Zatrei
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Zatrei
-
-
There were no detections found, and there is no Log.
-
ESET Log -
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
-
ComboFix 12-07-07.02 - Michael 07/07/2012 1:21.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6614 [GMT -7:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 08:30 . 2012-07-07 08:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 08:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7604B74A-0F48-469A-BD1B-56BE17516E85}\mpengine.dll
2012-07-04 21:20 . 2012-07-04 21:20 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-04 21:20 . 2012-03-09 01:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-07-04 21:16 . 2012-07-04 21:16 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\483450051cd5a2a01\bingbarsetup.exe
2012-07-04 06:28 . 2012-07-03 20:41 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-04 06:28 . 2012-07-04 06:28 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-06-24 20:36 . 2012-06-24 20:36 -------- d-----w- c:\users\Michael\AppData\Roaming\WildTangent
2012-06-24 05:11 . 2012-06-24 05:11 -------- d-----w- c:\users\Michael\AppData\Local\Macromedia
2012-06-23 05:44 . 2012-06-23 05:44 -------- d-----w- c:\windows\en
2012-06-23 05:23 . 2012-06-23 05:23 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\60bf162a1cd510002\MeshBetaRemover.exe
2012-06-23 05:23 . 2012-06-23 05:23 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5fee559b1cd510001\DSETUP.dll
2012-06-23 05:23 . 2012-06-23 05:23 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5fee559b1cd510001\DXSETUP.exe
2012-06-23 05:23 . 2012-06-23 05:23 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5fee559b1cd510001\dsetup32.dll
2012-06-21 08:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 08:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 08:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 08:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 08:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 08:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 08:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 08:48 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 08:48 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 17:02 . 2012-06-13 17:02 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 17:02 . 2012-06-13 17:02 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-13 05:05 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-07 23:42 . 2012-06-07 23:42 -------- d-----w- c:\users\Michael\AppData\Local\Chromium
2012-06-07 19:02 . 2012-06-07 23:42 -------- d-----w- c:\program files (x86)\Guild Wars 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 00:33 . 2011-10-10 22:04 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-05 00:33 . 2011-10-10 22:04 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-04 19:04 . 2011-10-10 22:04 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-04 06:33 . 2011-10-10 22:04 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-23 23:10 . 2012-04-12 19:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 23:10 . 2011-08-08 13:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 10:02 . 2012-05-30 06:17 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-06_17.28.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-07 08:33 42028 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-07 08:33 35284 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-21 03:09 . 2012-07-07 08:33 42028 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-07 08:33 35284 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-09 00:05 . 2012-07-07 08:33 6410 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-692133383-766868520-1159784434-1001_UserData.bin
+ 2011-08-09 00:05 . 2012-07-07 08:33 6410 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-692133383-766868520-1159784434-1001_UserData.bin
- 2012-07-06 17:27 . 2012-07-06 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-07 08:31 . 2012-07-07 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-06 17:27 . 2012-07-06 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-07 08:31 . 2012-07-07 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-07 08:31 . 2009-10-07 08:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2012-07-06 17:27 . 2009-10-07 08:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-07-07 08:31 . 2009-10-07 08:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2012-07-06 17:27 . 2009-10-07 08:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2009-07-14 02:36 . 2012-07-04 06:07 668982 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-06 18:36 668982 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-06 18:36 125168 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-07-04 06:07 125168 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-06 18:36 668982 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-04 06:07 668982 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-06 18:36 125168 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-04 06:07 125168 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-06 17:25 229568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-07 08:30 229568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-08 14:38 . 2012-07-06 17:25 49247172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-692133383-766868520-1159784434-1001-8192.dat
+ 2011-08-08 14:38 . 2012-07-07 08:30 49247172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-692133383-766868520-1159784434-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CrossRiderPlugin"="c:\program files (x86)\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
"Akamai NetSession Interface"="c:\users\Michael\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 DRIVER_B;DRIVER_B;c:\windows\system32\Drivers\DRIVER_BIN64 [2012-01-10 26424]
R3 dump_wmimmc;dump_wmimmc;c:\sega\PHANTASY STAR UNIVERSE Illuminus\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vproiah;vproiah;c:\windows\system32\DRIVERS\vproiah.sys [2011-07-06 27848]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-10 1255736]
R3 X6va005;X6va005;c:\users\Michael\AppData\Local\Temp\005AF0B.tmp [x]
R3 X6va008;X6va008;c:\users\Michael\AppData\Local\Temp\00875CF.tmp [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2011-11-01 51016]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-04 75904]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-04 38016]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-21 270912]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-26 92216]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 23:10]
.
2012-07-04 c:\windows\Tasks\HPCeeScheduleForMichael.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [bU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\k64rwylw.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - google
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc,
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DRIVER_B]
"ImagePath"="\??\c:\windows\system32\Drivers\DRIVER_BIN64"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\005AF0B.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\00875CF.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-07-07 01:38:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 08:38
ComboFix2.txt 2012-07-06 18:24
ComboFix3.txt 2012-07-06 17:58
ComboFix4.txt 2012-07-06 17:35
.
Pre-Run: 1,158,698,651,648 bytes free
Post-Run: 1,158,406,258,688 bytes free
.
- - End Of File - - B09F3BA2E75B042F48DF2285481D9F65
-
ComboFix Log -
ComboFix 12-07-06.02 - Michael 07/06/2012 11:04:25.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.7027 [GMT -7:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 18:15 . 2012-07-06 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 08:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7604B74A-0F48-469A-BD1B-56BE17516E85}\mpengine.dll
2012-07-04 21:20 . 2012-07-04 21:20 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-04 21:20 . 2012-03-09 01:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-07-04 21:16 . 2012-07-04 21:16 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\483450051cd5a2a01\bingbarsetup.exe
2012-07-04 06:28 . 2012-07-03 20:41 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-04 06:28 . 2012-07-04 06:28 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-06-24 20:36 . 2012-06-24 20:36 -------- d-----w- c:\users\Michael\AppData\Roaming\WildTangent
2012-06-24 05:11 . 2012-06-24 05:11 -------- d-----w- c:\users\Michael\AppData\Local\Macromedia
2012-06-23 05:44 . 2012-06-23 05:44 -------- d-----w- c:\windows\en
2012-06-23 05:23 . 2012-06-23 05:23 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\60bf162a1cd510002\MeshBetaRemover.exe
2012-06-23 05:23 . 2012-06-23 05:23 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5fee559b1cd510001\DSETUP.dll
2012-06-23 05:23 . 2012-06-23 05:23 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5fee559b1cd510001\DXSETUP.exe
2012-06-23 05:23 . 2012-06-23 05:23 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5fee559b1cd510001\dsetup32.dll
2012-06-21 08:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 08:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 08:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 08:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 08:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 08:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 08:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 08:48 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 08:48 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 17:02 . 2012-06-13 17:02 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 17:02 . 2012-06-13 17:02 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-13 05:05 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-07 23:42 . 2012-06-07 23:42 -------- d-----w- c:\users\Michael\AppData\Local\Chromium
2012-06-07 19:02 . 2012-06-07 23:42 -------- d-----w- c:\program files (x86)\Guild Wars 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 00:33 . 2011-10-10 22:04 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-05 00:33 . 2011-10-10 22:04 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-04 19:04 . 2011-10-10 22:04 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-04 06:33 . 2011-10-10 22:04 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-23 23:10 . 2012-04-12 19:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 23:10 . 2011-08-08 13:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 10:02 . 2012-05-30 06:17 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-06_17.28.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-06 18:19 41790 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-06 18:19 35100 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-21 03:09 . 2012-07-06 18:19 41790 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-06 18:19 35100 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-09 00:05 . 2012-07-06 18:19 6182 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-692133383-766868520-1159784434-1001_UserData.bin
+ 2011-08-09 00:05 . 2012-07-06 18:19 6182 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-692133383-766868520-1159784434-1001_UserData.bin
+ 2012-07-06 18:17 . 2012-07-06 18:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-06 17:27 . 2012-07-06 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-06 17:27 . 2012-07-06 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-06 18:17 . 2012-07-06 18:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-06 18:17 . 2009-10-07 08:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2012-07-06 17:27 . 2009-10-07 08:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2012-07-06 17:27 . 2009-10-07 08:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-07-06 18:17 . 2009-10-07 08:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2009-07-14 02:36 . 2012-07-04 06:07 668982 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-06 18:07 668982 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-06 18:07 125168 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-07-04 06:07 125168 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-06 18:07 668982 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-04 06:07 668982 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-06 18:07 125168 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-04 06:07 125168 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-06 17:25 229568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-06 18:16 229568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CrossRiderPlugin"="c:\program files (x86)\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
"Akamai NetSession Interface"="c:\users\Michael\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 DRIVER_B;DRIVER_B;c:\windows\system32\Drivers\DRIVER_BIN64 [2012-01-10 26424]
R3 dump_wmimmc;dump_wmimmc;c:\sega\PHANTASY STAR UNIVERSE Illuminus\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vproiah;vproiah;c:\windows\system32\DRIVERS\vproiah.sys [2011-07-06 27848]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-10 1255736]
R3 X6va005;X6va005;c:\users\Michael\AppData\Local\Temp\005AF0B.tmp [x]
R3 X6va008;X6va008;c:\users\Michael\AppData\Local\Temp\00875CF.tmp [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2011-11-01 51016]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-04 75904]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-04 38016]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-21 270912]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-26 92216]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 23:10]
.
2012-07-04 c:\windows\Tasks\HPCeeScheduleForMichael.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [bU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\k64rwylw.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - google
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc,
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DRIVER_B]
"ImagePath"="\??\c:\windows\system32\Drivers\DRIVER_BIN64"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\005AF0B.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\Michael\AppData\Local\Temp\00875CF.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-07-06 11:24:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-06 18:24
ComboFix2.txt 2012-07-06 17:58
ComboFix3.txt 2012-07-06 17:35
.
Pre-Run: 1,159,326,605,312 bytes free
Post-Run: 1,159,034,683,392 bytes free
.
- - End Of File - - 347707C6E999A9481D5805FAAAAC1203
-
My apologies, here is the new Log -
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: FOXCONN
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Hewlett-Packard
System Product Name: p7-1074
Logical Drives Mask: 0x000003fc
Kernel Drivers (total 190):
0x02E4A000 \SystemRoot\system32\ntoskrnl.exe
0x02E01000 \SystemRoot\system32\hal.dll
0x00BCE000 \SystemRoot\system32\kdcom.dll
0x00CF7000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00D04000 \SystemRoot\system32\PSHED.dll
0x00D18000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E96000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F3A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F49000 \SystemRoot\system32\drivers\ACPI.sys
0x00FA0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FA9000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FB3000 \SystemRoot\system32\drivers\pci.sys
0x00FE6000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\drivers\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00CDA000 \SystemRoot\system32\drivers\amd_sata.sys
0x00D76000 \SystemRoot\system32\drivers\storport.sys
0x00E86000 \SystemRoot\system32\drivers\amd_xata.sys
0x00FF3000 \SystemRoot\system32\drivers\amdxata.sys
0x010AD000 \SystemRoot\system32\drivers\fltmgr.sys
0x010F9000 \SystemRoot\system32\drivers\fileinfo.sys
0x0124C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0110D000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0116B000 \SystemRoot\System32\Drivers\cng.sys
0x0121B000 \SystemRoot\System32\drivers\pcw.sys
0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0142D000 \SystemRoot\system32\drivers\ndis.sys
0x01520000 \SystemRoot\system32\drivers\NETIO.SYS
0x01580000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0161A000 \SystemRoot\System32\drivers\tcpip.sys
0x0181D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01867000 \SystemRoot\system32\drivers\volsnap.sys
0x018B3000 \SystemRoot\System32\Drivers\spldr.sys
0x018BB000 \SystemRoot\System32\drivers\rdyboost.sys
0x018F5000 \SystemRoot\System32\Drivers\mup.sys
0x01907000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01910000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0194A000 \SystemRoot\system32\drivers\disk.sys
0x01960000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01990000 \SystemRoot\system32\drivers\AtiPcie64.sys
0x015AB000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x01400000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019D9000 \SystemRoot\System32\Drivers\Null.SYS
0x019E2000 \SystemRoot\System32\Drivers\Beep.SYS
0x019E9000 \SystemRoot\System32\drivers\vga.sys
0x01000000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01600000 \SystemRoot\System32\drivers\watchdog.sys
0x01610000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015F1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01236000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013EF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01025000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01047000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x06611000 \SystemRoot\system32\drivers\afd.sys
0x0669A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x066DF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x066E8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0670E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x06724000 \SystemRoot\system32\DRIVERS\netbios.sys
0x06733000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0674E000 \SystemRoot\system32\drivers\termdd.sys
0x06762000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x067B3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x067BF000 \SystemRoot\system32\drivers\mssmbios.sys
0x067CA000 \SystemRoot\System32\drivers\discache.sys
0x067D9000 \SystemRoot\System32\Drivers\dfsc.sys
0x06600000 \SystemRoot\system32\drivers\blbdrive.sys
0x01054000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0107A000 \SystemRoot\system32\drivers\amdppm.sys
0x0686A000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x07267000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x068C4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x07D61000 \SystemRoot\System32\drivers\dxgmms1.sys
0x07DA7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x06A67000 \SystemRoot\system32\DRIVERS\netr28x.sys
0x06B6C000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06B79000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x06BE0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x06A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x06A56000 \SystemRoot\system32\drivers\usbfilter.sys
0x06BEB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x07DCB000 \SystemRoot\system32\drivers\wmiacpi.sys
0x07DD4000 \SystemRoot\system32\drivers\CompositeBus.sys
0x07DE4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x07200000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x07224000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x07230000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x069B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x069D3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x06800000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0681A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x06829000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x06BFC000 \SystemRoot\system32\drivers\swenum.sys
0x06CB4000 \SystemRoot\system32\drivers\ks.sys
0x06CF7000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x06D0B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x06D1D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06D77000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06DA7000 \SystemRoot\system32\drivers\portcls.sys
0x06C00000 \SystemRoot\system32\drivers\drmk.sys
0x06C22000 \SystemRoot\system32\drivers\ksthunk.sys
0x09211000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x09482000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0949F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x00040000 \SystemRoot\System32\win32k.sys
0x094A1000 \SystemRoot\System32\drivers\Dxapi.sys
0x094AD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x094BB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x094D4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x094DD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x094EA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x09505000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x09513000 \SystemRoot\System32\Drivers\crashdmp.sys
0x09521000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x0952B000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
0x09541000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x09554000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x007D0000 \SystemRoot\System32\cdd.dll
0x00890000 \SystemRoot\System32\ATMFD.DLL
0x09562000 \SystemRoot\system32\drivers\luafv.sys
0x09585000 \SystemRoot\system32\drivers\WudfPf.sys
0x095A6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06C28000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x095BB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x095CE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03AEE000 \SystemRoot\system32\drivers\HTTP.sys
0x03BB7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03BD5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03A2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03A7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03A9F000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
0x05430000 \SystemRoot\system32\drivers\peauth.sys
0x054D6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x054E1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05512000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05524000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08C43000 \SystemRoot\System32\DRIVERS\srv.sys
0x08CDB000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x08CE5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x08D16000 \SystemRoot\system32\DRIVERS\udfs.sys
0x08D6B000 \??\C:\Windows\system32\drivers\mbam.sys
0x08D75000 \??\C:\Users\Michael\AppData\Local\Temp\aswMBR.sys
0x08D84000 \SystemRoot\system32\drivers\AtihdW76.sys
0x773B0000 \Windows\System32\ntdll.dll
0x480D0000 \Windows\System32\smss.exe
0xFF6D0000 \Windows\System32\apisetschema.dll
0xFF910000 \Windows\System32\autochk.exe
0xFF620000 \Windows\System32\comdlg32.dll
0xFF5D0000 \Windows\System32\ws2_32.dll
0xFF500000 \Windows\System32\usp10.dll
0xFF480000 \Windows\System32\difxapi.dll
0x77580000 \Windows\System32\normaliz.dll
0xFF470000 \Windows\System32\lpk.dll
0xFE6E0000 \Windows\System32\shell32.dll
0xFE5D0000 \Windows\System32\msctf.dll
0xFE5A0000 \Windows\System32\imm32.dll
0x77570000 \Windows\System32\psapi.dll
0x771A0000 \Windows\System32\iertutil.dll
0xFE580000 \Windows\System32\imagehlp.dll
0xFE370000 \Windows\System32\ole32.dll
0xFE240000 \Windows\System32\rpcrt4.dll
0xFE060000 \Windows\System32\setupapi.dll
0x770A0000 \Windows\System32\user32.dll
0x76F40000 \Windows\System32\wininet.dll
0xFDFE0000 \Windows\System32\shlwapi.dll
0xFDF40000 \Windows\System32\clbcatq.dll
0x76DF0000 \Windows\System32\urlmon.dll
0xFDE60000 \Windows\System32\advapi32.dll
0xFDDC0000 \Windows\System32\msvcrt.dll
0x76CD0000 \Windows\System32\kernel32.dll
0xFDD50000 \Windows\System32\gdi32.dll
0xFDD40000 \Windows\System32\nsi.dll
0xFDCE0000 \Windows\System32\Wldap32.dll
0xFDC00000 \Windows\System32\oleaut32.dll
0xFDBE0000 \Windows\System32\sechost.dll
0xFDBA0000 \Windows\System32\cfgmgr32.dll
0xFDB00000 \Windows\System32\comctl32.dll
0xFD990000 \Windows\System32\crypt32.dll
0xFD970000 \Windows\System32\devobj.dll
0xFD930000 \Windows\System32\wintrust.dll
0xFD8C0000 \Windows\System32\KernelBase.dll
0xFD8B0000 \Windows\System32\msasn1.dll
0x76190000 \Windows\SysWOW64\normaliz.dll
Processes (total 80):
0 System Idle Process
4 System
256 C:\Windows\System32\smss.exe
396 csrss.exe
476 csrss.exe
484 C:\Windows\System32\wininit.exe
524 C:\Windows\System32\winlogon.exe
580 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
692 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\atiesrxx.exe
904 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\atieclxx.exe
1328 C:\Windows\System32\spoolsv.exe
1364 C:\Windows\System32\svchost.exe
1544 C:\Windows\SysWOW64\svchost.exe
1576 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1636 C:\Windows\System32\svchost.exe
1660 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
1748 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1800 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1860 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
1896 C:\Program Files (x86)\PDF Complete\pdfsvc.exe
1904 LVPrS64H.exe
2012 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
1140 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1516 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
1556 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1884 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2524 WUDFHost.exe
2636 C:\Windows\System32\svchost.exe
2876 C:\Windows\System32\taskhost.exe
2952 C:\Windows\System32\dwm.exe
3004 C:\Windows\explorer.exe
2864 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
3220 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
3248 C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
3324 C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
3576 C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
3608 C:\Windows\System32\SearchIndexer.exe
3620 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
3708 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3796 C:\Program Files (x86)\Winamp\winampa.exe
3844 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3972 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
4000 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
3716 C:\Program Files\Windows Media Player\wmpnetwk.exe
1000 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
4656 C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
4524 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
4672 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
2652 dllhost.exe
4444 C:\Program Files (x86)\Steam\Steam.exe
3940 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
5012 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
3376 C:\Windows\SysWOW64\PnkBstrA.exe
2344 C:\Windows\System32\taskhost.exe
8868 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
8872 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
8848 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
9484 C:\Windows\SysWOW64\PnkBstrB.exe
5124 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3232 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4312 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
5404 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
8932 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
6580 C:\Windows\System32\audiodg.exe
4504 C:\Windows\System32\dllhost.exe
7352 C:\Windows\System32\dllhost.exe
2480 C:\Windows\System32\SearchProtocolHost.exe
7036 C:\Windows\System32\SearchFilterHost.exe
5668 C:\Users\Michael\Desktop\MBRCheck.exe
8172 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000015a`82f00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD15EARS-60MVWB0, Rev: 51.0AB51
Size Device Name MBR Status
--------------------------------------------
1397 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: F37A9776F0E98E38BD78E91425829D97888CEEFC
Done!
-
Here is the MBRCheck Log -
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: FOXCONN
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Hewlett-Packard
System Product Name: p7-1074
Logical Drives Mask: 0x000003fc
Kernel Drivers (total 190):
0x02E4A000 \SystemRoot\system32\ntoskrnl.exe
0x02E01000 \SystemRoot\system32\hal.dll
0x00BCE000 \SystemRoot\system32\kdcom.dll
0x00CF7000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00D04000 \SystemRoot\system32\PSHED.dll
0x00D18000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E96000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F3A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F49000 \SystemRoot\system32\drivers\ACPI.sys
0x00FA0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FA9000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FB3000 \SystemRoot\system32\drivers\pci.sys
0x00FE6000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\drivers\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00CDA000 \SystemRoot\system32\drivers\amd_sata.sys
0x00D76000 \SystemRoot\system32\drivers\storport.sys
0x00E86000 \SystemRoot\system32\drivers\amd_xata.sys
0x00FF3000 \SystemRoot\system32\drivers\amdxata.sys
0x010AD000 \SystemRoot\system32\drivers\fltmgr.sys
0x010F9000 \SystemRoot\system32\drivers\fileinfo.sys
0x0124C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0110D000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0116B000 \SystemRoot\System32\Drivers\cng.sys
0x0121B000 \SystemRoot\System32\drivers\pcw.sys
0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0142D000 \SystemRoot\system32\drivers\ndis.sys
0x01520000 \SystemRoot\system32\drivers\NETIO.SYS
0x01580000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0161A000 \SystemRoot\System32\drivers\tcpip.sys
0x0181D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01867000 \SystemRoot\system32\drivers\volsnap.sys
0x018B3000 \SystemRoot\System32\Drivers\spldr.sys
0x018BB000 \SystemRoot\System32\drivers\rdyboost.sys
0x018F5000 \SystemRoot\System32\Drivers\mup.sys
0x01907000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01910000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0194A000 \SystemRoot\system32\drivers\disk.sys
0x01960000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01990000 \SystemRoot\system32\drivers\AtiPcie64.sys
0x015AB000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x01400000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019D9000 \SystemRoot\System32\Drivers\Null.SYS
0x019E2000 \SystemRoot\System32\Drivers\Beep.SYS
0x019E9000 \SystemRoot\System32\drivers\vga.sys
0x01000000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01600000 \SystemRoot\System32\drivers\watchdog.sys
0x01610000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015F1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01236000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013EF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01025000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01047000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x06611000 \SystemRoot\system32\drivers\afd.sys
0x0669A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x066DF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x066E8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0670E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x06724000 \SystemRoot\system32\DRIVERS\netbios.sys
0x06733000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0674E000 \SystemRoot\system32\drivers\termdd.sys
0x06762000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x067B3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x067BF000 \SystemRoot\system32\drivers\mssmbios.sys
0x067CA000 \SystemRoot\System32\drivers\discache.sys
0x067D9000 \SystemRoot\System32\Drivers\dfsc.sys
0x06600000 \SystemRoot\system32\drivers\blbdrive.sys
0x01054000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0107A000 \SystemRoot\system32\drivers\amdppm.sys
0x0686A000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x07267000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x068C4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x07D61000 \SystemRoot\System32\drivers\dxgmms1.sys
0x07DA7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x06A67000 \SystemRoot\system32\DRIVERS\netr28x.sys
0x06B6C000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06B79000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x06BE0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x06A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x06A56000 \SystemRoot\system32\drivers\usbfilter.sys
0x06BEB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x07DCB000 \SystemRoot\system32\drivers\wmiacpi.sys
0x07DD4000 \SystemRoot\system32\drivers\CompositeBus.sys
0x07DE4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x07200000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x07224000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x07230000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x069B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x069D3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x06800000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0681A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x06829000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x06BFC000 \SystemRoot\system32\drivers\swenum.sys
0x06CB4000 \SystemRoot\system32\drivers\ks.sys
0x06CF7000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x06D0B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x06D1D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06D77000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06DA7000 \SystemRoot\system32\drivers\portcls.sys
0x06C00000 \SystemRoot\system32\drivers\drmk.sys
0x06C22000 \SystemRoot\system32\drivers\ksthunk.sys
0x09211000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x09482000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0949F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x00040000 \SystemRoot\System32\win32k.sys
0x094A1000 \SystemRoot\System32\drivers\Dxapi.sys
0x094AD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x094BB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x094D4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x094DD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x094EA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x09505000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x09513000 \SystemRoot\System32\Drivers\crashdmp.sys
0x09521000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x0952B000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
0x09541000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x09554000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x007D0000 \SystemRoot\System32\cdd.dll
0x00890000 \SystemRoot\System32\ATMFD.DLL
0x09562000 \SystemRoot\system32\drivers\luafv.sys
0x09585000 \SystemRoot\system32\drivers\WudfPf.sys
0x095A6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06C28000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x095BB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x095CE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03AEE000 \SystemRoot\system32\drivers\HTTP.sys
0x03BB7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03BD5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03A2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03A7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03A9F000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
0x05430000 \SystemRoot\system32\drivers\peauth.sys
0x054D6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x054E1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05512000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05524000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08C43000 \SystemRoot\System32\DRIVERS\srv.sys
0x08CDB000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x08CE5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x08D16000 \SystemRoot\system32\DRIVERS\udfs.sys
0x08D6B000 \??\C:\Windows\system32\drivers\mbam.sys
0x08D75000 \??\C:\Users\Michael\AppData\Local\Temp\aswMBR.sys
0x08DD5000 \SystemRoot\system32\drivers\AtihdW76.sys
0x773B0000 \Windows\System32\ntdll.dll
0x480D0000 \Windows\System32\smss.exe
0xFF6D0000 \Windows\System32\apisetschema.dll
0xFF910000 \Windows\System32\autochk.exe
0xFF620000 \Windows\System32\comdlg32.dll
0xFF5D0000 \Windows\System32\ws2_32.dll
0xFF500000 \Windows\System32\usp10.dll
0xFF480000 \Windows\System32\difxapi.dll
0x77580000 \Windows\System32\normaliz.dll
0xFF470000 \Windows\System32\lpk.dll
0xFE6E0000 \Windows\System32\shell32.dll
0xFE5D0000 \Windows\System32\msctf.dll
0xFE5A0000 \Windows\System32\imm32.dll
0x77570000 \Windows\System32\psapi.dll
0x771A0000 \Windows\System32\iertutil.dll
0xFE580000 \Windows\System32\imagehlp.dll
0xFE370000 \Windows\System32\ole32.dll
0xFE240000 \Windows\System32\rpcrt4.dll
0xFE060000 \Windows\System32\setupapi.dll
0x770A0000 \Windows\System32\user32.dll
0x76F40000 \Windows\System32\wininet.dll
0xFDFE0000 \Windows\System32\shlwapi.dll
0xFDF40000 \Windows\System32\clbcatq.dll
0x76DF0000 \Windows\System32\urlmon.dll
0xFDE60000 \Windows\System32\advapi32.dll
0xFDDC0000 \Windows\System32\msvcrt.dll
0x76CD0000 \Windows\System32\kernel32.dll
0xFDD50000 \Windows\System32\gdi32.dll
0xFDD40000 \Windows\System32\nsi.dll
0xFDCE0000 \Windows\System32\Wldap32.dll
0xFDC00000 \Windows\System32\oleaut32.dll
0xFDBE0000 \Windows\System32\sechost.dll
0xFDBA0000 \Windows\System32\cfgmgr32.dll
0xFDB00000 \Windows\System32\comctl32.dll
0xFD990000 \Windows\System32\crypt32.dll
0xFD970000 \Windows\System32\devobj.dll
0xFD930000 \Windows\System32\wintrust.dll
0xFD8C0000 \Windows\System32\KernelBase.dll
0xFD8B0000 \Windows\System32\msasn1.dll
0x76190000 \Windows\SysWOW64\normaliz.dll
Processes (total 80):
0 System Idle Process
4 System
256 C:\Windows\System32\smss.exe
396 csrss.exe
476 csrss.exe
484 C:\Windows\System32\wininit.exe
524 C:\Windows\System32\winlogon.exe
580 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
692 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\atiesrxx.exe
904 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\atieclxx.exe
1328 C:\Windows\System32\spoolsv.exe
1364 C:\Windows\System32\svchost.exe
1544 C:\Windows\SysWOW64\svchost.exe
1576 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1636 C:\Windows\System32\svchost.exe
1660 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
1748 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1800 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1860 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
1896
-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 10:44:10
-----------------------------
10:44:10.434 OS Version: Windows x64 6.1.7601 Service Pack 1
10:44:10.434 Number of processors: 4 586 0xA00
10:44:10.435 ComputerName: MICHAEL-HP UserName: Michael
10:44:14.398 Initialize success
10:44:34.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
10:44:34.666 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11
10:44:34.690 Disk 0 MBR read successfully
10:44:34.695 Disk 0 MBR scan
10:44:34.700 Disk 0 unknown MBR code
10:44:34.706 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:44:34.712 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1419210 MB offset 206848
10:44:34.743 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11487 MB offset 2906748928
10:44:34.775 Disk 0 scanning C:\Windows\system32\drivers
10:44:40.322 Service scanning
10:44:51.304 Modules scanning
10:44:51.321 Disk 0 trace - called modules:
10:44:51.345 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
10:44:51.354 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006dc5790]
10:44:51.367 3 CLASSPNP.SYS[fffff8800196143f] -> nt!IofCallDriver -> [0xfffffa8006d07ac0]
10:44:51.379 5 amd_xata.sys[fffff88000e878b4] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8006d029c0]
10:44:51.390 Scan finished successfully
10:45:22.390 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
10:45:22.394 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 18:35:15
-----------------------------
18:35:15.015 OS Version: Windows x64 6.1.7601 Service Pack 1
18:35:15.015 Number of processors: 4 586 0xA00
18:35:15.016 ComputerName: MICHAEL-HP UserName: Michael
18:35:17.716 Initialize success
18:35:22.503 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
18:35:22.508 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11
18:35:22.530 Disk 0 MBR read successfully
18:35:22.536 Disk 0 MBR scan
18:35:22.541 Disk 0 unknown MBR code
18:35:22.547 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:35:22.563 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1419210 MB offset 206848
18:35:22.596 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11487 MB offset 2906748928
18:35:22.633 Disk 0 scanning C:\Windows\system32\drivers
18:35:29.172 Service scanning
18:35:40.692 Modules scanning
18:35:40.709 Disk 0 trace - called modules:
18:35:40.733 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:35:40.742 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006dc5790]
18:35:41.086 3 CLASSPNP.SYS[fffff8800196143f] -> nt!IofCallDriver -> [0xfffffa8006d07ac0]
18:35:41.098 5 amd_xata.sys[fffff88000e878b4] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8006d029c0]
18:35:41.111 Scan finished successfully
18:36:34.772 Verifying
18:36:44.783 Disk 0 Windows 601 MBR fixed successfully
18:36:56.875 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
18:36:56.941 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
-
Well, the issue appears to have stopped, but I'm going to go ahead and post both of the logs anyway, just in case.
MBAM Log -
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.04.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL-HP [administrator]
Protection: Enabled
7/4/2012 10:37:20 AM
mbam-log-2012-07-04 (10-37-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216170
Time elapsed: 4 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
aswMBR Log -
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 10:44:10
-----------------------------
10:44:10.434 OS Version: Windows x64 6.1.7601 Service Pack 1
10:44:10.434 Number of processors: 4 586 0xA00
10:44:10.435 ComputerName: MICHAEL-HP UserName: Michael
10:44:14.398 Initialize success
10:44:34.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
10:44:34.666 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11
10:44:34.690 Disk 0 MBR read successfully
10:44:34.695 Disk 0 MBR scan
10:44:34.700 Disk 0 unknown MBR code
10:44:34.706 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:44:34.712 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1419210 MB offset 206848
10:44:34.743 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11487 MB offset 2906748928
10:44:34.775 Disk 0 scanning C:\Windows\system32\drivers
10:44:40.322 Service scanning
10:44:51.304 Modules scanning
10:44:51.321 Disk 0 trace - called modules:
10:44:51.345 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
10:44:51.354 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006dc5790]
10:44:51.367 3 CLASSPNP.SYS[fffff8800196143f] -> nt!IofCallDriver -> [0xfffffa8006d07ac0]
10:44:51.379 5 amd_xata.sys[fffff88000e878b4] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8006d029c0]
10:44:51.390 Scan finished successfully
10:45:22.390 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
10:45:22.394 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
Sorry if this has been a waste of your time, and I appreciate your help either way.
-
As the topic states, Malwarebytes is blocking something from Svchost. It comes up every 30-60 seconds or so, and it just started happening after I restarted my computer.
Here is the DDS Log -
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Michael at 23:19:49 on 2012-07-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6217 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
uRun: [Akamai NetSession Interface] "C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe"
uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8D032D16-3E82-4422-9DD9-4E869A6A4A15} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8D032D16-3E82-4422-9DD9-4E869A6A4A15}\2456C6B696E6F574F575962756C6563737F5037343344364 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8D032D16-3E82-4422-9DD9-4E869A6A4A15}\26562747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8D032D16-3E82-4422-9DD9-4E869A6A4A15}\84F4D454D234546423 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8D032D16-3E82-4422-9DD9-4E869A6A4A15}\A4C616577686C696E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8D032D16-3E82-4422-9DD9-4E869A6A4A15}\F43736162737845616461757162747562737D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: CrossRider: {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll
BHO-X64: CrossRider - No File
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\k64rwylw.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - google
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\IAHgames\Playfast\npiahpd.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\k64rwylw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\k64rwylw.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc,
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-24 654408]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-26 1127448]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-23 1153368]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 DRIVER_B;DRIVER_B;\??\C:\Windows\system32\Drivers\DRIVER_BIN64 --> C:\Windows\system32\Drivers\DRIVER_BIN64 [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech QuickCam E3500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-1 113120]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 vproiah;vproiah;C:\Windows\system32\DRIVERS\vproiah.sys --> C:\Windows\system32\DRIVERS\vproiah.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-2-12 673296]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\system32\drivers\ymidusbx64.sys --> C:\Windows\system32\drivers\ymidusbx64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2100-01-01 05:42:07 -------- d-----w- C:\Users\Michael\AppData\Local\{A3D0E86C-2FB6-4C68-8C64-433BEFF71828}
2100-01-01 05:41:56 -------- d-----w- C:\Users\Michael\AppData\Local\{53A18179-8AD2-4ABD-9C2C-815918790A19}
2099-12-31 23:34:53 -------- d-----w- C:\Users\Michael\AppData\Local\{EB6FF9E3-D42F-4AD9-B373-FDBE4CF0DFD4}
2012-07-03 19:22:58 -------- d-----w- C:\Users\Michael\AppData\Local\{32CC01AC-81CD-4653-8500-B7BFE16F54CE}
2012-07-03 19:22:47 -------- d-----w- C:\Users\Michael\AppData\Local\{89BC27EB-24A8-4869-9D08-A1B3304CB0A9}
2012-07-03 11:33:26 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A9F3D709-4FF4-4FC3-91BC-5E6F588836A6}\offreg.dll
2012-07-03 11:32:27 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A9F3D709-4FF4-4FC3-91BC-5E6F588836A6}\mpengine.dll
2012-07-03 07:22:33 -------- d-----w- C:\Users\Michael\AppData\Local\{ED7B9221-46BB-447F-9CA8-46FD0695C864}
2012-07-03 07:22:22 -------- d-----w- C:\Users\Michael\AppData\Local\{9FBDF03A-E1AA-4516-BC6C-0E7E6DD26A06}
2012-07-02 19:21:58 -------- d-----w- C:\Users\Michael\AppData\Local\{204ED4AB-C68A-4805-B1C4-87DAC7210B74}
2012-07-02 19:21:48 -------- d-----w- C:\Users\Michael\AppData\Local\{164E7147-0B4C-4202-979D-402ACAC80638}
2012-07-02 07:21:36 -------- d-----w- C:\Users\Michael\AppData\Local\{AAA9B860-7270-4216-A487-5F3DC4B29087}
2012-07-02 07:21:26 -------- d-----w- C:\Users\Michael\AppData\Local\{5217FD70-FB36-4A14-B00D-16038A185149}
2012-07-01 19:21:15 -------- d-----w- C:\Users\Michael\AppData\Local\{69457E85-AB83-4DFC-AB32-93EB66FD0995}
2012-07-01 19:21:05 -------- d-----w- C:\Users\Michael\AppData\Local\{29C430DA-0A75-4B11-AE02-95D69BABED6D}
2012-07-01 07:20:53 -------- d-----w- C:\Users\Michael\AppData\Local\{D5D24CA2-3FBF-4674-845D-2BE308F200B1}
2012-07-01 07:20:43 -------- d-----w- C:\Users\Michael\AppData\Local\{F5440D9B-927F-43EC-9E7E-B27A9E25C136}
2012-06-30 19:20:31 -------- d-----w- C:\Users\Michael\AppData\Local\{2EA5BED4-21A8-4AF4-A20E-EB14AD2914C9}
2012-06-30 19:20:21 -------- d-----w- C:\Users\Michael\AppData\Local\{90DAADB6-E291-4EF5-A9B2-9DDC948DF7A7}
2012-06-30 07:20:10 -------- d-----w- C:\Users\Michael\AppData\Local\{FECDE6A3-32A0-45F4-AD30-9BD05058FBF5}
2012-06-30 07:20:00 -------- d-----w- C:\Users\Michael\AppData\Local\{B6400CDA-22A0-43B4-910B-786888CA59A4}
2012-06-29 19:19:48 -------- d-----w- C:\Users\Michael\AppData\Local\{01EE043A-0FDB-442A-8620-7FA43AD62824}
2012-06-29 19:19:38 -------- d-----w- C:\Users\Michael\AppData\Local\{F8BAD2A6-3456-4AAA-916B-2A14FA68C07C}
2012-06-29 07:19:27 -------- d-----w- C:\Users\Michael\AppData\Local\{3A76CD92-C733-4746-A428-EFDC7BB5F879}
2012-06-29 07:19:17 -------- d-----w- C:\Users\Michael\AppData\Local\{3BCB1ACC-2068-486A-A576-DABE8DC907BE}
2012-06-28 19:19:05 -------- d-----w- C:\Users\Michael\AppData\Local\{554A874E-3893-4FDE-B8AA-EE0E9913AF30}
2012-06-28 19:18:55 -------- d-----w- C:\Users\Michael\AppData\Local\{D91D2987-FC15-4713-A569-A7F224FE4CDB}
2012-06-28 07:18:31 -------- d-----w- C:\Users\Michael\AppData\Local\{CFD4A75C-3072-4676-8642-4C06FFC14D13}
2012-06-28 07:18:20 -------- d-----w- C:\Users\Michael\AppData\Local\{B4E2FB2B-CBAF-46A1-8C2C-346C5D5B4AFC}
2012-06-27 19:16:33 -------- d-----w- C:\Users\Michael\AppData\Local\{530F5C95-9E48-4965-908D-AB0D56FC5FDF}
2012-06-27 19:16:22 -------- d-----w- C:\Users\Michael\AppData\Local\{86A3D02A-8386-4A92-8AF8-8BD55A909AE0}
2012-06-27 07:16:10 -------- d-----w- C:\Users\Michael\AppData\Local\{69F354C0-E7E9-4768-9EB3-65E3F244A938}
2012-06-27 07:16:00 -------- d-----w- C:\Users\Michael\AppData\Local\{6C6D1F3A-E90A-4A55-B4C3-C8FA956C77B4}
2012-06-26 19:40:41 -------- d-----w- C:\Users\Michael\AppData\Local\{87BE1A09-E398-4B21-8FC3-72A2654113A8}
2012-06-26 19:40:31 -------- d-----w- C:\Users\Michael\AppData\Local\{0693A04B-A20E-4E86-8752-B7E0CFC74A38}
2012-06-26 07:40:19 -------- d-----w- C:\Users\Michael\AppData\Local\{DE892709-96E3-4323-9A2B-AE1991710DA8}
2012-06-26 07:40:09 -------- d-----w- C:\Users\Michael\AppData\Local\{BD72D4E9-7EE4-47C6-BB44-093ACF5BE05B}
2012-06-25 19:39:57 -------- d-----w- C:\Users\Michael\AppData\Local\{126E2CF4-536A-4F27-8DD1-0E800B13FB12}
2012-06-25 19:39:46 -------- d-----w- C:\Users\Michael\AppData\Local\{05BF34E9-35E4-4626-B412-FCB0A6A76006}
2012-06-25 07:39:35 -------- d-----w- C:\Users\Michael\AppData\Local\{4CD4E449-2B94-41F2-AF3C-661E657717AE}
2012-06-25 07:39:24 -------- d-----w- C:\Users\Michael\AppData\Local\{5A0DB02E-9841-4CC9-A475-34EC3DD739E3}
2012-06-24 20:36:37 -------- d-----w- C:\Users\Michael\AppData\Roaming\WildTangent
2012-06-24 19:39:12 -------- d-----w- C:\Users\Michael\AppData\Local\{A550587A-6AD2-42F7-B756-527B2013BE46}
2012-06-24 19:39:02 -------- d-----w- C:\Users\Michael\AppData\Local\{5AB01CAD-A7FF-4A03-A2E7-7B18D6A87A3B}
2012-06-24 07:38:51 -------- d-----w- C:\Users\Michael\AppData\Local\{9FFE7EA1-8199-4799-A469-107B9B51C5E3}
2012-06-24 07:38:40 -------- d-----w- C:\Users\Michael\AppData\Local\{BDBAFF4A-DA39-47B1-9575-C31BBFC37865}
2012-06-24 05:11:36 -------- d-----w- C:\Users\Michael\AppData\Local\Macromedia
2012-06-23 19:38:29 -------- d-----w- C:\Users\Michael\AppData\Local\{54F1B8CF-7F8B-4F8A-B442-C609C55F09B6}
2012-06-23 19:38:18 -------- d-----w- C:\Users\Michael\AppData\Local\{A141086A-110A-4EC3-A1EE-212A5F37597A}
2012-06-23 07:38:06 -------- d-----w- C:\Users\Michael\AppData\Local\{9CC8059A-135A-4EAA-9531-D2BADA9697A7}
2012-06-23 07:37:56 -------- d-----w- C:\Users\Michael\AppData\Local\{489DD35B-DCDE-4A0B-9593-286109E07828}
2012-06-23 05:44:50 -------- d-----w- C:\Windows\en
2012-06-23 05:34:13 -------- d-----w- C:\Users\Michael\AppData\Local\{A365479C-2CE3-4A33-9293-5BDE28D0A156}
2012-06-23 05:34:03 -------- d-----w- C:\Users\Michael\AppData\Local\{1C6957D0-BCB9-4EA3-B898-16C263A2B7A9}
2012-06-23 05:23:53 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\60bf162a1cd510002\MeshBetaRemover.exe
2012-06-23 05:23:51 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5fee559b1cd510001\DSETUP.dll
2012-06-23 05:23:51 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5fee559b1cd510001\DXSETUP.exe
2012-06-23 05:23:51 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5fee559b1cd510001\dsetup32.dll
2012-06-23 05:20:37 -------- d-----w- C:\Users\Michael\AppData\Local\{E0FAF69B-8DE7-4ED1-98A8-BE70DDF462E0}
2012-06-23 05:20:18 -------- d-----w- C:\Users\Michael\AppData\Local\{6BBE332E-6934-4107-999F-92AAE0D0010E}
2012-06-21 08:48:49 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 08:48:23 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 08:48:05 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 08:48:05 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 05:14:07 -------- d-----w- C:\Users\Michael\AppData\Local\{FCF6C9C1-7A03-4955-A005-46981D9864C5}
2012-06-21 05:13:40 -------- d-----w- C:\Users\Michael\AppData\Local\{CD24B7A0-83F3-41B2-AC25-6371996EED44}
2012-06-14 05:32:41 -------- d-----w- C:\Users\Michael\AppData\Local\{34EC43BB-E794-42E6-9E1D-AFB824CF9461}
2012-06-14 05:32:31 -------- d-----w- C:\Users\Michael\AppData\Local\{319F2431-CF15-4489-81E8-F3526E1CD3A5}
2012-06-13 17:02:25 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 17:02:25 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-13 17:01:32 -------- d-----w- C:\Users\Michael\AppData\Local\{7D242644-3069-4CA5-A21D-ABEB20F9B94C}
2012-06-13 17:01:16 -------- d-----w- C:\Users\Michael\AppData\Local\{9A1993EF-7544-4171-8C79-5CF97139F827}
2012-06-13 05:05:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-07 23:42:37 -------- d-----w- C:\Users\Michael\AppData\Local\Chromium
2012-06-07 19:02:54 -------- d-----w- C:\Program Files (x86)\Guild Wars 2
2012-06-07 05:57:13 -------- d-----w- C:\Users\Michael\AppData\Local\{3B98F9F5-6AD4-4AF4-9557-5EDE2A947F9F}
2012-06-07 05:57:03 -------- d-----w- C:\Users\Michael\AppData\Local\{7270360E-8DC3-445D-96A2-CDDDC9305AC5}
.
==================== Find3M ====================
.
2012-06-23 23:10:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 23:10:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-04-06 18:15:10 38632 ----a-w- C:\Windows\System32\drivers\taphss.sys
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:17:04 71680 ----a-w- C:\Windows\System32\amdave64.dll
2012-04-06 01:16:58 72704 ----a-w- C:\Windows\SysWow64\amdave32.dll
2012-04-06 01:16:48 72704 ----a-w- C:\Windows\System32\atisamu64.dll
2012-04-06 01:16:42 67584 ----a-w- C:\Windows\atisamu32.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
.
============= FINISH: 23:21:10.80 ===============
And here is the Attach Log -
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2011 4:24:50 AM
System Uptime: 7/3/2012 11:00:54 PM (0 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Phenom II X4 960T Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1386 GiB total, 1080.601 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.371 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP163: 6/19/2012 3:16:28 AM - Windows Update
RP164: 6/21/2012 1:47:51 AM - Windows Update
RP165: 6/22/2012 10:23:58 PM - Windows Live Essentials
RP166: 6/22/2012 10:25:03 PM - Installed DirectX
RP167: 6/22/2012 10:26:36 PM - Installed DirectX
RP168: 6/22/2012 10:39:02 PM - Windows Live Essentials
RP169: 6/22/2012 10:39:28 PM - Installed DirectX
RP170: 6/22/2012 10:40:22 PM - Installed DirectX
RP171: 6/22/2012 10:40:50 PM - WLSetup
RP172: 6/26/2012 2:32:06 AM - Windows Update
RP174: 6/26/2012 11:06:18 PM - HPSF Restore Point
RP175: 6/28/2012 1:18:53 AM - Installed DirectX
RP176: 6/28/2012 1:19:29 AM - Installed DirectX
RP177: 7/2/2012 9:57:50 PM - Windows Update
RP173: 12/31/2099 4:04:09 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 Plugin
Agatha Christie - Peril at End House
Age of Conan: Unchained
Akamai NetSession Interface
Atlantica
Bandisoft MPEG-1 Decoder
Bejeweled 2 Deluxe
Bejeweled 3
Blackhawk Striker 2
Blacklight: Retribution
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help Czech
CCC Help Danish
Chuzzle Deluxe
CloudNine
Combined Community Codec Pack 2011-07-30
Crossrider Web Apps
D3DX10
DAEMON Tools Lite
Diablo III
Diner Dash 2 Restaurant Rescue
DivX Setup
Dora's World Adventure
DVD-Cloner V8.50 Build 1012
Farm Frenzy
FATE - The Traitor Soul
From Dust
Guild Wars 2
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
HP Customer Experience Enhancements
HP Games
HP LinkUp
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Odometer
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Java Auto Updater
Java 6 Update 29
JDownloader 0.9
Junk Mail filter update
LabelPrint
League of Legends
LightScribe System Software
Lime Odyssey
Logitech Vid HD
MAESTIA version 201201
Magic Online
Magicka
Mah Jong Medley
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Nexon Game Manager
NVIDIA PhysX
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PDF Complete Special Edition
Penguins!
PHANTASY STAR UNIVERSE
PHANTASY STAR UNIVERSE Ambition of the Illuminus
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Pokemon World Online version 1.8
Poker Superstars III
Polar Bowler
Polar Golfer
Portal
PressReader
Project64 1.6
Ragnarok Online
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Manager
Remote Graphics Receiver
Resident Evil: Operation Raccoon City
RGSS-RTP Standard
Rosetta Stone Version 3
RoxioNow Player
RPG Maker XP
SCHTHACK PSOBB
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
SimCity 4 Deluxe
Skype™ 5.8
Slingo Supreme
Spybot - Search & Destroy
Stacking
Steam
Stencyl
Stronghold Kingdoms
Synthesia (remove only)
TeamSpeak 3 Client
Terraria
The Guild II
The Guild II - Pirates of the European Seas
The Guild II: Renaissance
Ubisoft Game Launcher
Unified Remote
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Virtual Villagers 4 - The Tree of Life
WEBZEN Browser Extension
Wheel of Fortune 2
WildTangent Games App (HP Games)
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
Xvid 1.2.2 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Yamaha USB-MIDI Driver
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
7/3/2012 11:07:26 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/3/2012 11:04:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
7/3/2012 11:04:32 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/2/2012 9:50:46 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
12/31/2099 3:32:24 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
Malwarebytes blocking process from svchost.exe
in Resolved Malware Removal Logs
Posted
They appear to be fine, no problems with MBAM, and nothing else strange, thank you for your help.