - 2012-03-10 18:16 . 2012-02-10 04:13 7713088 c:\windows\SysWOW64\nvwgf2um.dll + 2012-03-19 19:51 . 2012-03-01 00:02 2517312 c:\windows\SysWOW64\nvcuvid.dll - 2012-03-10 18:16 . 2012-02-10 04:13 2517312 c:\windows\SysWOW64\nvcuvid.dll - 2012-03-10 18:16 . 2012-02-10 04:13 2437440 c:\windows\SysWOW64\nvcuvenc.dll + 2012-03-19 19:51 . 2012-03-01 00:02 2437440 c:\windows\SysWOW64\nvcuvenc.dll + 2012-03-19 19:51 . 2012-03-01 00:02 5892928 c:\windows\SysWOW64\nvcuda.dll - 2012-03-10 18:16 . 2012-02-10 04:13 5892928 c:\windows\SysWOW64\nvcuda.dll + 2012-03-19 19:51 . 2012-03-01 00:02 2301248 c:\windows\SysWOW64\nvapi.dll - 2012-03-10 18:16 . 2012-02-10 04:13 2301248 c:\windows\SysWOW64\nvapi.dll + 2012-03-19 19:51 . 2012-03-01 00:02 9717568 c:\windows\system32\nvwgf2umx.dll - 2012-03-10 18:16 . 2012-02-10 04:13 9717568 c:\windows\system32\nvwgf2umx.dll - 2012-03-10 18:16 . 2012-02-10 04:13 1466176 c:\windows\system32\nvgenco64.dll + 2012-03-19 19:51 . 2012-03-01 00:02 1466176 c:\windows\system32\nvgenco64.dll - 2012-03-10 18:16 . 2012-02-10 04:13 1737536 c:\windows\system32\nvdispco64.dll + 2012-03-19 19:51 . 2012-03-01 00:02 1737536 c:\windows\system32\nvdispco64.dll - 2012-03-10 18:16 . 2012-02-10 04:13 2672448 c:\windows\system32\nvcuvid.dll + 2012-03-19 19:51 . 2012-03-01 00:02 2672448 c:\windows\system32\nvcuvid.dll + 2012-03-19 19:51 . 2012-03-01 00:02 2872640 c:\windows\system32\nvcuvenc.dll - 2012-03-10 18:16 . 2012-02-10 04:13 2872640 c:\windows\system32\nvcuvenc.dll - 2012-03-10 18:16 . 2012-02-10 04:13 8008000 c:\windows\system32\nvcuda.dll + 2012-03-19 19:51 . 2012-03-01 00:02 8008000 c:\windows\system32\nvcuda.dll - 2012-03-10 18:16 . 2012-02-10 04:13 2660160 c:\windows\system32\nvapi64.dll + 2012-03-19 19:51 . 2012-03-01 00:02 2660160 c:\windows\system32\nvapi64.dll + 2012-03-19 19:51 . 2012-01-17 12:45 1451840 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvgenco64.dll - 2012-03-10 18:16 . 2012-01-17 12:45 1451840 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_6c95c0b9e91efef4\nvgenco64.dll + 2012-03-19 19:51 . 2012-03-01 00:02 9717568 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvwgf2umx.dll + 2012-03-19 19:51 . 2012-03-01 00:02 7713088 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvwgf2um.dll + 2012-03-19 19:51 . 2012-03-01 00:02 1466176 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvgenco64.dll + 2012-03-19 19:51 . 2012-03-01 00:02 1737536 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvdispco64.dll + 2012-03-19 19:51 . 2012-03-01 00:02 2517312 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcuvid32.dll + 2012-03-19 19:51 . 2012-03-01 00:02 2672448 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcuvid.dll + 2012-03-19 19:51 . 2012-03-01 00:02 2872640 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcuvenc64.dll + 2012-03-19 19:51 . 2012-03-01 00:02 2437440 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcuvenc.dll + 2012-03-19 19:51 . 2012-03-01 00:02 5892928 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcuda32.dll + 2012-03-19 19:51 . 2012-03-01 00:02 8008000 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcuda.dll + 2012-03-19 19:51 . 2012-03-01 00:02 2660160 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvapi64.dll + 2012-03-19 19:51 . 2012-03-01 00:02 2301248 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvapi.dll + 2011-05-05 12:16 . 2012-03-21 15:07 3970856 c:\windows\Steam\SteamUI.dll + 2011-05-05 12:16 . 2012-03-21 15:07 8972072 c:\windows\Steam\steamclient64.dll + 2011-05-05 12:16 . 2012-03-21 15:07 6616872 c:\windows\Steam\steamclient.dll - 2011-05-05 12:16 . 2012-03-16 13:57 6616872 c:\windows\Steam\steamclient.dll + 2012-03-18 23:11 . 2012-03-18 23:11 1901056 c:\windows\Steam\steamapps\common\csi hard evidence\support\DirectX\dsetup32.dll + 2012-03-18 23:17 . 2012-03-18 23:17 1060864 c:\windows\Steam\steamapps\common\csi hard evidence\mfc71.dll + 2012-03-18 23:09 . 2012-03-18 23:09 6422528 c:\windows\Steam\steamapps\common\csi hard evidence\CSI4.exe - 2011-05-05 12:16 . 2012-03-16 13:57 2975056 c:\windows\Steam\Steam.dll + 2011-05-05 12:16 . 2012-03-21 15:07 2975056 c:\windows\Steam\Steam.dll - 2011-05-05 12:16 . 2012-03-16 13:57 1039192 c:\windows\Steam\dbghelp.dll + 2011-05-05 12:16 . 2012-03-21 15:07 1039192 c:\windows\Steam\dbghelp.dll + 2011-05-05 12:16 . 2012-03-21 15:07 1910568 c:\windows\Steam\bin\SteamService.dll - 2011-05-05 12:16 . 2012-03-16 13:57 1910568 c:\windows\Steam\bin\SteamService.dll + 2011-05-05 12:16 . 2012-03-21 15:07 1726248 c:\windows\Steam\bin\ServerBrowser.dll - 2012-03-16 13:57 . 2012-03-16 13:57 9955112 c:\windows\Steam\bin\icudt.dll + 2012-03-16 13:57 . 2012-03-21 15:07 9955112 c:\windows\Steam\bin\icudt.dll + 2011-05-05 12:16 . 2012-03-21 15:07 2381608 c:\windows\Steam\bin\gameoverlayui.dll + 2011-05-05 12:16 . 2012-03-21 15:07 2316072 c:\windows\Steam\bin\friendsUI.dll - 2012-03-16 13:57 . 2012-03-16 13:57 1099576 c:\windows\Steam\bin\avcodec-53.dll + 2012-03-16 13:57 . 2012-03-21 15:07 1099576 c:\windows\Steam\bin\avcodec-53.dll + 2009-07-14 04:45 . 2012-03-21 20:54 7149876 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-03-14 11:04 7149876 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2012-03-19 19:51 . 2012-03-01 00:02 19444544 c:\windows\SysWOW64\nvoglv32.dll - 2012-03-10 18:16 . 2012-02-10 04:13 15009600 c:\windows\SysWOW64\nvd3dum.dll + 2012-03-19 19:51 . 2012-03-01 00:02 15009600 c:\windows\SysWOW64\nvd3dum.dll - 2012-03-10 18:16 . 2012-02-10 04:13 17543488 c:\windows\SysWOW64\nvcompiler.dll + 2012-03-19 19:51 . 2012-03-01 00:02 17543488 c:\windows\SysWOW64\nvcompiler.dll + 2012-03-19 19:51 . 2012-03-01 00:02 25543488 c:\windows\system32\nvoglv64.dll - 2012-03-10 18:16 . 2012-02-10 04:13 17642816 c:\windows\system32\nvd3dumx.dll + 2012-03-19 19:51 . 2012-03-01 00:02 17642816 c:\windows\system32\nvd3dumx.dll - 2012-03-10 18:16 . 2012-02-10 04:13 25222976 c:\windows\system32\nvcompiler.dll + 2012-03-19 19:51 . 2012-03-01 00:02 25222976 c:\windows\system32\nvcompiler.dll + 2011-09-19 16:48 . 2012-03-04 22:19 56297240 c:\windows\system32\MRT.exe - 2011-09-19 16:48 . 2012-03-14 10:51 56297240 c:\windows\system32\MRT.exe + 2012-03-19 19:51 . 2012-03-01 00:02 25543488 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvoglv64.dll + 2012-03-19 19:51 . 2012-03-01 00:02 19444544 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvoglv32.dll + 2012-03-19 19:51 . 2012-03-01 00:02 13626688 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvlddmkm.sys + 2012-03-19 19:51 . 2012-03-01 00:02 17642816 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvd3dumx.dll + 2012-03-19 19:51 . 2012-03-01 00:02 15009600 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvd3dum.dll + 2012-03-19 19:51 . 2012-03-01 00:02 71582120 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\NvCplSetupInt.exe + 2012-03-19 19:51 . 2012-03-01 00:02 17543488 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcompiler32.dll + 2012-03-19 19:51 . 2012-03-01 00:02 25222976 c:\windows\system32\DriverStore\FileRepository\nvac.inf_amd64_neutral_31d474b9f08813c8\nvcompiler.dll + 2012-03-19 19:51 . 2012-03-01 00:02 13626688 c:\windows\system32\drivers\nvlddmkm.sys - 2011-05-05 12:16 . 2012-03-16 13:57 20297512 c:\windows\Steam\bin\libcef.dll + 2011-05-05 12:16 . 2012-03-21 15:07 20297512 c:\windows\Steam\bin\libcef.dll + 2011-09-19 17:13 . 2012-03-22 00:37 47435500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3974904213-1714037821-1548854753-1001-12288.dat + 2012-03-19 11:28 . 2012-03-19 11:28 45882196 c:\windows\Installer\223121.msi + 2012-02-13 16:57 . 2012-02-13 16:57 30412800 c:\windows\Installer\1efdd16.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0F802439-432B-1C45-7CD3-59DE607400C2}] 2009-07-14 01:11 73728 ----a-w- c:\windows\SysWOW64\KBDDCAN.DLL . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2E90012A-40C7-6932-71FF-6EB3583B4BEB}] 2011-06-11 07:58 73728 ----a-w- c:\windows\SysWOW64\mffc100enu.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X] "adaware_XP"="reg.exe delete HKCU\Software\adaware" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.exe [2012-01-21 240408] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 hexmagic;hexmagic;c:\windows\system32\drivers\hexmagic.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.exe [2012-01-21 192792] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x] S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.cbsnews.com/?ocid=MIE8MSNB/ mLocal Page = c:\windows\system32\blank.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-3974904213-1714037821-1548854753-1001) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-3974904213-1714037821-1548854753-1001) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:de,c3,8d,0f,b5,ef,fe,33,23,9c,d6,63,2d,f7,42,f2,bb,d6,3b,49,9a,ed,77, 84,dd,84,45,e8,ac,28,db,3f,96,8f,50,06,e6,d5,85,5a,61,d1,19,7f,24,e6,53,2a,\ "??"=hex:1b,5c,00,6c,19,29,b6,60,a7,81,26,f9,6d,5e,cb,bb . [HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\SecuROM\License information*] "datasecu"=hex:30,d1,14,ac,0d,c6,af,15,6b,19,cf,47,74,9b,89,bf,19,50,34,0c,b4, 69,50,af,26,b1,00,c1,a4,17,00,89,ca,74,00,94,ce,ad,fb,7d,45,05,a0,6c,1f,f4,\ "rkeysecu"=hex:05,34,13,a2,22,06,63,9f,9d,7d,81,00,92,99,7c,60 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\09\05\17\0e\0b\06?" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-03-21 19:42:43 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-22 00:42 ComboFix2.txt 2012-03-17 14:54 . Pre-Run: 240,714,702,848 bytes free Post-Run: 240,691,445,760 bytes free . - - End Of File - - FE17843393DB8C9ED450CB30F0929F20 KBDDCAN.7z mffc100enu.7z

Ok-Here they are: SHA256: b4e4d63453ea5fbae38f3a44a325935a2575b0feb1607bc606414611d02d9344 SHA1: 323ef205076a82caaace9a19cf48b5e223350450 MD5: 371d2fcf751d9c2e3608a5e1c7c88828 File size: 44.0 KB ( 45056 bytes ) File name: C:\Windows\SysWOW64\taasklist.exe File type: Win32 EXE Detection ratio: 0 / 43 Analysis date: 2012-03-19 00:59:05 UTC ( 0 minutes ago ) https://chart.google...100,100&chd=t:0 0 0 Antivirus Result Update AhnLab-V3 - 20120318 AntiVir - 20120318 Antiy-AVL - 20120318 Avast - 20120317 AVG - 20120318 BitDefender - 20120318 ByteHero - 20120316 CAT-QuickHeal - 20120318 ClamAV - 20120318 Commtouch - 20120318 Comodo - 20120318 DrWeb - 20120319 Emsisoft - 20120319 eSafe - 20120315 eTrust-Vet - 20120316 F-Prot - 20120318 F-Secure - 20120318 Fortinet - 20120318 GData - 20120319 Ikarus - 20120318 Jiangmin - 20120318 K7AntiVirus - 20120316 Kaspersky - 20120319 McAfee - 20120318 McAfee-GW-Edition - 20120319 Microsoft - 20120318 NOD32 - 20120319 Norman - 20120318 nProtect - 20120318 Panda - 20120318 PCTools - 20120314 Prevx - 20120319 Rising - 20120316 Sophos - 20120318 SUPERAntiSpyware - 20120317 Symantec - 20120319 TheHacker - 20120318 TrendMicro - 20120318 TrendMicro-HouseCall - 20120318 VBA32 - 20120316 VIPRE - 20120318 ViRobot - 20120318 VirusBuster - 20120319 Comments Additional information No comments More comments Leave your comment... ? Rich Text Area Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! Sign in Join the community An error occurred ssdeep 768:Cu+zWb2IHKZG8VF/ea0CL+3w02Z3DljL9GR1DT:j+LIeGkZexCL+3wXZ3TwDT TrID Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) ExifTool MIMEType.................: application/octet-stream Subsystem................: Windows GUI MachineType..............: Intel 386 or later, and compatibles TimeStamp................: 2012:01:16 22:16:36+01:00 FileType.................: Win32 EXE PEType...................: PE32 CodeSize.................: 28672 LinkerVersion............: 7.1 EntryPoint...............: 0x2a19 InitializedDataSize......: 16384 SubsystemVersion.........: 4.0 ImageVersion.............: 0.0 OSVersion................: 4.0 UninitializedDataSize....: 0 Portable Executable structural information PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 28162 28672 6.57 ed27aeab3cd856e35f52e2a5f6f19dfd .rdata 32768 6820 8192 4.36 6c31e8c3b3cdc5d14c9e1a8fd48be52b .data 40960 4472 4096 1.54 edaa143f7fc53c8795b7839bcc912109 PE Imports....................: ADVAPI32.dll RegQueryValueExA, RegCloseKey, RegOpenKeyExA KERNEL32.dll LoadLibraryA, GetProcAddress, GetVersionExA, lstrlenA, GetLocalTime, FreeLibrary, RtlUnwind, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, HeapFree, TlsAlloc, SetLastError, GetCurrentThreadId, GetLastError, TlsFree, TlsSetValue, TlsGetValue, HeapAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, InterlockedExchange, VirtualQuery, InitializeCriticalSection, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW, HeapSize, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualProtect, GetSystemInfo First seen by VirusTotal 2012-01-21 20:49:02 UTC ( 1 month, 3 weeks ago ) Last seen by VirusTotal 2012-03-19 00:59:05 UTC ( 1 minute ago ) File names (max. 25) C:\Windows\SysWOW64\taasklist.exe C:\Windows\SysWOW64\reeg.exe C:\Windows\SysWOW64\taasklist.exe C:\Windows\SysWOW64\reeg.exe WBADMIIN.EXE WBADMIIN.EXE DRIVEERQUERY.EXE SCC.EXE 2 file-3603596_exe vercllsid.exe conntrol.exe.org SCC.EXE NETSSH.EXE DBFD5B6800987013B05A00C7FD7438003C0341A7.exe MRINFFO.EXE SHA256: b4e4d63453ea5fbae38f3a44a325935a2575b0feb1607bc606414611d02d9344 SHA1: 323ef205076a82caaace9a19cf48b5e223350450 MD5: 371d2fcf751d9c2e3608a5e1c7c88828 File size: 44.0 KB ( 45056 bytes ) File name: C:\Windows\SysWOW64\reeg.exe File type: Win32 EXE Detection ratio: 0 / 43 Analysis date: 2012-03-19 01:03:23 UTC ( 0 minutes ago ) https://chart.google...100,100&chd=t:0 0 0 Antivirus Result Update AhnLab-V3 - 20120318 AntiVir - 20120318 Antiy-AVL - 20120318 Avast - 20120317 AVG - 20120318 BitDefender - 20120318 ByteHero - 20120316 CAT-QuickHeal - 20120318 ClamAV - 20120318 Commtouch - 20120318 Comodo - 20120318 DrWeb - 20120319 Emsisoft - 20120319 eSafe - 20120315 eTrust-Vet - 20120316 F-Prot - 20120318 F-Secure - 20120318 Fortinet - 20120318 GData - 20120318 Ikarus - 20120318 Jiangmin - 20120318 K7AntiVirus - 20120316 Kaspersky - 20120319 McAfee - 20120318 McAfee-GW-Edition - 20120319 Microsoft - 20120318 NOD32 - 20120319 Norman - 20120318 nProtect - 20120318 Panda - 20120318 PCTools - 20120314 Prevx - 20120319 Rising - 20120316 Sophos - 20120319 SUPERAntiSpyware - 20120317 Symantec - 20120318 TheHacker - 20120318 TrendMicro - 20120318 TrendMicro-HouseCall - 20120318 VBA32 - 20120316 VIPRE - 20120318 ViRobot - 20120318 VirusBuster - 20120319 Comments Additional information No comments More comments Leave your comment... ? Rich Text Area Toolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! Sign in Join the community An error occurred ssdeep 768:Cu+zWb2IHKZG8VF/ea0CL+3w02Z3DljL9GR1DT:j+LIeGkZexCL+3wXZ3TwDT TrID Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) ExifTool MIMEType.................: application/octet-stream Subsystem................: Windows GUI MachineType..............: Intel 386 or later, and compatibles TimeStamp................: 2012:01:16 22:16:36+01:00 FileType.................: Win32 EXE PEType...................: PE32 CodeSize.................: 28672 LinkerVersion............: 7.1 EntryPoint...............: 0x2a19 InitializedDataSize......: 16384 SubsystemVersion.........: 4.0 ImageVersion.............: 0.0 OSVersion................: 4.0 UninitializedDataSize....: 0 Portable Executable structural information PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 28162 28672 6.57 ed27aeab3cd856e35f52e2a5f6f19dfd .rdata 32768 6820 8192 4.36 6c31e8c3b3cdc5d14c9e1a8fd48be52b .data 40960 4472 4096 1.54 edaa143f7fc53c8795b7839bcc912109 PE Imports....................: ADVAPI32.dll RegQueryValueExA, RegCloseKey, RegOpenKeyExA KERNEL32.dll LoadLibraryA, GetProcAddress, GetVersionExA, lstrlenA, GetLocalTime, FreeLibrary, RtlUnwind, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, HeapFree, TlsAlloc, SetLastError, GetCurrentThreadId, GetLastError, TlsFree, TlsSetValue, TlsGetValue, HeapAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, InterlockedExchange, VirtualQuery, InitializeCriticalSection, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW, HeapSize, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualProtect, GetSystemInfo First seen by VirusTotal 2012-01-21 20:49:02 UTC ( 1 month, 3 weeks ago ) Last seen by VirusTotal 2012-03-19 00:59:05 UTC ( 1 minute ago ) File names (max. 25) C:\Windows\SysWOW64\taasklist.exe C:\Windows\SysWOW64\reeg.exe C:\Windows\SysWOW64\taasklist.exe C:\Windows\SysWOW64\reeg.exe WBADMIIN.EXE WBADMIIN.EXE DRIVEERQUERY.EXE SCC.EXE 2 file-3603596_exe vercllsid.exe conntrol.exe.org SCC.EXE NETSSH.EXE DBFD5B6800987013B05A00C7FD7438003C0341A7.exe MRINFFO.EXE reeg.7z taasklist.7z

Ok- Here they are: ComboFix 12-03-16.03 - Kenny 03/17/2012 9:45.4.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2779 [GMT -5:00] Running from: c:\users\Kenny\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 ))))))))))))))))))))))))))))))) . . 2012-03-17 14:49 . 2012-03-17 14:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-03-17 14:49 . 2012-03-17 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-16 23:58 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB3AC9A4-B31E-4A41-B545-21E2C9DC3A78}\mpengine.dll 2012-03-16 22:06 . 2012-03-16 22:07 -------- d-----w- c:\programdata\SecTaskMan 2012-03-16 22:02 . 2012-03-16 22:05 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} 2012-03-16 22:01 . 2012-03-16 22:01 -------- d-----w- c:\users\Kenny\AppData\Local\PackageAware 2012-03-16 19:58 . 2012-03-16 19:58 -------- d-----w- c:\users\Kenny\AppData\Roaming\LucasArts 2012-03-16 16:23 . 2012-03-16 16:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-16 16:23 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-16 12:12 . 2012-03-16 12:12 -------- d-----w- c:\windows\SysWow64\3021 2012-03-15 02:39 . 2012-03-15 02:39 -------- d-----w- c:\program files\Oracle 2012-03-15 02:38 . 2012-01-10 18:28 750488 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-15 02:38 . 2012-01-10 18:28 660368 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-15 02:37 . 2012-03-15 02:38 -------- d-----w- c:\program files\Java 2012-03-14 10:52 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 10:52 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 10:52 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 09:32 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 09:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 09:32 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 09:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 09:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 09:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 09:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 09:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 09:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 09:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-12 20:42 . 2012-03-12 20:42 -------- d-----w- c:\users\Kenny\AppData\Roaming\Malwarebytes 2012-03-12 19:44 . 2012-03-12 19:44 -------- d-----w- c:\program files\Enigma Software Group 2012-03-12 19:43 . 2012-03-12 20:11 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP 2012-03-12 12:23 . 2012-03-12 12:23 -------- d-----w- c:\users\Kenny\AppData\Local\Threat Expert 2012-03-12 12:07 . 2012-03-12 12:07 -------- d-----w- c:\program files (x86)\PC Tools 2012-03-12 12:05 . 2012-03-12 20:24 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-03-12 12:05 . 2012-02-24 15:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-03-12 12:04 . 2012-03-12 12:36 -------- d-----w- c:\programdata\PC Tools 2012-03-12 02:49 . 2012-03-12 02:49 -------- d-----w- c:\windows\Downloaded Installations 2012-03-11 23:07 . 2012-02-08 04:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-11 22:33 . 2012-03-11 22:43 -------- d-----w- c:\programdata\SpeedyPC Software 2012-03-11 22:04 . 2012-03-11 22:04 39184 ----a-w- c:\windows\system32\Partizan.exe 2012-03-11 21:55 . 2012-03-15 02:52 2 --shatr- c:\windows\winstart.bat 2012-03-11 19:33 . 2012-03-11 19:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E3688C9F-6EBA-48AD-8376-27B33CC3ACB2}\gapaengine.dll 2012-03-11 19:32 . 2012-03-11 19:32 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-03-11 19:31 . 2012-03-11 19:32 -------- d-----w- c:\program files\Microsoft Security Client 2012-03-11 18:24 . 2012-03-11 18:24 -------- d-----w- c:\program files (x86)\Trend Micro 2012-03-11 04:29 . 2012-03-11 04:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-11 04:09 . 2012-03-11 04:09 -------- d-----w- c:\programdata\Malwarebytes 2012-03-10 18:17 . 2012-03-10 18:17 -------- d-----w- c:\programdata\NVIDIA 2012-03-10 18:17 . 2012-02-10 03:14 6074176 ----a-w- c:\windows\system32\nvcpl.dll 2012-03-10 18:17 . 2012-02-10 03:14 3089728 ----a-w- c:\windows\system32\nvsvc64.dll 2012-03-10 18:17 . 2012-02-10 03:07 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-03-10 18:17 . 2012-02-10 03:07 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-03-10 18:17 . 2012-02-10 03:07 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-03-10 18:17 . 2012-02-10 03:07 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-03-10 01:23 . 2012-03-01 19:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13BE0816-07C1-44AD-8B7A-734327D20984}\mpengine.dll 2012-03-09 14:11 . 2012-03-16 12:12 -------- d-----w- c:\windows\SysWow64\2055 2012-03-09 14:10 . 2012-03-09 14:10 -------- d-----w- c:\windows\SysWow64\2002 2012-03-08 03:37 . 2012-03-08 03:37 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-03-05 03:29 . 2012-03-05 03:29 -------- d-----w- c:\users\Kenny\AppData\Roaming\Elephant Games 2012-03-05 03:27 . 2012-03-09 17:34 -------- d-----w- c:\program files (x86)\Games 2012-02-26 17:38 . 2012-01-17 12:45 72512 ----a-w- c:\windows\system32\nvapo64v.dll 2012-02-26 17:38 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-02-26 17:38 . 2012-01-17 12:46 31040 ----a-w- c:\windows\system32\nvhdap64.dll 2012-02-26 17:38 . 2012-01-17 12:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2012-02-26 17:38 . 2012-03-10 18:17 -------- d-----w- c:\program files\NVIDIA Corporation 2012-02-26 17:37 . 2012-02-26 17:37 -------- d-----w- C:\NVIDIA 2012-02-24 12:07 . 1999-11-10 18:05 86016 ----a-w- c:\windows\unvise32qt.exe 2012-02-20 03:32 . 2012-02-20 03:32 -------- d-----w- c:\programdata\Tages 2012-02-19 23:40 . 2012-02-19 23:40 -------- d-----w- c:\windows\en 2012-02-19 23:38 . 2012-02-19 23:38 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2012-02-19 23:38 . 2012-03-10 23:40 -------- dc----w- c:\windows\system32\DRVSTORE 2012-02-19 23:37 . 2012-02-19 23:37 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6fd86fea1ccef5f01\MeshBetaRemover.exe 2012-02-19 23:25 . 2012-02-19 23:47 -------- d-----w- c:\program files\Windows Live 2012-02-19 23:11 . 2012-02-29 23:30 -------- d-----w- c:\program files\CCleaner 2012-02-19 23:09 . 2012-02-19 23:09 -------- d-----w- c:\program files\7-Zip 2012-02-17 12:23 . 2012-02-17 12:23 -------- d-----w- c:\program files (x86)\Guild Wars . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-15 03:36 . 2011-09-19 15:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-23 15:18 . 2011-09-19 16:00 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-03 12:00 . 2012-02-03 12:00 164992 ----a-w- c:\windows\SysWow64\drivers\athsgt.sys 2012-02-03 12:00 . 2012-02-03 12:00 12544 ----a-w- c:\windows\SysWow64\drivers\limsgt.sys 2012-01-04 10:44 . 2012-02-15 11:52 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-04 08:58 . 2012-02-15 11:52 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2011-12-31 23:19 . 2011-10-13 11:23 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2011-12-31 23:19 . 2011-10-13 11:23 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-12-31 23:19 . 2011-10-13 11:23 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2011-12-31 23:19 . 2011-10-13 11:23 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-12-30 06:26 . 2012-02-15 11:52 515584 ----a-w- c:\windows\system32\timedate.cpl 2011-12-30 05:27 . 2012-02-15 11:52 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2011-12-28 03:59 . 2012-02-15 11:52 498688 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0F802439-432B-1C45-7CD3-59DE607400C2}] 2009-07-14 01:11 73728 ----a-w- c:\windows\SysWOW64\KBDDCAN.DLL . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2E90012A-40C7-6932-71FF-6EB3583B4BEB}] 2011-06-11 07:58 73728 ----a-w- c:\windows\SysWOW64\mffc100enu.dll . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X] "adaware_XP"="reg.exe delete HKCU\Software\adaware" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.exe [2012-01-21 240408] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 hexmagic;hexmagic;c:\windows\system32\drivers\hexmagic.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.exe [2012-01-21 192792] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x] S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-03-16 c:\windows\Tasks\At1.job - c:\windows\SysWOW64\reeg.exe [2009-07-13 01:14] . 2012-03-16 c:\windows\Tasks\At2.job - c:\windows\SysWOW64\taasklist.exe [2009-07-13 01:14] . . --------- x86-64 ----------- . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.cbsnews.com/?ocid=MIE8MSNB/ mLocal Page = c:\windows\system32\blank.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-3974904213-1714037821-1548854753-1001) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-3974904213-1714037821-1548854753-1001) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:de,c3,8d,0f,b5,ef,fe,33,23,9c,d6,63,2d,f7,42,f2,bb,d6,3b,49,9a,ed,77, 84,dd,84,45,e8,ac,28,db,3f,96,8f,50,06,e6,d5,85,5a,61,d1,19,7f,24,e6,53,2a,\ "??"=hex:1b,5c,00,6c,19,29,b6,60,a7,81,26,f9,6d,5e,cb,bb . [HKEY_USERS\S-1-5-21-3974904213-1714037821-1548854753-1001\Software\SecuROM\License information*] "datasecu"=hex:30,d1,14,ac,0d,c6,af,15,6b,19,cf,47,74,9b,89,bf,19,50,34,0c,b4, 69,50,af,26,b1,00,c1,a4,17,00,89,ca,74,00,94,ce,ad,fb,7d,45,05,a0,6c,1f,f4,\ "rkeysecu"=hex:05,34,13,a2,22,06,63,9f,9d,7d,81,00,92,99,7c,60 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\09\05\17\0e\0b\06?" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-03-17 09:54:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-17 14:54 . Pre-Run: 229,692,833,792 bytes free Post-Run: 229,483,610,112 bytes free . - - End Of File - - B5DE878AB390CE3F35EA02A21708A856 . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Kenny at 9:56:27 on 2012-03-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2508 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\notepad.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Microsoft Security Client\msseces.exe c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingApp.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingBar.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.cbsnews.com/?ocid=MIE8MSNB/ BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Groove Folder Synchronization: {0f802439-432b-1c45-7cd3-59de607400c2} - C:\Windows\SysWOW64\KBDDCAN.DLL BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Adobe PDF Link Helper: {2e90012a-40c7-6932-71ff-6eb3583b4beb} - C:\Windows\SysWow64\mffc100enu.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll" TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{037AEAC4-C825-4164-8D9F-487EA929E4E3} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{23186FDD-D6B1-418E-8FCD-806ABA5FA22A} : DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Groove Folder Synchronization: {0F802439-432B-1C45-7CD3-59DE607400C2} - C:\Windows\SysWOW64\KBDDCAN.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Adobe PDF Link Helper: {2E90012A-40C7-6932-71FF-6EB3583B4BEB} - C:\Windows\SysWow64\mffc100enu.dll BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll" TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.EXE [2012-1-21 192792] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-16 652360] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.EXE [2012-1-21 240408] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?] R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?] R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-03-17 14:50:33 -------- d-----w- C:\$RECYCLE.BIN 2012-03-16 23:58:40 8643640 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB3AC9A4-B31E-4A41-B545-21E2C9DC3A78}\mpengine.dll 2012-03-16 22:39:50 -------- d-----w- C:\Users\Kenny\AppData\Local\{08FC4607-8048-41AC-87AF-4AF33648EC89} 2012-03-16 22:39:28 -------- d-----w- C:\Users\Kenny\AppData\Local\{B693081E-7EEB-44C4-BF21-C7CEC08F0469} 2012-03-16 22:06:56 -------- d-----w- C:\ProgramData\SecTaskMan 2012-03-16 22:02:24 -------- dc-h--w- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} 2012-03-16 22:01:53 -------- d-----w- C:\Users\Kenny\AppData\Local\PackageAware 2012-03-16 19:58:03 -------- d-----w- C:\Users\Kenny\AppData\Roaming\LucasArts 2012-03-16 16:23:56 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-16 16:23:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-16 12:12:10 -------- d-----w- C:\Windows\SysWow64\3021 2012-03-16 01:11:10 -------- d-----w- C:\Users\Kenny\AppData\Local\{51899782-9439-4CB4-BE42-4A32F56CEF43} 2012-03-16 01:11:01 -------- d-----w- C:\Users\Kenny\AppData\Local\{64E5471A-D587-4525-93E3-1C85D93B4F39} 2012-03-15 02:39:22 -------- d-----w- C:\Program Files\Oracle 2012-03-15 02:38:51 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-03-15 02:38:51 660368 ----a-w- C:\Windows\System32\deployJava1.dll 2012-03-14 22:23:52 98816 ----a-w- C:\Windows\sed.exe 2012-03-14 22:23:52 518144 ----a-w- C:\Windows\SWREG.exe 2012-03-14 22:23:52 256000 ----a-w- C:\Windows\PEV.exe 2012-03-14 22:23:52 208896 ----a-w- C:\Windows\MBR.exe 2012-03-14 10:52:53 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-14 10:52:52 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-14 10:52:52 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-14 09:32:11 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-14 09:32:11 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-14 09:32:11 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-14 09:29:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-14 09:29:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-14 09:29:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-14 09:29:30 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-14 09:29:30 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-14 09:29:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-14 09:29:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-12 20:42:29 -------- d-----w- C:\Users\Kenny\AppData\Roaming\Malwarebytes 2012-03-12 19:44:09 -------- d-----w- C:\Program Files\Enigma Software Group 2012-03-12 19:43:10 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP 2012-03-12 12:23:51 -------- d-----w- C:\Users\Kenny\AppData\Local\Threat Expert 2012-03-12 12:07:34 -------- d-----w- C:\Program Files (x86)\PC Tools 2012-03-12 12:05:17 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2012-03-12 12:05:17 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2012-03-12 12:04:57 -------- d-----w- C:\ProgramData\PC Tools 2012-03-12 02:49:59 -------- d-----w- C:\Windows\Downloaded Installations 2012-03-11 23:07:42 8643640 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-11 22:33:43 -------- d-----w- C:\ProgramData\SpeedyPC Software 2012-03-11 22:04:33 39184 ----a-w- C:\Windows\System32\Partizan.exe 2012-03-11 21:55:36 2 --shatr- C:\Windows\winstart.bat 2012-03-11 19:33:04 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3688C9F-6EBA-48AD-8376-27B33CC3ACB2}\gapaengine.dll 2012-03-11 19:32:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-03-11 19:31:58 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-03-11 18:24:27 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-03-11 04:29:48 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-03-11 04:09:38 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-10 18:17:16 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-03-10 18:17:16 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-03-10 18:17:16 6074176 ----a-w- C:\Windows\System32\nvcpl.dll 2012-03-10 18:17:16 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-03-10 18:17:16 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-03-10 18:17:16 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-03-10 01:23:48 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{13BE0816-07C1-44AD-8B7A-734327D20984}\mpengine.dll 2012-03-09 14:11:03 -------- d-----w- C:\Windows\SysWow64\2055 2012-03-09 14:10:37 -------- d-----w- C:\Windows\SysWow64\2002 2012-03-08 03:52:35 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-03-08 03:37:58 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2012-03-05 03:29:54 -------- d-----w- C:\Users\Kenny\AppData\Roaming\Elephant Games 2012-03-05 03:27:25 -------- d-----w- C:\Program Files (x86)\Games 2012-02-26 17:38:42 72512 ----a-w- C:\Windows\System32\nvapo64v.dll 2012-02-26 17:38:42 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2012-02-26 17:38:41 31040 ----a-w- C:\Windows\System32\nvhdap64.dll 2012-02-26 17:38:41 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2012-02-26 17:38:22 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-02-26 17:37:48 -------- d-----w- C:\NVIDIA 2012-02-24 12:07:10 86016 ----a-w- C:\Windows\unvise32qt.exe 2012-02-20 03:32:07 -------- d-----w- C:\ProgramData\Tages 2012-02-19 23:40:47 -------- d-----w- C:\Windows\en 2012-02-19 23:38:58 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-02-19 23:37:26 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fd86fea1ccef5f01\MeshBetaRemover.exe 2012-02-19 23:11:49 -------- d-----w- C:\Program Files\CCleaner 2012-02-17 12:23:06 -------- d-----w- C:\Program Files (x86)\Guild Wars . ==================== Find3M ==================== . 2012-03-15 03:36:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-02-03 12:00:14 164992 ----a-w- C:\Windows\SysWow64\drivers\athsgt.sys 2012-02-03 12:00:11 12544 ----a-w- C:\Windows\SysWow64\drivers\limsgt.sys 2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2011-12-31 23:19:13 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2011-12-31 23:19:13 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2011-12-31 23:19:13 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2011-12-31 23:19:13 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl 2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys . ============= FINISH: 9:56:52.96 ===============

I guess you can't help me since i had a problem with your damn paste clipboard.

Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kenny :: KENNY-PC [administrator] 3/15/2012 4:21:14 PM mbam-log-2012-03-15 (16-21-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 203847 Time elapsed: 2 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kenny :: KENNY-PC [administrator] 3/15/2012 4:21:14 PM mbam-log-2012-03-15 (16-21-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 203847 Time elapsed: 2 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kenny :: KENNY-PC [administrator] 3/15/2012 4:21:14 PM mbam-log-2012-03-15 (16-21-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 203847 Time elapsed: 2 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kenny :: KENNY-PC [administrator] 3/15/2012 4:21:14 PM mbam-log-2012-03-15 (16-21-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 203847 Time elapsed: 2 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Thank You For the help. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kenny :: KENNY-PC [administrator] 3/15/2012 4:21:14 PM mbam-log-2012-03-15 (16-21-14).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 203847 Time elapsed: 2 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Kenny at 16:23:03 on 2012-03-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2355 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\DRIVERS\xaudio64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingApp.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingBar.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingSurrogate.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.cbsnews.com/?ocid=MIE8MSNB/ uWindow Title = Internet Explorer, optimized for Bing and MSN uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Groove Folder Synchronization: {0f802439-432b-1c45-7cd3-59de607400c2} - C:\Windows\SysWOW64\KBDDCAN.DLL BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {1f16312e-19de-5861-0ba2-71716c621717} - C:\Windows\SysWOW64\fdPProxy.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll" TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f StartupFolder: C:\Users\Kenny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{037AEAC4-C825-4164-8D9F-487EA929E4E3} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{23186FDD-D6B1-418E-8FCD-806ABA5FA22A} : DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Groove Folder Synchronization: {0F802439-432B-1C45-7CD3-59DE607400C2} - C:\Windows\SysWOW64\KBDDCAN.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {1F16312E-19DE-5861-0BA2-71716C621717} - C:\Windows\SysWOW64\fdPProxy.dll BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BingExt.dll" TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\SeaPort.EXE [2012-1-21 240408] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?] R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?] R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.352.0\BBSvc.EXE [2012-1-21 192792] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?] S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-03-15 13:44:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10E6BF4B-E7CE-42EF-B3DB-CAC972780868}\offreg.dll 2012-03-15 13:43:23 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10E6BF4B-E7CE-42EF-B3DB-CAC972780868}\mpengine.dll 2012-03-15 02:51:50 -------- d-----w- C:\Program Files (x86)\UnHackMe 2012-03-15 02:39:22 -------- d-----w- C:\Program Files\Oracle 2012-03-15 02:38:51 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-03-15 02:38:51 660368 ----a-w- C:\Windows\System32\deployJava1.dll 2012-03-14 22:23:52 98816 ----a-w- C:\Windows\sed.exe 2012-03-14 22:23:52 518144 ----a-w- C:\Windows\SWREG.exe 2012-03-14 22:23:52 256000 ----a-w- C:\Windows\PEV.exe 2012-03-14 22:23:52 208896 ----a-w- C:\Windows\MBR.exe 2012-03-14 22:23:50 -------- d-s---w- C:\ComboFix 2012-03-14 14:45:43 -------- d-----w- C:\Program Files (x86)\SpywareBlaster 2012-03-14 13:28:34 -------- d-----w- C:\Users\Kenny\AppData\Roaming\SUPERAntiSpyware.com 2012-03-14 13:27:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-03-14 13:27:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-03-14 10:52:53 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-14 10:52:52 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-14 10:52:52 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-14 09:32:11 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-14 09:32:11 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-14 09:32:11 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-14 09:29:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-14 09:29:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-14 09:29:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-14 09:29:30 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-14 09:29:30 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-14 09:29:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-14 09:29:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-12 20:46:15 29808 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2012-03-12 20:42:29 -------- d-----w- C:\Users\Kenny\AppData\Roaming\Malwarebytes 2012-03-12 20:42:21 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-12 20:42:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-12 19:44:09 -------- d-----w- C:\sh4ldr 2012-03-12 19:44:09 -------- d-----w- C:\Program Files\Enigma Software Group 2012-03-12 19:43:10 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP 2012-03-12 12:23:51 -------- d-----w- C:\Users\Kenny\AppData\Local\Threat Expert 2012-03-12 12:07:34 -------- d-----w- C:\Program Files (x86)\PC Tools 2012-03-12 12:05:17 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys 2012-03-12 12:05:17 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2012-03-12 12:04:57 -------- d-----w- C:\ProgramData\PC Tools 2012-03-12 02:49:59 -------- d-----w- C:\Windows\Downloaded Installations 2012-03-11 23:07:42 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-11 22:33:43 -------- d-----w- C:\ProgramData\SpeedyPC Software 2012-03-11 22:04:33 39184 ----a-w- C:\Windows\System32\Partizan.exe 2012-03-11 21:55:36 2 --shatr- C:\Windows\winstart.bat 2012-03-11 19:33:04 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E3688C9F-6EBA-48AD-8376-27B33CC3ACB2}\gapaengine.dll 2012-03-11 19:32:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-03-11 19:31:58 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-03-11 18:24:27 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-03-11 04:29:48 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-03-11 04:09:38 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-10 18:17:16 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-03-10 18:17:16 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-03-10 18:17:16 6074176 ----a-w- C:\Windows\System32\nvcpl.dll 2012-03-10 18:17:16 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-03-10 18:17:16 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-03-10 18:17:16 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-03-10 01:28:40 98 ---ha-w- C:\aaw7boot.cmd 2012-03-10 01:23:48 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{13BE0816-07C1-44AD-8B7A-734327D20984}\mpengine.dll 2012-03-09 14:11:03 -------- d-----w- C:\Windows\SysWow64\2055 2012-03-09 14:10:37 -------- d-----w- C:\Windows\SysWow64\2002 2012-03-08 03:52:35 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-03-08 03:37:58 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2012-03-05 03:29:54 -------- d-----w- C:\Users\Kenny\AppData\Roaming\Elephant Games 2012-03-05 03:27:25 -------- d-----w- C:\Program Files (x86)\Games 2012-02-26 17:38:42 72512 ----a-w- C:\Windows\System32\nvapo64v.dll 2012-02-26 17:38:42 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2012-02-26 17:38:41 31040 ----a-w- C:\Windows\System32\nvhdap64.dll 2012-02-26 17:38:41 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2012-02-26 17:38:22 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-02-26 17:37:48 -------- d-----w- C:\NVIDIA 2012-02-24 12:07:10 86016 ----a-w- C:\Windows\unvise32qt.exe 2012-02-20 03:32:07 -------- d-----w- C:\ProgramData\Tages 2012-02-19 23:40:47 -------- d-----w- C:\Windows\en 2012-02-19 23:38:58 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-02-19 23:37:26 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fd86fea1ccef5f01\MeshBetaRemover.exe 2012-02-19 23:11:49 -------- d-----w- C:\Program Files\CCleaner 2012-02-17 12:23:06 -------- d-----w- C:\Program Files (x86)\Guild Wars 2012-02-15 11:52:43 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2012-02-15 11:52:43 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2012-02-15 11:52:38 515584 ----a-w- C:\Windows\System32\timedate.cpl 2012-02-15 11:52:38 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-02-15 11:52:38 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2012-02-15 11:52:38 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-02-15 11:52:37 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl . ==================== Find3M ==================== . 2012-03-15 03:36:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-02-03 12:00:14 164992 ----a-w- C:\Windows\SysWow64\drivers\athsgt.sys 2012-02-03 12:00:11 12544 ----a-w- C:\Windows\SysWow64\drivers\limsgt.sys 2011-12-31 23:19:13 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2011-12-31 23:19:13 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2011-12-31 23:19:13 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2011-12-31 23:19:13 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2011-12-28 15:10:42 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys . ============= FINISH: 16:23:45.18 ===============

My Computer Info.

I seem to be lucky in as much as it only interupts my search results. A direct typed address or a click on favorites not effected. I get redirected to an address with ip addresses like 63.209.69.107and then some bogus page. Have also seen the fake virus scanner but have clicked out in time i guess. I use Microsoft essentials. I have tryed malwarebytes to scan and it finds nothing. Also gmer shows no results. Thanks -Lucky but Frustrated.