rondread444

Members

View Profile See their activity

Posts
6
Joined
July 2, 2012
Last visited
July 7, 2012

Reputation

0 Neutral

Redirect Malware Help.

rondread444 replied to rondread444's topic in Resolved Malware Removal Logs

Thank you very much for your time and help, my computer is running like normal now. Appreciated . Ron
- July 5, 2012
- 16 replies
Redirect Malware Help.

rondread444 replied to rondread444's topic in Resolved Malware Removal Logs

Here are the requested txt's. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=d1153e5e92a6064e832219669f2663f6 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-04 12:05:22 # local_time=2012-07-03 08:05:22 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 34646629 92900517 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=196049 # found=8 # cleaned=8 # scan_time=3255 C:\Program Files (x86)\2K Sports\NBA 2K12\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Black_Box\Max Payne 3\gsrld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Users\Ron\AppData\Local\TempDIR\BetterInstaller.exe.vir a variant of Win32/Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\U\00000008.@.vir Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\U\80000000.@.vir Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Ron\Desktop\New folder (8)\Exploits\psneuter Android/Exploit.Lotoor.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Vid\Max.Payne.3.Update.v1.0.0.22-RELOADED\Crack\gsrld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C VVVVVVVVVVVVVVVVVVVVVVVVVV Results of screen317's Security Check version 0.99.42 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 JavaFX 2.1.0 Java 6 Update 26 Java 7 Update 4 Java version out of Date! Mozilla Firefox (13.0.1) Google Chrome 19.0.1084.56 Google Chrome 20.0.1132.47 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 14% Defragment your hard drive soon! ````````````````````End of Log``````````````````````
- July 4, 2012
- 16 replies
Redirect Malware Help.

rondread444 replied to rondread444's topic in Resolved Malware Removal Logs

Hello, the program ran successfully this time thanks, heres the log... VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV ComboFix 12-07-02.01 - Ron 07/03/2012 17:31:57.1.6 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2442 [GMT -4:00] Running from: c:\users\Ron\Desktop\sega.com Command switches used :: /killall AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml C:\setup.exe c:\users\Ron\AppData\Local\TempDIR c:\users\Ron\AppData\Local\TempDIR\BetterInstaller.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\@ c:\windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\L\00000004.@ c:\windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\L\201d3dde c:\windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\L\55490ac4 c:\windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\U\00000004.@ c:\windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\U\00000008.@ c:\windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\U\000000cb.@ c:\windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\U\80000000.@ c:\windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\U\80000032.@ c:\windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\U\80000064.@ D:\install.exe . Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 ))))))))))))))))))))))))))))))) . . 2074-05-07 23:38 . 2006-11-22 01:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2012-07-03 21:39 . 2012-07-03 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-02 23:52 . 2012-07-02 23:52 -------- d-----w- c:\users\Ron\AppData\Roaming\Malwarebytes 2012-07-02 23:52 . 2012-07-02 23:52 -------- d-----w- c:\programdata\Malwarebytes 2012-07-02 23:52 . 2012-07-02 23:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-02 23:52 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-02 23:26 . 2012-07-02 23:26 -------- d-----w- c:\users\Ron\AppData\Roaming\Sony Corporation 2012-07-02 23:26 . 2012-07-02 23:26 -------- d-----w- c:\program files (x86)\Sony 2012-07-01 23:44 . 2012-07-01 23:44 -------- d-----w- c:\programdata\3DMGAME 2012-07-01 23:35 . 2012-07-01 23:35 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-01 07:06 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CDF57E5-740E-49A4-887E-BEC011B1791C}\mpengine.dll 2012-06-30 17:43 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-23 03:13 . 2012-06-30 02:41 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-06-23 03:13 . 2012-06-23 03:13 -------- d-----w- c:\users\Ron\AppData\Local\PunkBuster 2012-06-23 03:08 . 2002-01-01 15:56 -------- d-----w- c:\users\Ron\AppData\Local\Ubisoft Game Launcher 2012-06-23 02:55 . 2012-06-23 02:55 -------- d-----w- c:\users\Ron\AppData\Roaming\Ubisoft 2012-06-21 08:37 . 2012-06-21 08:37 3166792 ------w- c:\windows\SysWow64\pbsvc.exe 2012-06-21 01:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 01:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 01:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 01:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 01:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 01:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 01:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 01:29 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 01:29 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-14 00:09 . 2012-06-14 00:09 -------- d-----w- c:\users\Ron\AppData\Local\Ironclad Games 2012-06-14 00:06 . 2012-06-14 00:06 -------- d-----w- c:\programdata\Ironclad Games 2012-06-14 00:02 . 2012-06-14 00:02 -------- d-----w- c:\program files (x86)\Stardock 2012-06-13 17:27 . 2012-02-12 01:59 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BB6A39E-C244-4873-A07F-58BA01F2E99B}\gapaengine.dll 2012-06-13 17:21 . 2012-06-13 17:21 -------- d-----w- c:\users\Ron\AppData\Local\Macromedia 2012-06-12 18:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-11 05:39 . 2012-06-11 05:39 -------- d-----w- c:\users\Ron\AppData\Roaming\Individual Software 2012-06-11 05:36 . 2012-06-11 05:36 -------- d-----w- c:\programdata\Individual Software 2012-06-11 05:36 . 2012-06-11 16:16 -------- d-----w- c:\program files (x86)\ResumeMaker Professional 2012-06-10 18:36 . 2012-06-10 18:36 -------- d-----w- c:\users\Ron\AppData\Roaming\Yahoo! 2012-06-06 05:26 . 2012-06-06 05:26 -------- d-----w- C:\BCM_REL_4_100_15_5_WHQL 2012-06-04 03:57 . 2012-06-04 03:57 -------- d-----w- c:\users\Ron\AppData\Local\Chromium 2012-06-04 03:53 . 2012-06-04 03:53 -------- d-----w- c:\program files (x86)\Rockstar Games 2012-06-04 00:51 . 2012-06-04 00:51 -------- d-----w- c:\program files (x86)\Black_Box . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-01 18:43 . 2012-04-12 23:57 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-01 18:43 . 2011-05-24 18:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-30 02:41 . 2011-02-13 01:03 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-06-28 23:37 . 2011-02-13 01:03 282696 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-06-23 03:02 . 2011-02-13 01:03 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-06-10 18:08 . 2012-05-10 03:12 119296 ----a-w- c:\windows\SysWow64\zlib.dll 2012-05-27 00:28 . 2012-05-27 00:28 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll 2012-05-26 07:08 . 2012-05-26 07:08 53248 ----a-r- c:\users\Ron\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-05-24 18:18 . 2012-05-24 18:18 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin 2012-05-22 17:51 . 2012-05-22 17:51 61440 ----a-r- c:\users\Ron\AppData\Roaming\Microsoft\Installer\{33B5B641-7843-48A9-A8FE-4501869D0B92}\NewShortcut2_33B5B641784348A9A8FE4501869D0B92.exe 2012-05-22 17:51 . 2012-05-22 17:51 61440 ----a-r- c:\users\Ron\AppData\Roaming\Microsoft\Installer\{33B5B641-7843-48A9-A8FE-4501869D0B92}\NewShortcut1_33B5B641784348A9A8FE4501869D0B92.exe 2012-05-04 20:18 . 2012-04-13 00:18 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll 2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-04-06 02:20 . 2011-01-26 22:59 1067520 ----a-w- c:\windows\system32\aticfx64.dll 2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe 2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe 2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll 2012-04-06 02:00 . 2010-10-27 07:15 64000 ----a-w- c:\windows\system32\coinst.dll 2012-04-06 01:54 . 2011-01-26 22:40 7479296 ----a-w- c:\windows\system32\atidxx64.dll 2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll 2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll 2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll 2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll 2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-04-06 01:09 . 2010-10-27 07:13 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll 2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll 2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll 2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-04-04 22:47 . 2012-06-03 05:41 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-04-04 22:47 . 2011-01-06 03:07 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll 2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll 2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll 2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-07-07 241789] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2012-5-9 480880] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R1 locqntmf;locqntmf;c:\windows\system32\drivers\locqntmf.sys [x] R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296] R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224] R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-25 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-25 79360] R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2009-12-21 78848] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-16 99384] R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2011-02-12 25216] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136] R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-16 203320] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VIA_USB_ETS;VIA Telecom USB ETS Driver;c:\windows\system32\DRIVERS\VIA_USB_ETS.sys [2011-10-04 21760] R3 ViaUsbModemDriver;VIA Telecom USB MODEM Driver;c:\windows\system32\DRIVERS\VIA_USB_MODEM.sys [2011-10-04 28160] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736] R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 250056] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984] R4 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832] R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-07-01 136616] R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928] R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 116648] R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 116648] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-25 834544] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-10-16 117520] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-03 1301504] S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [2009-07-31 25600] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-03-17 401696] . . Contents of the 'Scheduled Tasks' folder . 2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 18:43] . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 03:35] . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-02 03:35] . 2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090741175-2824043484-2008641113-1000Core.job - c:\users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 19:03] . 2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4090741175-2824043484-2008641113-1000UA.job - c:\users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 19:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] "Broadcom Wireless Manager UI"="c:\windows\SysWow64\WLTRAY.exe" [2006-10-12 1282048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://mystart.incredibar.com/mb133?a=6OyzUebbLz&i=26 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\e7a11fbw.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyzUebbLz&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 3680d53e000000000000001a70b26574 FF - user.js: extensions.incredibar_i.instlDay - 15455 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:34 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyzUebbLz FF - user.js: extensions.incredibar_i.upn2n - 92261298974656761 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 . . ------- File Associations ------- . .reg=Regedit.Document . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) SafeBoot-MsMpSvc AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4090741175-2824043484-2008641113-1000\Software\SecuROM\License information*] "datasecu"=hex:dc,f5,f0,d1,d0,9e,cc,0e,22,7a,3c,db,ba,54,62,f0,20,36,8e,c8,0b, cd,2c,b5,a0,15,3f,10,da,6f,07,db,d8,ca,90,95,09,a7,af,ee,d5,ca,0c,4e,c7,d7,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\windows\SysWOW64\WLTRYSVC.EXE c:\windows\SysWOW64\bcmwltry.exe c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\SAgent4.exe . ************************************************************************** . Completion time: 2012-07-03 17:48:05 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-03 21:48 . Pre-Run: 5,975,924,736 bytes free Post-Run: 8,733,626,368 bytes free . - - End Of File - - 0FBD45C206C30BA815A7BB9A1ABB05B9
- July 3, 2012
- 16 replies
Redirect Malware Help.

rondread444 replied to rondread444's topic in Resolved Malware Removal Logs

Ok here is the new dds.txt and attach.txt but Combofix did not create a log for me. It didnt even create the C:\ComboFix.txt directory, I ran it from the desktop as suggested but it just went through the scan and closed. VVVVVVVVVVVVVVVVVVVVVVVVVVVVV . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Ron at 16:15:35 on 2012-07-03 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2288 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\SysWOW64\WLTRYSVC.EXE C:\Windows\SysWOW64\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Windows\system32\svchost.exe -k bthaudiosvc C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\SAgent4.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Windows\SysWOW64\WLTRAY.EXE C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe C:\Windows\system32\AMBSpiE.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\taskhost.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mystart.incredibar.com/mb133?a=6OyzUebbLz&i=26 uWindow Title = Internet Explorer, optimized for Bing and MSN uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll uRun: [Epson Stylus NX510(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Users\Ron\AppData\Local\Temp\E_S88ED.tmp" /EF "HKCU" uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Ron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: mswsock.dll DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://clients.futuremark.com/openapi/receivers/FMSI.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 TCP: Interfaces\{50D78396-8E52-4043-B3EF-48EB7131B47A} : DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 TCP: Interfaces\{606C35E8-A48D-4CAF-AD83-BD1E626DE376} : DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 TCP: Interfaces\{674608C5-8793-48CD-9C57-4927C580C171} : DhcpNameServer = 8.8.8.8 TCP: Interfaces\{75DA459F-063D-44BA-A8BF-C3B0A01ECE8F}\2456C6B696E6F5E4B2F5444313646303 : DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{75DA459F-063D-44BA-A8BF-C3B0A01ECE8F}\34963736F63363730323 : DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 TCP: Interfaces\{75DA459F-063D-44BA-A8BF-C3B0A01ECE8F}\54E6475627028656275612 : DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO-X64: AMD SteadyVideo BHO - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\e7a11fbw.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyzUebbLz&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 3680d53e000000000000001a70b26574 FF - user.js: extensions.incredibar_i.instlDay - 15455 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:34:18 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyzUebbLz FF - user.js: extensions.incredibar_i.upn2n - 92261298974656761 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-2 654408] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?] R3 VMfilt;VMfilt;C:\Windows\system32\drivers\VMfilt64.sys --> C:\Windows\system32\drivers\VMfilt64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?] S3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys --> C:\Windows\system32\DRIVERS\BthAudioHF.sys [?] S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-25 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-25 79360] S3 csr_a2dp;Bluetooth AV Profile;C:\Windows\system32\drivers\bthav.sys --> C:\Windows\system32\drivers\bthav.sys [?] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?] S3 DroidCam;DroidCam Virtual Audio;C:\Windows\system32\drivers\droidcam.sys --> C:\Windows\system32\drivers\droidcam.sys [?] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2002-1-1 113120] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 VIA_USB_ETS;VIA Telecom USB ETS Driver;C:\Windows\system32\DRIVERS\VIA_USB_ETS.sys --> C:\Windows\system32\DRIVERS\VIA_USB_ETS.sys [?] S3 ViaUsbModemDriver;VIA Telecom USB MODEM Driver;C:\Windows\system32\DRIVERS\VIA_USB_MODEM.sys --> C:\Windows\system32\DRIVERS\VIA_USB_MODEM.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056] S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984] S4 AMD FusionUtility Service;AMD FusionUtility Service;C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-4-14 275832] S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-7-1 136616] S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-25 128928] S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-1 116648] S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-1 116648] . =============== File Associations =============== . .reg=Regedit.Document . =============== Created Last 30 ================ . 2074-05-07 23:38:48 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2012-07-02 23:52:43 -------- d-----w- C:\Users\Ron\AppData\Roaming\Malwarebytes 2012-07-02 23:52:40 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-02 23:52:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-02 23:52:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-02 23:26:37 -------- d-----w- C:\Program Files (x86)\Sony 2012-07-01 23:44:55 -------- d-----w- C:\ProgramData\3DMGAME 2012-07-01 23:35:46 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-01 07:06:30 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5CDF57E5-740E-49A4-887E-BEC011B1791C}\mpengine.dll 2012-06-30 17:43:43 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-23 03:13:36 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-06-23 03:13:31 -------- d-----w- C:\Users\Ron\AppData\Local\PunkBuster 2012-06-23 03:08:56 -------- d-----w- C:\Users\Ron\AppData\Local\Ubisoft Game Launcher 2012-06-23 02:55:59 -------- d-----w- C:\Users\Ron\AppData\Roaming\Ubisoft 2012-06-21 08:37:14 3166792 ------w- C:\Windows\SysWow64\pbsvc.exe 2012-06-21 01:29:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 01:29:17 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 01:29:02 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 01:29:02 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-14 00:09:08 -------- d-----w- C:\Users\Ron\AppData\Local\Ironclad Games 2012-06-14 00:06:37 -------- d-----w- C:\ProgramData\Ironclad Games 2012-06-14 00:02:34 -------- d-----w- C:\Program Files (x86)\Stardock 2012-06-13 17:27:10 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BB6A39E-C244-4873-A07F-58BA01F2E99B}\gapaengine.dll 2012-06-13 17:21:07 -------- d-----w- C:\Users\Ron\AppData\Local\Macromedia 2012-06-12 18:53:23 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-11 05:39:29 -------- d-----w- C:\Users\Ron\AppData\Roaming\Individual Software 2012-06-11 05:36:44 -------- d-----w- C:\ProgramData\Individual Software 2012-06-11 05:36:15 -------- d-----w- C:\Program Files (x86)\ResumeMaker Professional 2012-06-06 05:26:29 -------- d-----w- C:\BCM_REL_4_100_15_5_WHQL 2012-06-04 03:57:28 -------- d-----w- C:\Users\Ron\AppData\Local\Chromium 2012-06-04 03:53:59 -------- d-----w- C:\Program Files (x86)\Rockstar Games 2012-06-04 00:51:14 -------- d-----w- C:\Program Files (x86)\Black_Box . ==================== Find3M ==================== . 2012-07-01 18:43:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-01 18:43:36 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-30 02:41:41 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-06-28 23:37:15 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-06-23 03:02:57 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-06-10 18:08:35 119296 ----a-w- C:\Windows\SysWow64\zlib.dll 2012-05-27 00:28:10 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 20:18:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-04-06 02:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-04-06 02:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-04-06 02:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-04-06 02:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-04-06 02:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-04-06 02:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll 2012-04-06 02:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll 2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe 2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll 2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll 2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll 2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll 2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll 2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-04-04 22:47:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-04-04 22:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll 2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll . ============= FINISH: 16:15:47.09 =============== VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 12/25/2010 2:03:54 AM System Uptime: 7/3/2012 2:52:04 PM (2 hours ago) . Motherboard: ASUSTeK Computer INC. | | Crosshair IV Formula Processor: AMD Phenom II X6 1075T Processor | AM3 | 3491/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 134 GiB total, 5.504 GiB free. D: is FIXED (NTFS) - 149 GiB total, 2.377 GiB free. E: is CDROM () F: is FIXED (NTFS) - 15 GiB total, 3.277 GiB free. G: is CDROM () Z: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: DroidCam Virtual Audio Device ID: ROOT\MEDIA\0000 Manufacturer: Dev47Apps Name: DroidCam Virtual Audio PNP Device ID: ROOT\MEDIA\0000 Service: DroidCam . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: SCDEmu Device ID: ROOT\LEGACY_SCDEMU\0000 Manufacturer: Name: SCDEmu PNP Device ID: ROOT\LEGACY_SCDEMU\0000 Service: SCDEmu . ==== System Restore Points =================== . RP499: 7/2/2012 3:07:24 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . µTorrent Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Adobe Shockwave Player 11.5 Algebra Solved! AMD Fusion Utility AMD OverDrive AMD VISION Engine Control Center Apple Application Support Apple Software Update ASUS E-Green Uninstall ASUS PC Diagnostics ATI Catalyst Registration BeadSurgeInstaller Boson NetSim for CCNP 7.0 Boson NetSim for CCNP BETA 3 CameraHelperMsi Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chinese Simplified Fonts Support For Adobe Reader X Cisco Connect Combined Community Codec Pack 2011-07-30 Content Manager Assistant for PlayStation® Creative WaveStudio 7 dBpoweramp Windows Media Audio 10 Codec Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Epson Event Manager EPSON Scan EpsonNet Print EpsonNet Setup eReg Futuremark SystemInfo Galaxy Nexus ToolKit Geometry Solved! GIMP 2.6.11 Google Chrome Google Drive Google Talk Plugin Google Update Helper ImgBurn Java Auto Updater Java 6 Update 26 Java 7 Update 4 JavaFX 2.1.0 Locomotion Logitech Webcam Software LogMeTT 2.9.9 LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.61.0.1400 Marvell Miniport Driver Max Payne 3 Max Payne 3 version 1.02 Microsoft .NET Framework 1.1 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mobipocket Creator 4.2 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service Mp3tag v2.49 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mumble 1.2.3 NBA 2K12 NEC Electronics USB 3.0 Host Controller Driver Nero 7 Ultra Edition NVIDIA PhysX OnLive ooVoo OpenAL Optimum Link PdaNet for Android 3.02 Perler Platform PowerISO PunkBuster Services QuickTime ResumeMaker Professional Rockstar Games Social Club Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) SimpleOCR 3.1 Skype Click to Call Skype™ 5.5 Sound Blaster X-Fi MB SplitMediaLabs VH Screen Capture Driver (x86) Steam SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 System Requirements Lab CYRI Team Fortress 2 Tera Term 4.71 The Lord of the Rings FREE Trial The Walking Dead - Episode 1 The Walking Dead © 3 version 1 Tom Clancy's Ghost Recon Future Soldier TTLEditor 1.2.1 Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) VIA Platform Device Manager VLC media player 1.1.11 VobSub v2.23 (Remove Only) XviD4PSP 5.10.234.0 Yahoo! Messenger Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 7/3/2012 2:52:58 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 7/3/2012 2:52:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 7/3/2012 2:52:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SCDEmu 7/3/2012 2:52:31 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified. 7/2/2012 2:36:38 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 7/2/2012 11:25:20 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/2/2012 11:25:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/2/2012 11:25:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/2/2012 11:25:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/2/2012 11:25:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/2/2012 11:23:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SASDIFSV SASKUTIL SCDEmu spldr sptd Wanarpv6 7/2/2012 11:23:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 7/2/2012 11:23:00 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start. 7/2/2012 11:22:30 AM, Error: sptd [4] - Driver detected an internal error in its data structures for . 7/2/2012 11:18:57 AM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists. 7/1/2012 2:34:44 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough storage is available to complete this operation. 6/30/2012 9:28:18 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow. 6/30/2012 10:10:10 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126 . ==== End Of File ===========================
- July 3, 2012
- 16 replies
Redirect Malware Help.

rondread444 replied to rondread444's topic in Resolved Malware Removal Logs

Thanks screen, your help is much appreciated here are the logs below VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.02.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ron :: RON-PC [administrator] Protection: Enabled 7/2/2012 7:53:18 PM mbam-log-2012-07-02 (19-53-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 220017 Time elapsed: 3 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Ron\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken. C:\Windows\Installer\{4d23d243-38d4-1960-c9ba-7d7551897c95}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end) and here is the second log VVVVVVVVVVVVVVVVVVVVVV . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Ron at 21:08:44 on 2012-07-02 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2588 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\SysWOW64\WLTRYSVC.EXE C:\Windows\SysWOW64\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\SAgent4.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\svchost.exe -k bthaudiosvc C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Windows\SysWOW64\WLTRAY.EXE C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\AMBSpiE.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mystart.incredibar.com/mb133?a=6OyzUebbLz&i=26 uWindow Title = Internet Explorer, optimized for Bing and MSN uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll uRun: [Epson Stylus NX510(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Users\Ron\AppData\Local\Temp\E_S88ED.tmp" /EF "HKCU" uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Ron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: mswsock.dll DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://clients.futuremark.com/openapi/receivers/FMSI.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 TCP: Interfaces\{50D78396-8E52-4043-B3EF-48EB7131B47A} : DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 TCP: Interfaces\{606C35E8-A48D-4CAF-AD83-BD1E626DE376} : DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 TCP: Interfaces\{674608C5-8793-48CD-9C57-4927C580C171} : DhcpNameServer = 8.8.8.8 TCP: Interfaces\{75DA459F-063D-44BA-A8BF-C3B0A01ECE8F}\2456C6B696E6F5E4B2F5444313646303 : DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{75DA459F-063D-44BA-A8BF-C3B0A01ECE8F}\34963736F63363730323 : DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1 TCP: Interfaces\{75DA459F-063D-44BA-A8BF-C3B0A01ECE8F}\54E6475627028656275612 : DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO-X64: AMD SteadyVideo BHO - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\e7a11fbw.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q= FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\e7a11fbw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll FF - plugin: C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyzUebbLz&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 3680d53e000000000000001a70b26574 FF - user.js: extensions.incredibar_i.instlDay - 15455 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:34:18 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyzUebbLz FF - user.js: extensions.incredibar_i.upn2n - 92261298974656761 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-2 654408] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?] R3 VMfilt;VMfilt;C:\Windows\system32\drivers\VMfilt64.sys --> C:\Windows\system32\drivers\VMfilt64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?] S3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys --> C:\Windows\system32\DRIVERS\BthAudioHF.sys [?] S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-25 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-25 79360] S3 csr_a2dp;Bluetooth AV Profile;C:\Windows\system32\drivers\bthav.sys --> C:\Windows\system32\drivers\bthav.sys [?] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?] S3 DroidCam;DroidCam Virtual Audio;C:\Windows\system32\drivers\droidcam.sys --> C:\Windows\system32\drivers\droidcam.sys [?] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2002-1-1 113120] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 VIA_USB_ETS;VIA Telecom USB ETS Driver;C:\Windows\system32\DRIVERS\VIA_USB_ETS.sys --> C:\Windows\system32\DRIVERS\VIA_USB_ETS.sys [?] S3 ViaUsbModemDriver;VIA Telecom USB MODEM Driver;C:\Windows\system32\DRIVERS\VIA_USB_MODEM.sys --> C:\Windows\system32\DRIVERS\VIA_USB_MODEM.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056] S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984] S4 AMD FusionUtility Service;AMD FusionUtility Service;C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-4-14 275832] S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-7-1 136616] S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-25 128928] S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-1 116648] S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-1 116648] . =============== File Associations =============== . .reg=Regedit.Document . =============== Created Last 30 ================ . 2074-05-07 23:38:48 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2012-07-02 23:52:43 -------- d-----w- C:\Users\Ron\AppData\Roaming\Malwarebytes 2012-07-02 23:52:40 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-02 23:52:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-02 23:52:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-02 23:26:37 -------- d-----w- C:\Program Files (x86)\Sony 2012-07-01 23:44:55 -------- d-----w- C:\ProgramData\3DMGAME 2012-07-01 23:35:46 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-01 07:06:30 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5CDF57E5-740E-49A4-887E-BEC011B1791C}\mpengine.dll 2012-06-30 17:43:43 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-23 03:13:36 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-06-23 03:13:31 -------- d-----w- C:\Users\Ron\AppData\Local\PunkBuster 2012-06-23 03:08:56 -------- d-----w- C:\Users\Ron\AppData\Local\Ubisoft Game Launcher 2012-06-23 02:55:59 -------- d-----w- C:\Users\Ron\AppData\Roaming\Ubisoft 2012-06-21 08:37:14 3166792 ------w- C:\Windows\SysWow64\pbsvc.exe 2012-06-21 01:29:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 01:29:17 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 01:29:02 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 01:29:02 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-14 00:09:08 -------- d-----w- C:\Users\Ron\AppData\Local\Ironclad Games 2012-06-14 00:06:37 -------- d-----w- C:\ProgramData\Ironclad Games 2012-06-14 00:02:34 -------- d-----w- C:\Program Files (x86)\Stardock 2012-06-13 17:27:10 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BB6A39E-C244-4873-A07F-58BA01F2E99B}\gapaengine.dll 2012-06-13 17:21:07 -------- d-----w- C:\Users\Ron\AppData\Local\Macromedia 2012-06-12 18:53:23 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-11 05:39:29 -------- d-----w- C:\Users\Ron\AppData\Roaming\Individual Software 2012-06-11 05:36:44 -------- d-----w- C:\ProgramData\Individual Software 2012-06-11 05:36:15 -------- d-----w- C:\Program Files (x86)\ResumeMaker Professional 2012-06-06 05:26:29 -------- d-----w- C:\BCM_REL_4_100_15_5_WHQL 2012-06-04 03:57:28 -------- d-----w- C:\Users\Ron\AppData\Local\Chromium 2012-06-04 03:53:59 -------- d-----w- C:\Program Files (x86)\Rockstar Games 2012-06-04 00:51:14 -------- d-----w- C:\Program Files (x86)\Black_Box 2012-06-03 05:41:50 -------- d-----w- C:\Program Files (x86)\Oracle 2012-06-03 05:41:20 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll . ==================== Find3M ==================== . 2012-07-01 18:43:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-01 18:43:36 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-30 02:41:41 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-06-28 23:37:15 282696 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-06-23 03:02:57 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-06-10 18:08:35 119296 ----a-w- C:\Windows\SysWow64\zlib.dll 2012-05-27 00:28:10 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 20:18:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-04-06 02:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-04-06 02:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-04-06 02:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-04-06 02:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-04-06 02:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-04-06 02:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll 2012-04-06 02:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll 2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe 2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll 2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll 2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll 2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll 2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll 2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-04-04 22:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll 2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll . ============= FINISH: 21:09:21.74 ===============
- July 3, 2012
- 16 replies
Redirect Malware Help.

rondread444 posted a topic in Resolved Malware Removal Logs

Hello there forum members, my computer seems to be infected with some sort of search engine redirect virus. I ran a complete SuperAntiSpyware scan in normal and safe mode but the problem is still there. pages also pop up randomly filled with ads. Any help would be greatly appreciated thanks.
- July 2, 2012
- 16 replies

Sign In

rondread444

Posts

Joined

Last visited

Reputation

Redirect Malware Help.

Redirect Malware Help.

Redirect Malware Help.

Redirect Malware Help.

Redirect Malware Help.

Redirect Malware Help.

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information