Jump to content

RomanArmstrong

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Everything posted by RomanArmstrong

  1. RomanArmstrong
    I don't know if this affects whatever process you'll suggest--I highly doubt it removed the virus, itself--but, as per the instructions of HiRez Studios' tech support for the problem that originally brought me here, I copied the files from [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections] DefaultConnectionSettings and pasted them in [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections] DefaultConnectionSettings. For the moment, the patcher is working perfectly, and I'm having nor more trouble with search result redirection.
  2. RomanArmstrong
    ComboFix 12-06-16.02 - Roman2 06/18/2012 20:20:39.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1283 [GMT -5:00] Running from: c:\documents and settings\Roman2.RICHARD\My Documents\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Elizabeth\Application Data\Dealio c:\documents and settings\Elizabeth\Application Data\Dealio\res\widgets.xml c:\documents and settings\Elizabeth\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml c:\documents and settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\5vgaz1qy.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0} c:\documents and settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\5vgaz1qy.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\chrome.manifest c:\documents and settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\5vgaz1qy.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\chrome\xulcache.jar c:\documents and settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\5vgaz1qy.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\defaults\preferences\xulcache.js c:\documents and settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\5vgaz1qy.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\install.rdf c:\documents and settings\Roman2.RICHARD\Application Data\Mozilla\Firefox\Profiles\190cxai2.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0} c:\documents and settings\Roman2.RICHARD\Application Data\Mozilla\Firefox\Profiles\190cxai2.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\chrome.manifest c:\documents and settings\Roman2.RICHARD\Application Data\Mozilla\Firefox\Profiles\190cxai2.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\chrome\xulcache.jar c:\documents and settings\Roman2.RICHARD\Application Data\Mozilla\Firefox\Profiles\190cxai2.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\defaults\preferences\xulcache.js c:\documents and settings\Roman2.RICHARD\Application Data\Mozilla\Firefox\Profiles\190cxai2.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\install.rdf c:\documents and settings\Roman2\Application Data\Mozilla\Firefox\Profiles\190cxai2.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0} c:\documents and settings\Roman2\Application Data\Mozilla\Firefox\Profiles\190cxai2.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\chrome.manifest c:\documents and settings\Roman2\Application Data\Mozilla\Firefox\Profiles\190cxai2.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\chrome\xulcache.jar c:\documents and settings\Roman2\Application Data\Mozilla\Firefox\Profiles\190cxai2.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\defaults\preferences\xulcache.js c:\documents and settings\Roman2\Application Data\Mozilla\Firefox\Profiles\190cxai2.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\install.rdf c:\documents and settings\Roman2\llmbjmvywn.tmp c:\documents and settings\Susan.RICHARD\WINDOWS c:\documents and settings\Susan\Application Data\Dealio c:\documents and settings\Susan\Application Data\Dealio\res\widgets.xml c:\documents and settings\Susan\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\ugmvoz4s.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0} c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\ugmvoz4s.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\chrome.manifest c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\ugmvoz4s.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\chrome\xulcache.jar c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\ugmvoz4s.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\defaults\preferences\xulcache.js c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\ugmvoz4s.default\extensions\{a759f96e-0c16-4e31-80a4-5e2c26e77bd0}\install.rdf C:\install.exe c:\program files\filesubmit c:\program files\filesubmit\wfs\wfs.zip c:\program files\OApps\bhO_project.dll c:\windows\system32\_000005_.tmp.dll c:\windows\system32\SET37C.tmp c:\windows\system32\SET37D.tmp c:\windows\system32\SET37E.tmp c:\windows\system32\SET382.tmp c:\windows\system32\SET383.tmp c:\windows\system32\SET384.tmp c:\windows\system32\SET388.tmp c:\windows\system32\SET38A.tmp . . ((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))))) . . 2012-06-17 22:21 . 2012-06-17 22:21 388096 ----a-r- c:\documents and settings\Roman2.RICHARD\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-17 22:21 . 2012-06-17 22:21 -------- d-----w- c:\program files\Trend Micro 2012-06-16 03:54 . 2012-06-19 01:25 -------- d-----w- c:\program files\OApps 2012-06-16 03:54 . 2012-06-16 03:57 -------- d-----w- c:\program files\TorrentSearch 2012-06-16 03:54 . 2012-06-16 03:56 -------- d-----w- c:\program files\intellidownload 2012-06-16 00:09 . 2012-06-16 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\GoldWave 2012-06-15 23:54 . 2012-06-17 22:25 -------- d-----w- c:\program files\WAV to MP3 Encoder 2012-06-15 23:54 . 2002-08-23 04:27 348160 ----a-w- c:\windows\system32\FlatBtn6.ocx 2012-06-15 23:54 . 2001-12-12 16:35 348160 ----a-w- c:\windows\system32\MEnc.ocx 2012-06-15 23:07 . 2012-06-15 23:07 -------- d-----w- c:\program files\GoldWave 2012-06-15 05:16 . 2012-06-15 05:20 -------- d-----w- c:\documents and settings\Roman2.RICHARD\Application Data\MinerWars 2012-06-15 04:57 . 2012-06-15 04:57 -------- d-----w- c:\program files\Keen Software House 2012-06-15 04:56 . 2012-06-15 04:56 -------- d-----w- c:\program files\SlimDX SDK (September 2011) 2012-06-15 04:55 . 2012-06-15 04:55 -------- d-----w- c:\program files\Microsoft XNA 2012-06-14 21:31 . 2012-06-14 21:31 -------- d-----w- c:\documents and settings\Roman2.RICHARD\Local Settings\Application Data\ArmA 2 Free 2012-06-14 21:28 . 2012-06-14 21:28 -------- d-----w- c:\program files\Bohemia Interactive 2012-06-13 11:55 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-08 04:58 . 2012-06-14 20:34 -------- d-----w- c:\program files\Hero Editor 2012-06-08 04:57 . 2012-06-08 04:57 249856 ------w- c:\windows\Setup1.exe 2012-06-08 04:57 . 2012-06-08 04:57 73216 ----a-w- c:\windows\ST6UNST.EXE 2012-06-07 03:57 . 2012-06-07 03:57 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-07 03:57 . 2012-06-07 03:57 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-04 21:13 . 2012-06-04 21:13 -------- d-----w- c:\windows\Diablo II 2012-06-04 21:12 . 2012-06-14 20:33 -------- d-----w- C:\Diablo II 2012-06-04 00:57 . 2012-06-04 00:58 21840 ----atw- c:\windows\system32\SIntfNT.dll 2012-06-04 00:57 . 2012-06-04 00:58 17212 ----atw- c:\windows\system32\SIntf32.dll 2012-06-04 00:57 . 2012-06-04 00:58 12067 ----atw- c:\windows\system32\SIntf16.dll 2012-06-01 07:34 . 2012-06-01 07:34 -------- d-----w- c:\documents and settings\Roman2.RICHARD\Local Settings\Application Data\Unity 2012-05-22 23:12 . 2012-05-22 23:13 -------- d-----w- c:\documents and settings\Elizabeth.RICHARD\Local Settings\Application Data\Skyrim 2012-05-22 18:57 . 2012-05-22 19:01 -------- d-----w- c:\documents and settings\Roman2.RICHARD\Local Settings\Application Data\Skyrim 2012-05-22 18:55 . 2012-05-22 18:55 -------- d-----w- C:\214eddf86e80e1587dc4 2012-05-22 15:18 . 2012-05-22 15:18 -------- d-----w- c:\documents and settings\Rick.RICHARD\Local Settings\Application Data\Temp 2012-05-22 15:18 . 2012-05-22 15:18 -------- d-----w- c:\documents and settings\Rick.RICHARD\Local Settings\Application Data\Adobe 2012-05-22 15:05 . 2012-05-22 15:05 -------- d-----w- c:\documents and settings\Rick.RICHARD\Application Data\vlc . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-18 01:36 . 2012-04-19 03:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-18 01:36 . 2011-05-15 20:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 20:19 . 2008-10-16 19:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19 . 2009-08-25 17:52 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 20:19 . 2009-08-25 17:52 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19 . 2009-08-25 17:52 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 20:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19 . 2009-08-25 17:52 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 20:19 . 2009-08-25 17:40 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 20:19 . 2008-10-16 19:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 20:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19 . 2001-08-23 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 20:19 . 2008-10-16 19:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:19 . 2009-08-25 17:52 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 20:19 . 2009-08-25 17:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 20:18 . 2010-06-18 14:19 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18 . 2010-06-18 14:19 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18 . 2010-06-18 14:19 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2001-08-23 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20 . 2001-08-23 12:00 1863168 ------w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2009-08-25 17:52 385024 ------w- c:\windows\system32\html.iec 2012-05-04 13:16 . 2001-08-23 12:00 2148352 ------w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2001-08-17 13:48 2026496 ------w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2009-08-25 17:40 139656 ------w- c:\windows\system32\drivers\rdpwd.sys 2012-04-29 22:28 . 2012-04-29 22:28 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys 2012-04-19 23:39 . 2012-04-02 22:08 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-19 23:39 . 2010-09-02 16:25 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-19 03:30 . 2012-02-20 18:52 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-04-04 20:56 . 2010-05-27 14:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-16 21:34 . 2011-09-28 01:32 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\steam.exe" [2012-01-12 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SchedulingAgent"="mstinit.exe" [2008-04-14 12288] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 98304] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . c:\documents and settings\Roman2\Start Menu\Programs\Startup\ GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2009-9-2 36864] NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-9-2 49220] . c:\documents and settings\Susan\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] . c:\documents and settings\Elizabeth\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] . c:\documents and settings\Elizabeth.RICHARD\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] . c:\documents and settings\Roman2.RICHARD\Start Menu\Programs\Startup\ GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2009-9-2 36864] NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-9-2 49220] OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2009-9-2 36864] NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-9-2 49220] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\ComicRack\\ComicRack.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Steam\\SteamApps\\nitroximos\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\skyrim\\SkyrimLauncher.exe"= "c:\\Program Files\\TorrentSearch\\easydownload.exe"= . P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [2/23/2012 5:55 PM 8704] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [12/10/2011 4:12 PM 14776] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/30/2011 10:35 PM 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/1/2010 5:48 PM 337880] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2/20/2012 1:52 PM 242240] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [4/18/2012 11:02 PM 913752] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/1/2010 5:48 PM 20696] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [4/19/2012 1:38 PM 21992] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [4/18/2012 7:09 PM 100368] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/18/2012 10:25 PM 257224] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 6:10 PM 113120] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S4 Freemake Improver;Freemake Improver;"c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" --> c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [?] . Contents of the 'Scheduled Tasks' folder . 2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 01:36] . 2012-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57] . 2012-06-18 c:\windows\Tasks\Game_Booster_Startup.job - c:\program files\IObit\Game Booster\gbtray.exe [2011-03-29 19:51] . 2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1715567821-839522115-1003Core.job - c:\documents and settings\Rick.RICHARD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-18 23:47] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1715567821-839522115-1003UA.job - c:\documents and settings\Rick.RICHARD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-18 23:47] . 2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1715567821-839522115-1005Core.job - c:\documents and settings\Susan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 18:42] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1715567821-839522115-1005UA.job - c:\documents and settings\Susan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 18:42] . 2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1715567821-839522115-1006Core.job - c:\documents and settings\Elizabeth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-02 13:28] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1715567821-839522115-1006UA.job - c:\documents and settings\Elizabeth\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-02 13:28] . 2012-06-18 c:\windows\Tasks\SmartDefrag_Startup.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-29 16:35] . . ------- Supplementary Scan ------- . uStart Page = about:blank TCP: DhcpNameServer = 192.168.11.1 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-18 20:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . C:\avast! sandbox . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,06,08,49,32,c1,13,4b,b3,dd,26,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,06,08,49,32,c1,13,4b,b3,dd,26,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(960) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Completion time: 2012-06-18 20:29:30 ComboFix-quarantined-files.txt 2012-06-19 01:29 . Pre-Run: 44,650,725,376 bytes free Post-Run: 46,700,744,704 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn . - - End Of File - - D618B24BE403EFB838EB3CCB078F784D
  3. RomanArmstrong
    I uninstalled Bittorrent (which, maybe to be a little facetious, I'll say isn't technically illegal), but I did have to manually remove some files before it stopped showing up in the DDS log. Anyway, the MBAM log follows: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.18.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Roman2 :: RICHARD [administrator] 6/18/2012 5:42:39 PM mbam-log-2012-06-18 (17-42-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 407047 Time elapsed: 13 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) And the DDS log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Roman2 at 18:07:18 on 2012-06-18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1377 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hi-Rez Studios\HiPatchService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Steam\steam.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\MagicTune Premium\GammaTray.exe C:\Program Files\SEC\Natural Color Pro\NCProTray.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: VideoFileDownload: {e78a5c92-6a2b-4369-ab14-0ed3b2b18584} - c:\program files\oapps\bho_project.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [steam] "c:\program files\steam\steam.exe" -silent uRun: [bitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED mRun: [schedulingAgent] mstinit.exe /firstlogon mRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [oxawluwe] c:\documents and settings\networkservice\local settings\application data\xirmigofw\fxiyjhttssd.exe StartupFolder: c:\docume~1\roman2~1.ric\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe StartupFolder: c:\docume~1\roman2~1.ric\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe StartupFolder: c:\docume~1\roman2~1.ric\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.11.1 TCP: Interfaces\{3D162B0D-0EB1-438B-845C-1E0A75072117} : DhcpNameServer = 192.168.11.1 Notify: AtiExtEvent - Ati2evxx.dll . ============= SERVICES / DRIVERS =============== . P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-2-23 8704] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-12-10 14776] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-30 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-1 337880] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-20 242240] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-4-18 913752] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-1 20696] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-18 44768] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-4-19 21992] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-4-18 100368] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-18 257224] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 Freemake Improver;Freemake Improver;"c:\documents and settings\all users\application data\freemake\freemakeutilsservice\freemakeutilsservice.exe" --> c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [?] . =============== Created Last 30 ================ . 2012-06-17 22:21:01 388096 ----a-r- c:\documents and settings\roman2.richard\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-06-17 22:21:00 -------- d-----w- c:\program files\Trend Micro 2012-06-16 03:54:42 -------- d-----w- c:\program files\OApps 2012-06-16 03:54:37 -------- d-----w- c:\program files\TorrentSearch 2012-06-16 03:54:23 -------- d-----w- c:\program files\intellidownload 2012-06-16 00:09:33 -------- d-----w- c:\documents and settings\all users\application data\GoldWave 2012-06-15 23:54:12 348160 ----a-w- c:\windows\system32\MEnc.ocx 2012-06-15 23:54:12 348160 ----a-w- c:\windows\system32\FlatBtn6.ocx 2012-06-15 23:54:12 -------- d-----w- c:\program files\WAV to MP3 Encoder 2012-06-15 23:07:55 -------- d-----w- c:\program files\GoldWave 2012-06-15 05:16:37 -------- d-----w- c:\documents and settings\roman2.richard\application data\MinerWars 2012-06-15 04:57:25 -------- d-----w- c:\program files\Keen Software House 2012-06-15 04:56:47 -------- d-----w- c:\program files\SlimDX SDK (September 2011) 2012-06-15 04:55:22 -------- d-----w- c:\program files\Microsoft XNA 2012-06-14 21:31:28 -------- d-----w- c:\documents and settings\roman2.richard\local settings\application data\ArmA 2 Free 2012-06-14 21:28:40 -------- d-----w- c:\program files\Bohemia Interactive 2012-06-13 11:55:03 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-08 04:58:01 -------- d-----w- c:\program files\Hero Editor 2012-06-08 04:57:54 249856 ------w- c:\windows\Setup1.exe 2012-06-08 04:57:53 73216 ----a-w- c:\windows\ST6UNST.EXE 2012-06-07 03:57:11 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-07 03:57:11 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-06-04 21:13:00 -------- d-----w- c:\windows\Diablo II 2012-06-04 21:12:57 -------- d-----w- C:\Diablo II 2012-06-04 00:57:16 21840 ----atw- c:\windows\system32\SIntfNT.dll 2012-06-04 00:57:16 17212 ----atw- c:\windows\system32\SIntf32.dll 2012-06-04 00:57:16 12067 ----atw- c:\windows\system32\SIntf16.dll 2012-06-01 07:34:02 -------- d-----w- c:\documents and settings\roman2.richard\local settings\application data\Unity 2012-05-22 18:57:00 -------- d-----w- c:\documents and settings\roman2.richard\local settings\application data\Skyrim 2012-05-22 18:55:26 -------- d-----w- C:\214eddf86e80e1587dc4 . ==================== Find3M ==================== . 2012-06-18 01:36:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-18 01:36:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ------w- c:\windows\system32\win32k.sys 2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec 2012-05-04 13:16:13 2148352 ------w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ------w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys 2012-04-29 22:28:04 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys 2012-04-19 23:39:01 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-19 23:39:00 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-19 03:30:00 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-04-19 00:48:15 0 ----a-w- c:\windows\ativpsrm.bin 2012-04-05 03:11:24 293992 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-04-05 03:11:24 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-04-05 03:11:22 293992 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 18:08:45.89 ===============
  4. RomanArmstrong
    I've attempted multiple times to join the public beta for Tribes: Ascend. It always freezes on the "Checking for Software Updates" stage. Upon running the included diagnostic program, I received the message: "The system is unable to connect to the update server https://patcher.hire...otingServer.rem due to a likely spyware/malware infection on port 5643 Google 'spyware port 5643' or '127.0.0.1:5643 malware' for more information" Here's the DDS file: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Roman2 at 21:41:50 on 2012-06-17 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1504 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hi-Rez Studios\HiPatchService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Steam\steam.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\MagicTune Premium\GammaTray.exe C:\Program Files\SEC\Natural Color Pro\NCProTray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: VideoFileDownload: {e78a5c92-6a2b-4369-ab14-0ed3b2b18584} - c:\program files\oapps\bho_project.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [steam] "c:\program files\steam\steam.exe" -silent uRun: [bitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED mRun: [schedulingAgent] mstinit.exe /firstlogon mRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [oxawluwe] c:\documents and settings\networkservice\local settings\application data\xirmigofw\fxiyjhttssd.exe StartupFolder: c:\docume~1\roman2~1.ric\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe StartupFolder: c:\docume~1\roman2~1.ric\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe StartupFolder: c:\docume~1\roman2~1.ric\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.11.1 TCP: Interfaces\{3D162B0D-0EB1-438B-845C-1E0A75072117} : DhcpNameServer = 192.168.11.1 Notify: AtiExtEvent - Ati2evxx.dll . ============= SERVICES / DRIVERS =============== . P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-2-23 8704] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-12-10 14776] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-30 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-1 337880] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-20 242240] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-4-18 913752] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-1 20696] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-18 44768] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-4-19 21992] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-4-18 100368] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-18 257224] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 Freemake Improver;Freemake Improver;"c:\documents and settings\all users\application data\freemake\freemakeutilsservice\freemakeutilsservice.exe" --> c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [?] . =============== Created Last 30 ================ . 2012-06-17 22:21:01 388096 ----a-r- c:\documents and settings\roman2.richard\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-06-17 22:21:00 -------- d-----w- c:\program files\Trend Micro 2012-06-16 03:54:42 -------- d-----w- c:\program files\OApps 2012-06-16 03:54:37 -------- d-----w- c:\program files\TorrentSearch 2012-06-16 03:54:23 -------- d-----w- c:\program files\intellidownload 2012-06-16 00:09:33 -------- d-----w- c:\documents and settings\all users\application data\GoldWave 2012-06-15 23:54:12 348160 ----a-w- c:\windows\system32\MEnc.ocx 2012-06-15 23:54:12 348160 ----a-w- c:\windows\system32\FlatBtn6.ocx 2012-06-15 23:54:12 -------- d-----w- c:\program files\WAV to MP3 Encoder 2012-06-15 23:07:55 -------- d-----w- c:\program files\GoldWave 2012-06-15 05:16:37 -------- d-----w- c:\documents and settings\roman2.richard\application data\MinerWars 2012-06-15 04:57:25 -------- d-----w- c:\program files\Keen Software House 2012-06-15 04:56:47 -------- d-----w- c:\program files\SlimDX SDK (September 2011) 2012-06-15 04:55:22 -------- d-----w- c:\program files\Microsoft XNA 2012-06-14 21:31:28 -------- d-----w- c:\documents and settings\roman2.richard\local settings\application data\ArmA 2 Free 2012-06-14 21:28:40 -------- d-----w- c:\program files\Bohemia Interactive 2012-06-13 11:55:03 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-08 04:58:01 -------- d-----w- c:\program files\Hero Editor 2012-06-08 04:57:54 249856 ------w- c:\windows\Setup1.exe 2012-06-08 04:57:53 73216 ----a-w- c:\windows\ST6UNST.EXE 2012-06-07 03:57:11 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-07 03:57:11 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-06-04 21:13:00 -------- d-----w- c:\windows\Diablo II 2012-06-04 21:12:57 -------- d-----w- C:\Diablo II 2012-06-04 00:57:16 21840 ----atw- c:\windows\system32\SIntfNT.dll 2012-06-04 00:57:16 17212 ----atw- c:\windows\system32\SIntf32.dll 2012-06-04 00:57:16 12067 ----atw- c:\windows\system32\SIntf16.dll 2012-06-01 07:34:02 -------- d-----w- c:\documents and settings\roman2.richard\local settings\application data\Unity 2012-05-22 18:57:00 -------- d-----w- c:\documents and settings\roman2.richard\local settings\application data\Skyrim 2012-05-22 18:55:26 -------- d-----w- C:\214eddf86e80e1587dc4 . ==================== Find3M ==================== . 2012-06-18 01:36:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-18 01:36:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ------w- c:\windows\system32\win32k.sys 2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec 2012-05-04 13:16:13 2148352 ------w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ------w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys 2012-04-29 22:28:04 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys 2012-04-19 23:39:01 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-19 23:39:00 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-19 03:30:00 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-04-19 00:48:15 0 ----a-w- c:\windows\ativpsrm.bin 2012-04-05 03:11:24 293992 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-04-05 03:11:24 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-04-05 03:11:22 293992 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 21:42:45.81 =============== attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.