Jump to content

chandnat

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by chandnat

  1. It removed 1 threat though, a redirector, and now firefox isn't trying to redirect. So I think it worked...
  2. <p>Not sure what happened, all the logfile produced was</p> <p> </p> <p> </p> <div>ESETSmartInstaller@High as CAB hook log:</div> <div>OnlineScanner64.ocx - registred OK</div> <div>OnlineScanner.ocx - registred OK</div> <div> </div> <div>Should I run it again?</div>
  3. Hi, here is the new combofix log. ComboFix 12-08-16.01 - Nathaniel 16/08/2012 23:44:06.3.6 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.8190.5745 [GMT 10:00] Running from: c:\users\Nathaniel\Downloads\ComboFix.exe Command switches used :: c:\users\Nathaniel\Downloads\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Messenger_Plus_Live_Australia c:\program files (x86)\Messenger_Plus_Live_Australia\INSTALL.LOG c:\program files (x86)\Messenger_Plus_Live_Australia\ldrtbMes0.dll c:\program files (x86)\Messenger_Plus_Live_Australia\Messenger_Plus_Live_AustraliaToolbarHelper.exe c:\program files (x86)\Messenger_Plus_Live_Australia\Messenger_Plus_Live_AustraliaToolbarHelper1.exe c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll c:\program files (x86)\Messenger_Plus_Live_Australia\tbMes0.dll c:\program files (x86)\Messenger_Plus_Live_Australia\tbMes1.dll c:\program files (x86)\Messenger_Plus_Live_Australia\tbMess.dll c:\program files (x86)\Messenger_Plus_Live_Australia\toolbar.cfg c:\program files (x86)\Messenger_Plus_Live_Australia\uninstall.exe c:\program files (x86)\Messenger_Plus_Live_Australia\UNWISE.EXE . . ((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 ))))))))))))))))))))))))))))))) . . 2012-08-16 13:51 . 2012-08-16 13:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-14 22:42 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-14 22:42 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-14 22:42 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-14 22:42 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-14 22:42 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe 2012-08-14 22:42 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-14 22:42 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-14 22:42 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll 2012-08-14 22:42 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-14 22:42 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-14 22:41 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-08-14 22:41 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll 2012-08-14 18:50 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B0D30CD-65A7-45CE-BD55-8B9F89C97F77}\mpengine.dll 2012-08-13 22:29 . 2012-08-13 22:29 -------- d-----w- c:\program files\CPUID 2012-08-12 03:57 . 2012-08-12 03:57 -------- d-----w- c:\program files\Microsoft Mathematics 2012-08-11 16:18 . 2012-08-11 16:19 -------- d-----w- c:\users\Nathaniel\AppData\Local\Google 2012-08-11 15:08 . 2012-08-11 15:08 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-11 00:38 . 2012-08-11 00:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-03 08:29 . 2012-08-03 08:29 -------- d-----w- c:\users\Nathaniel\AppData\Local\{623DDC0D-DD45-11E1-8270-B8AC6F996F26} 2012-07-20 07:32 . 2012-07-20 07:32 -------- d-----w- C:\usb . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-16 13:16 . 2011-05-10 05:06 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-08-16 13:16 . 2010-12-01 05:45 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-08-16 13:15 . 2010-12-01 05:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-07-03 03:46 . 2011-12-08 10:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-29 04:05 . 2010-12-01 05:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-06-27 23:02 . 2010-12-01 05:45 3166792 ----a-w- c:\windows\SysWow64\pbsvc.exe 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll 2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-06-11 17:24 . 2011-11-10 03:16 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-06-11 17:23 . 2011-09-24 02:01 1090560 ----a-w- c:\windows\system32\aticfx64.dll 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-06-11 17:16 . 2012-02-15 03:07 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-06-11 17:01 . 2011-09-24 01:43 6914560 ----a-w- c:\windows\system32\atidxx64.dll 2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll 2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll 2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-06-11 16:25 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-06-11 16:25 . 2012-02-15 02:12 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-06-11 16:25 . 2011-11-10 02:11 45056 ----a-w- c:\windows\system32\atiu9p64.dll 2012-06-11 16:24 . 2011-11-10 02:11 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-06-11 03:50 . 2012-06-11 03:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 03:50 . 2012-06-11 03:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 03:50 . 2012-06-11 03:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 03:50 . 2012-06-11 03:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 03:50 . 2012-06-11 03:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 03:50 . 2012-06-11 03:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 03:49 . 2012-06-11 03:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-09 05:30 . 2012-07-10 22:48 14165504 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 18:59 . 2012-06-06 18:59 388096 ----a-r- c:\users\Nathaniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-06 05:50 . 2012-07-10 22:48 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:50 . 2012-07-10 22:48 1880064 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:09 . 2012-07-10 22:48 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:09 . 2012-07-10 22:48 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-05 22:49 . 2012-06-05 22:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-06-02 22:19 . 2012-06-21 22:01 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 22:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 22:01 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 22:01 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 22:01 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 22:01 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 22:01 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 05:38 . 2012-07-10 22:48 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:38 . 2012-07-10 22:48 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:37 . 2012-07-10 22:48 459216 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:27 . 2012-07-10 22:48 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:27 . 2012-07-10 22:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 05:19 . 2012-06-21 22:01 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 05:15 . 2012-06-21 22:01 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 04:48 . 2012-07-10 22:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:48 . 2012-07-10 22:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:47 . 2012-07-10 22:48 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:42 . 2012-07-10 22:48 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 02:25 . 2010-11-01 11:51 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-08-14_10.07.37 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-14 22:42 . 2012-07-04 21:26 57344 c:\windows\SysWOW64\netapi32.dll + 2012-08-15 17:01 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll - 2012-07-11 17:02 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll - 2012-07-11 17:02 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2012-08-15 17:01 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2012-08-15 17:01 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll - 2012-07-11 17:02 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll + 2010-11-01 14:04 . 2012-08-16 13:55 95768 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-16 13:55 45322 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-11-01 12:24 . 2012-08-16 13:55 27956 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2162705529-2246650070-4213155456-1000_UserData.bin - 2012-07-11 17:02 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll + 2012-08-15 17:01 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll - 2012-07-11 17:02 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll + 2012-08-15 17:01 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll + 2012-08-15 17:01 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll - 2012-07-11 17:02 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll - 2009-07-14 05:30 . 2012-06-29 05:07 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30 . 2012-08-15 17:18 86016 c:\windows\system32\DriverStore\infpub.dat + 2011-07-13 05:08 . 2011-04-28 03:58 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_b39fd144c3c86206\BTHUSB.SYS + 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_b39fd144c3c86206\bthenum.sys - 2010-11-01 10:31 . 2012-08-10 15:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-11-01 10:31 . 2012-08-15 01:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-11-01 10:31 . 2012-08-15 01:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-11-01 10:31 . 2012-08-10 15:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-10 15:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-15 01:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-08-15 17:22 85432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2012-05-05 07:32 . 2012-08-12 04:06 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe + 2012-05-05 07:32 . 2012-08-15 17:02 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe + 2012-05-05 07:32 . 2012-08-15 17:02 43608 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe - 2012-05-05 07:32 . 2012-08-12 04:06 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe + 2012-05-05 07:32 . 2012-08-15 17:02 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe + 2012-08-15 03:25 . 2012-08-15 03:25 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll - 2012-08-10 08:09 . 2012-08-10 08:09 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll - 2012-08-10 08:09 . 2012-08-10 08:09 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2012-08-15 03:25 . 2012-08-15 03:25 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2012-08-16 13:53 . 2012-08-16 13:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-14 10:06 . 2012-08-14 10:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-16 13:53 . 2012-08-16 13:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-14 10:06 . 2012-08-14 10:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-11 17:02 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll + 2012-08-15 17:01 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll + 2012-08-15 17:01 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll - 2012-07-11 17:02 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe + 2012-08-15 17:01 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe + 2012-08-15 17:01 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll - 2012-07-11 17:02 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll + 2012-08-15 17:01 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll - 2012-07-11 17:02 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll + 2012-08-15 17:01 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll + 2012-08-15 17:01 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe - 2012-07-11 17:02 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe - 2012-07-11 17:02 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll + 2012-08-15 17:01 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll - 2009-07-14 04:45 . 2012-07-11 17:23 378824 c:\windows\system32\FNTCACHE.DAT + 2009-07-14 04:45 . 2012-08-15 17:20 378824 c:\windows\system32\FNTCACHE.DAT - 2009-07-14 05:30 . 2012-06-29 05:07 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-08-15 17:18 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-08-15 17:18 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:30 . 2012-06-29 05:03 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-07-14 00:06 . 2009-07-14 01:39 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_b39fd144c3c86206\fsquirt.exe + 2012-08-15 17:02 . 2012-07-06 19:58 552448 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_b39fd144c3c86206\bthport.sys - 2009-07-14 05:31 . 2011-07-13 17:22 399360 c:\windows\system32\DriverStore\drvindex.dat + 2009-07-14 05:31 . 2012-08-15 17:18 399360 c:\windows\system32\DriverStore\drvindex.dat + 2009-07-14 05:01 . 2012-08-16 13:52 370744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-07-03 21:59 . 2012-07-03 21:59 261120 c:\windows\Installer\697746a.msp + 2012-05-05 07:32 . 2012-08-15 17:02 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe - 2012-05-05 07:32 . 2012-08-12 04:06 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe - 2012-05-05 07:32 . 2012-08-12 04:06 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe + 2012-05-05 07:32 . 2012-08-15 17:02 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe + 2012-05-05 07:32 . 2012-08-15 17:02 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe - 2012-05-05 07:32 . 2012-08-12 04:06 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe - 2012-05-05 07:32 . 2012-08-12 04:06 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe + 2012-05-05 07:32 . 2012-08-15 17:02 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe + 2011-01-07 00:38 . 2011-01-07 00:38 121208 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\MSCONV97.DLL - 2012-08-10 08:09 . 2012-08-10 08:09 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2012-08-15 03:25 . 2012-08-15 03:25 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2012-08-15 03:25 . 2012-08-15 03:25 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll - 2012-08-10 08:09 . 2012-08-10 08:09 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2012-08-15 03:25 . 2012-08-15 03:25 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll - 2012-08-10 08:09 . 2012-08-10 08:09 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2012-08-15 03:25 . 2012-08-15 03:25 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2012-08-10 08:09 . 2012-08-10 08:09 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2012-08-15 03:25 . 2012-08-15 03:25 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll - 2012-08-10 08:09 . 2012-08-10 08:09 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2012-08-15 03:25 . 2012-08-15 03:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-08-10 08:09 . 2012-08-10 08:09 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-08-10 08:09 . 2012-08-10 08:09 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-08-15 03:25 . 2012-08-15 03:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-08-10 08:09 . 2012-08-10 08:09 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-08-15 03:25 . 2012-08-15 03:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-08-15 03:25 . 2012-08-15 03:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-08-10 08:09 . 2012-08-10 08:09 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-08-10 08:09 . 2012-08-10 08:09 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-08-15 03:25 . 2012-08-15 03:25 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-08-10 08:09 . 2012-08-10 08:09 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-08-15 03:25 . 2012-08-15 03:25 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-08-15 03:25 . 2012-08-15 03:25 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-08-10 08:09 . 2012-08-10 08:09 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-08-15 03:25 . 2012-08-15 03:25 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-08-10 08:09 . 2012-08-10 08:09 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-08-10 08:09 . 2012-08-10 08:09 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2012-08-15 03:25 . 2012-08-15 03:25 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll - 2012-07-11 17:02 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll + 2012-08-15 17:01 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll + 2012-08-15 17:01 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll - 2012-07-11 17:02 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll + 2012-08-15 17:01 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll + 2012-08-15 17:01 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll - 2012-07-11 17:02 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll + 2012-08-15 17:01 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll - 2012-07-11 17:02 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll - 2012-07-11 17:02 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll + 2012-08-15 17:01 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll + 2012-08-15 17:01 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll - 2012-07-11 17:02 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll + 2012-08-15 17:01 . 2012-06-29 03:56 2312704 c:\windows\system32\jscript9.dll + 2012-08-15 17:01 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll - 2012-07-11 17:02 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll - 2009-07-14 04:45 . 2012-07-11 17:25 3955892 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2012-08-15 17:22 3955892 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2012-05-06 04:44 . 2012-08-16 13:52 1672192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-07-18 16:45 . 2012-07-18 16:45 3464704 c:\windows\Installer\69774e5.msp + 2012-07-03 22:04 . 2012-07-03 22:04 1292288 c:\windows\Installer\69774d0.msp + 2012-07-03 22:12 . 2012-07-03 22:12 4772352 c:\windows\Installer\69774c7.msp + 2012-07-03 22:09 . 2012-07-03 22:09 1284096 c:\windows\Installer\69774b1.msp + 2012-07-03 22:01 . 2012-07-03 22:01 9082368 c:\windows\Installer\697749c.msp + 2012-07-03 21:58 . 2012-07-03 21:58 6163456 c:\windows\Installer\6977480.msp + 2012-05-05 07:32 . 2012-08-15 17:02 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe - 2012-05-05 07:32 . 2012-08-12 04:06 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe + 2012-05-05 07:32 . 2012-08-15 17:02 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe - 2012-05-05 07:32 . 2012-08-12 04:06 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe + 2012-05-05 07:32 . 2012-08-15 17:02 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe - 2012-05-05 07:32 . 2012-08-12 04:06 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe + 2012-05-05 07:32 . 2012-08-15 17:02 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe - 2012-05-05 07:32 . 2012-08-12 04:06 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe - 2012-05-05 07:32 . 2012-08-12 04:06 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe + 2012-05-05 07:32 . 2012-08-15 17:02 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe + 2012-08-15 03:25 . 2012-08-15 03:25 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-08-10 08:09 . 2012-08-10 08:09 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2012-08-10 08:09 . 2012-08-10 08:09 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-08-15 03:25 . 2012-08-15 03:25 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2012-08-15 17:01 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll - 2009-07-14 02:34 . 2012-08-14 02:48 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2012-08-15 19:33 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2012-08-15 17:01 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll + 2012-08-15 17:01 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll + 2010-11-01 12:20 . 2012-08-16 13:52 61154000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2162705529-2246650070-4213155456-1000-8192.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-10 1353080] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048] "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408] "LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-07-28 557056] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504] "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "TriDefControlPanel"="c:\program files (x86)\TriDef 3D\TriDef\Common\TriDefControlPanel.exe" [2007-09-05 2827264] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-08-29 979328] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/28 21:51;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-28 158856] R3 ALSysIO;ALSysIO;c:\users\NATHAN~1\AppData\Local\Temp\ALSysIO64.sys [x] R3 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832] R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 cpuz130;cpuz130;c:\users\NATHAN~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-07-28 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-07-28 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-25 25832] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-21 97552] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-06 24176] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-07 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2010-10-06 43704] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 S3DSvc32;S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-10-24 360960] S2 S3DSvc64;S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-10-24 480768] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-05-18 641464] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-17 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-23 726816] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240] . . --- Other Services/Drivers In Memory --- . *Deregistered* - CLKMDRV10_9EC60124 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-04-22 03:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2162705529-2246650070-4213155456-1000Core.job - c:\users\Nathaniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 16:18] . 2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2162705529-2246650070-4213155456-1000UA.job - c:\users\Nathaniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 16:18] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23}: NameServer = 192.168.0.1 TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23}\E416478616E69656C62E08993702960586F6E656: DhcpNameServer = 211.29.132.12 61.88.88.88 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\wriwcifs.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . AddRemove-Messenger_Plus_Live_Australia Toolbar - c:\program files (x86)\Messenger_Plus_Live_Australia\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:57,83,e7,09,2f,c3,57,99,5c,12,de,bd,53,5a,43,67,09,d1,a0,b0,44,09,21, 50,d0,46,bb,ef,0d,37,0b,14,c9,8e,b1,ec,77,4e,8d,78,1b,05,59,db,18,b6,a9,37,\ "??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f . [HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:3c,5c,fa,00,d8,f4,be,9f,4d,ea,f2,1b,55,5c,38,a8,71,ec,4e,23,b8, 1e,ac,9f,84,f1,43,4b,e2,81,87,dd,9c,8c,e2,e3,0d,e9,cd,33,f5,75,a6,5f,06,8c,\ "rkeysecu"=hex:f1,d9,9d,8b,02,06,2e,ce,93,84,64,58,b3,32,76,12 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe c:\windows\DAODx.exe c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe c:\program files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe c:\program files (x86)\Common Files\Steam\SteamService.exe . ************************************************************************** . Completion time: 2012-08-17 00:00:28 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-16 14:00 ComboFix2.txt 2012-08-14 10:13 ComboFix3.txt 2012-08-11 15:47 . Pre-Run: 83,854,737,408 bytes free Post-Run: 83,528,593,408 bytes free . - - End Of File - - 63EEBF63E8F8EBA30B7264E2D77FEABD
  4. Hi, here is my combofix log. I appreciate your help. Please be advised that skype.exe at one point was blocked from contacting a website by MBAM. Only happened once. ComboFix 12-08-13.01 - Nathaniel 14/08/2012 19:56:43.2.6 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.8190.5898 [GMT 10:00] Running from: c:\users\Nathaniel\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 ))))))))))))))))))))))))))))))) . . 2012-08-14 10:05 . 2012-08-14 10:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-13 22:29 . 2012-08-13 22:29 -------- d-----w- c:\program files\CPUID 2012-08-12 03:57 . 2012-08-12 03:57 -------- d-----w- c:\program files\Microsoft Mathematics 2012-08-11 16:18 . 2012-08-11 16:19 -------- d-----w- c:\users\Nathaniel\AppData\Local\Google 2012-08-11 15:08 . 2012-08-11 15:08 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-11 00:38 . 2012-08-11 00:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-10 17:45 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B93F487-5379-4427-A47F-D6033667DC5D}\mpengine.dll 2012-08-03 08:29 . 2012-08-03 08:29 -------- d-----w- c:\users\Nathaniel\AppData\Local\{623DDC0D-DD45-11E1-8270-B8AC6F996F26} 2012-07-20 07:32 . 2012-07-20 07:32 -------- d-----w- C:\usb 2012-07-17 10:03 . 2012-07-17 10:03 -------- d-----w- c:\users\Nathaniel\AppData\Local\etax2012 2012-07-17 10:03 . 2012-07-17 10:03 -------- d-----w- c:\program files (x86)\etax2012 2012-07-16 22:56 . 2012-07-16 22:56 -------- d-----w- c:\users\Nathaniel\AppData\Local\FalloutNV . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-12 11:45 . 2011-05-10 05:06 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-08-12 11:45 . 2010-12-01 05:45 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-08-12 11:45 . 2010-12-01 05:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-07-03 03:46 . 2011-12-08 10:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-29 04:05 . 2010-12-01 05:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-06-27 23:02 . 2010-12-01 05:45 3166792 ----a-w- c:\windows\SysWow64\pbsvc.exe 2012-06-12 03:02 . 2012-07-11 17:04 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll 2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-06-11 17:24 . 2011-11-10 03:16 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-06-11 17:23 . 2011-09-24 02:01 1090560 ----a-w- c:\windows\system32\aticfx64.dll 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-06-11 17:16 . 2012-02-15 03:07 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-06-11 17:01 . 2011-09-24 01:43 6914560 ----a-w- c:\windows\system32\atidxx64.dll 2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll 2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll 2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-06-11 16:25 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-06-11 16:25 . 2012-02-15 02:12 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-06-11 16:25 . 2011-11-10 02:11 45056 ----a-w- c:\windows\system32\atiu9p64.dll 2012-06-11 16:24 . 2011-11-10 02:11 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-06-11 03:50 . 2012-06-11 03:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 03:50 . 2012-06-11 03:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 03:50 . 2012-06-11 03:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 03:50 . 2012-06-11 03:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 03:50 . 2012-06-11 03:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 03:50 . 2012-06-11 03:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 03:49 . 2012-06-11 03:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-09 05:30 . 2012-07-10 22:48 14165504 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 18:59 . 2012-06-06 18:59 388096 ----a-r- c:\users\Nathaniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-06 05:50 . 2012-07-10 22:48 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:50 . 2012-07-10 22:48 1880064 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:09 . 2012-07-10 22:48 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:09 . 2012-07-10 22:48 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-02 22:19 . 2012-06-21 22:01 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 22:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 22:01 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 22:01 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 22:01 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 22:01 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 22:01 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 12:49 . 2012-07-11 17:02 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-11 17:02 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-11 17:02 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-11 17:02 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-11 17:02 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-11 17:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-11 17:02 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-11 17:02 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-11 17:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-11 17:02 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-11 17:02 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-11 17:02 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-11 17:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-11 17:02 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-11 17:02 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-11 17:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-11 17:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-11 17:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-11 17:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 05:38 . 2012-07-10 22:48 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:38 . 2012-07-10 22:48 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:37 . 2012-07-10 22:48 459216 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:27 . 2012-07-10 22:48 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:27 . 2012-07-10 22:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 05:19 . 2012-06-21 22:01 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 05:15 . 2012-06-21 22:01 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 04:48 . 2012-07-10 22:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:48 . 2012-07-10 22:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:47 . 2012-07-10 22:48 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:42 . 2012-07-10 22:48 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ea0969b3-6e12-4ac0-b6c9-148e81247954}"= "c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ea0969b3-6e12-4ac0-b6c9-148e81247954}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ea0969b3-6e12-4ac0-b6c9-148e81247954}"= "c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-10 1353080] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048] "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408] "LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-07-28 557056] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504] "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "TriDefControlPanel"="c:\program files (x86)\TriDef 3D\TriDef\Common\TriDefControlPanel.exe" [2007-09-05 2827264] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-08-29 979328] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/28 21:51;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-28 158856] R3 ALSysIO;ALSysIO;c:\users\NATHAN~1\AppData\Local\Temp\ALSysIO64.sys [x] R3 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832] R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 cpuz130;cpuz130;c:\users\NATHAN~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-07-28 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-07-28 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-25 25832] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-21 97552] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-06 24176] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-07 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2010-10-06 43704] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 S3DSvc32;S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-10-24 360960] S2 S3DSvc64;S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-10-24 480768] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-05-18 641464] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-17 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-23 726816] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240] . . --- Other Services/Drivers In Memory --- . *Deregistered* - CLKMDRV10_9EC60124 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-04-22 03:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2162705529-2246650070-4213155456-1000Core.job - c:\users\Nathaniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 16:18] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2162705529-2246650070-4213155456-1000UA.job - c:\users\Nathaniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 16:18] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2535291 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23}: NameServer = 192.168.0.1 TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23}\E416478616E69656C62E08993702960586F6E656: DhcpNameServer = 211.29.132.12 61.88.88.88 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\wriwcifs.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535291&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535291&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{EA0969B3-6E12-4AC0-B6C9-148E81247954} - (no file) AddRemove-ArmA 2 - c:\program files (x86)\Bohemia Interactive\ArmA 2 Free\UnInstall.exe AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe AddRemove-BattlEye for OA - c:\program files (x86)\CapsuleGames\ARMA II Operation Arrowhead - PCExpansion\BattlEye\UnInstallBE.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:57,83,e7,09,2f,c3,57,99,5c,12,de,bd,53,5a,43,67,09,d1,a0,b0,44,09,21, 50,d0,46,bb,ef,0d,37,0b,14,c9,8e,b1,ec,77,4e,8d,78,1b,05,59,db,18,b6,a9,37,\ "??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f . [HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:3c,5c,fa,00,d8,f4,be,9f,4d,ea,f2,1b,55,5c,38,a8,71,ec,4e,23,b8, 1e,ac,9f,84,f1,43,4b,e2,81,87,dd,9c,8c,e2,e3,0d,e9,cd,33,f5,75,a6,5f,06,8c,\ "rkeysecu"=hex:f1,d9,9d,8b,02,06,2e,ce,93,84,64,58,b3,32,76,12 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe c:\windows\DAODx.exe c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe c:\program files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe c:\windows\SysWOW64\CTXFISPI.EXE . ************************************************************************** . Completion time: 2012-08-14 20:13:05 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-14 10:13 ComboFix2.txt 2012-08-11 15:47 . Pre-Run: 96,184,209,408 bytes free Post-Run: 95,750,660,096 bytes free . - - End Of File - - FB77B2EECD6AF24D7DB915ABF7A2DBDD
  5. Hi, thank you very much for replying. I understand that the computer may never be truly cleaned, and one day will probably reinstall windows but for now I'd like to at least try. MBAM log: -Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.12.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Nathaniel :: NATPC [administrator] Protection: Enabled 12/08/2012 11:50:26 PM mbam-log-2012-08-12 (23-50-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205822 Time elapsed: 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR log aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-12 23:49:24 ----------------------------- 23:49:24.740 OS Version: Windows x64 6.1.7600 23:49:24.740 Number of processors: 6 586 0xA00 23:49:24.741 ComputerName: NATPC UserName: 23:49:26.099 Initialize success 23:49:40.184 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 23:49:40.185 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953868MB BusType: 3 23:49:40.195 Disk 0 MBR read successfully 23:49:40.197 Disk 0 MBR scan 23:49:40.198 Disk 0 Windows 7 default MBR code 23:49:40.209 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 23:49:40.215 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953766 MB offset 206848 23:49:40.231 Disk 0 scanning C:\Windows\system32\drivers 23:49:45.629 Service scanning 23:49:56.930 Modules scanning 23:49:56.968 Disk 0 trace - called modules: 23:49:56.986 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 23:49:56.988 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e17060] 23:49:56.991 3 CLASSPNP.SYS[fffff880019b143f] -> nt!IofCallDriver -> [0xfffffa8007b2b520] 23:49:56.995 5 ACPI.sys[fffff88000f29781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007b2d060] 23:49:56.998 Scan finished successfully 23:50:19.857 Disk 0 MBR has been saved successfully to "C:\Users\Nathaniel\Desktop\MBR.dat" 23:50:19.861 The log file has been saved successfully to "C:\Users\Nathaniel\Desktop\aswMBR.txt" New DDS log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Nathaniel at 0:05:56 on 2012-08-13 Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.8190.4863 [GMT 10:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe C:\Windows\DAODx.exe C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Logitech\SetPointG\SetPointII.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\ASUS\EPU\EPU.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\Program Files (x86)\TriDef 3D\TriDef\Common\TriDefControlPanel.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Mathematics\MathApp.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Users\Nathaniel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nathaniel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nathaniel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nathaniel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nathaniel\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\notepad.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2535291 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll uURLSearchHooks: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll mURLSearchHooks: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll TB: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [Google Update] "C:\Users\Nathaniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [TriDefControlPanel] "C:\Program Files (x86)\TriDef 3D\TriDef\Common\TriDefControlPanel.exe" M mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{15CEFA21-0C73-4129-A88B-F3E42DD1FF64} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{183BFEC5-D3DF-491A-8D0A-2E266E40044A} : DhcpNameServer = 10.1.1.1 TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23} : NameServer = 192.168.0.1 TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23}\E416478616E69656C62E08993702960586F6E656 : DhcpNameServer = 211.29.132.12 61.88.88.88 TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23}\F407475737344433F5333326534323 : DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12 TCP: Interfaces\{4E18973C-6C36-4A59-B20A-348DBC3E8B1F} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4E18973C-6C36-4A59-B20A-348DBC3E8B1F}\24967607F6E646F594E6475627E65647 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{4E18973C-6C36-4A59-B20A-348DBC3E8B1F}\E416478616E69656C62E08993702960586F6E656 : DhcpNameServer = 211.29.132.12 61.88.88.88 TCP: Interfaces\{4E18973C-6C36-4A59-B20A-348DBC3E8B1F}\E4544574541425 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{4E18973C-6C36-4A59-B20A-348DBC3E8B1F}\F40545553514635323436423 : DhcpNameServer = 10.1.1.1 TCP: Interfaces\{D7917D21-74F2-47FF-9873-C88738B909C3} : DhcpNameServer = 211.29.132.12 61.88.88.88 TCP: Interfaces\{E33291E0-A26A-4B65-A71B-A267C9C58C1C} : DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12 TCP: Interfaces\{F4220CED-1B92-4544-A996-1F9BDBC21C5C} : DhcpNameServer = 10.1.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO-X64: AMD SteadyVideo BHO - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll BHO-X64: Messenger Plus Live Australia - No File TB-X64: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [TriDefControlPanel] "C:\Program Files (x86)\TriDef 3D\TriDef\Common\TriDefControlPanel.exe" M mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\wriwcifs.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535291&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535291&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Nathaniel\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Users\Nathaniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\wriwcifs.default\extensions\{ea0969b3-6e12-4ac0-b6c9-148e81247954}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2011-12-28 43704] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984] R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-4-14 140160] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-11-30 96896] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-6-15 166400] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-6-15 128512] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-11 655944] R2 S3DSvc32;S3D Service (Win32);C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [2011-12-28 360960] R2 S3DSvc64;S3D Service (Win64);C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [2011-12-28 480768] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-5-19 641464] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/28 21:51:09;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-5-14 246256] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 AMD FusionUtility Service;AMD FusionUtility Service;C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-4-14 275832] S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-7-28 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-28 79360] S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-3-9 25832] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-12 113120] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-5-27 24176] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-08-12 13:45:41 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{3B198094-BB1A-4F0D-8DD8-6CFF3FDA86BE} 2012-08-12 13:45:29 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{DB076A27-AF37-4A94-A2CD-BBBB7D4B0E68} 2012-08-12 04:09:43 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-12 03:57:41 -------- d-----w- C:\Program Files\Microsoft Mathematics 2012-08-11 16:18:12 -------- d-----w- C:\Users\Nathaniel\AppData\Local\Google 2012-08-11 15:08:55 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-11 00:38:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-10 17:45:10 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3B93F487-5379-4427-A47F-D6033667DC5D}\mpengine.dll 2012-08-03 08:29:55 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{623DDC0D-DD45-11E1-8270-B8AC6F996F26} 2012-07-30 13:02:28 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{E05B792C-93F1-4FC8-B52B-9D05596C88E8} 2012-07-30 13:02:10 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{1946E4F4-20A7-4FC7-82B8-6CED62BF23CC} 2012-07-20 07:32:19 -------- d-----w- C:\usb 2012-07-17 10:03:34 -------- d-----w- C:\Users\Nathaniel\AppData\Local\etax2012 2012-07-17 10:03:02 -------- d-----w- C:\Program Files (x86)\etax2012 2012-07-16 22:56:12 -------- d-----w- C:\Users\Nathaniel\AppData\Local\FalloutNV 2012-07-16 10:30:07 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{C2285E2A-D3F8-4CCF-801A-918ACF0ABCE2} 2012-07-16 10:26:47 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{FB56FC66-578A-45C1-B56F-3BE827974B6B} 2012-07-14 10:56:22 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{EE3CF8BE-2D92-4273-A536-9EECC71EF775} 2012-07-14 10:56:06 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{0E3F17FF-5B1E-46FC-A5B8-58DD2552DACD} . ==================== Find3M ==================== . 2012-08-12 11:45:35 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-08-12 11:45:35 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-08-12 11:45:22 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-07-03 03:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-29 04:05:35 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-06-27 23:02:49 3166792 ----a-w- C:\Windows\SysWow64\pbsvc.exe 2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll 2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll 2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll 2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe 2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll 2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll 2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-06-11 03:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-06-11 03:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-06-11 03:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-06-11 03:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-06-11 03:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-06-11 03:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll 2012-06-11 03:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 05:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 05:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 02:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe . ============= FINISH: 0:06:49.24 =============== New attach log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 1/11/2010 9:35:05 PM System Uptime: 12/08/2012 2:08:58 PM (10 hours ago) . Motherboard: ASUSTeK Computer INC. | | M4A89GTD-PRO/USB3 Processor: AMD Phenom II X6 1090T Processor | AM3 | 3200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 92.864 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: Realtek High Definition Audio Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_104383C0&REV_1003\4&1DDE902D&0&0001 Manufacturer: Realtek Name: Realtek High Definition Audio PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_104383C0&REV_1003\4&1DDE902D&0&0001 Service: IntcAzAudAddService . ==== System Restore Points =================== . RP425: 12/08/2012 1:59:59 AM - ComboFix created restore point RP426: 12/08/2012 1:46:19 PM - Removed Microsoft Mathematics (64-bit) RP427: 12/08/2012 1:47:02 PM - Installed Microsoft Mathematics (64-bit) RP428: 12/08/2012 1:47:49 PM - Installed DirectX RP429: 12/08/2012 1:56:51 PM - Removed Microsoft Mathematics (64-bit) RP430: 12/08/2012 1:57:31 PM - Installed Microsoft Mathematics (64-bit) RP431: 12/08/2012 1:57:47 PM - Installed DirectX . ==== Installed Programs ====================== . 3DMark Vantage ABBYY FineReader 9.0 Sprint Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.4.5 Age of Empires Online Age of Empires® III: Complete Collection Alpha Protocol AMD Fusion Utility AMD VISION Engine Control Center Amnesia: The Dark Descent Anno 1701 Anno 2070 Apple Application Support Apple Software Update Application Profiles Arcanum ArcSoft PhotoStudio 5.5 ArmA 2 Free Uninstall Baldur's Gate Battlefield 3™ Battlefield: Bad Company 2 Battlelog Web Plugins BattlEye (A2Free) Uninstall BattlEye for OA Uninstall Beneath a Steel Sky Bing Bar Braid Browser Configuration Utility Call of Duty 4: Modern Warfare Call of Duty: Black Ops Call of Duty: Black Ops - Multiplayer Call of Duty: Modern Warfare 2 Call of Duty: Modern Warfare 2 - Multiplayer Call of Duty: Modern Warfare 3 Call of Duty: Modern Warfare 3 - Dedicated Server Call of Duty: Modern Warfare 3 - Multiplayer Call of Duty: World at War Capsule Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco AnyConnect VPN Client Codename Gordon Cogs Content Manager Assistant for PlayStation® Counter-Strike: Source Creative Audio Control Panel Creative Diagnostics Creative MediaSource 5 Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition Creative System Information Creative WaveStudio 7 Crysis WARHEAD® Crysis WARHEAD® Patch Crysis® Crysis® 2 CyberLink BD Advisor 2.0 CyberLink Blu-ray Disc Suite CyberLink LabelPrint CyberLink LG Burning Tool CyberLink MediaShow CyberLink PowerDVD 9 CyberLink PowerProducer CyberLink YouCam D3DX10 Day of Defeat: Source Dead Island Dead Space™ Defcon Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Descent and Descent 2 Deus Ex - HDTP Deus Ex: Game of the Year Edition Deus Ex: Human Revolution Deus Ex: Human Revolution - The Missing Link DiRT 3 DNA Dolby Digital Live Pack Dragon Age: Origins Dropbox DTS Connect Pack e-tax 2011 e-tax 2012 EasyBits GO Eclipse - Pydev 1.6.3 Eclipse - QtEclipse 1.5.2 Eclipse - StartExplorer 0.5.0 Empire Earth III Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Event Manager EPSON Scan EPU eReg ESN Sonar Fallout Fallout 2 Unofficial Patch 1.02.27.3 Fallout: New Vegas Fallout2 Far Cry 2 ffdshow [rev 3154] [2009-12-09] Fraps From Dust Futuremark SystemInfo GameSpy Comrade Google Chrome GPU Boost Driver Graphmatica Guild Wars Half-Life Half-Life 2 Half-Life 2: Episode One Half-Life 2: Episode Two Half-Life 2: Lost Coast Half-Life: Blue Shift Half-Life: Opposing Force HandBrake 0.9.5 HardwareOC Crysis Warhead Benchmark v1.1.1.0 HiJackThis HxD Hex Editor version 1.7.7.0 iZ3D Driver Remove Java Auto Updater Java 6 Update 31 JMicron JMB36X Driver Junk Mail filter update Just Cause 2 Kaiba Corp Virtual Duel System 1.28 Killing Floor Left 4 Dead 2 LG Tool Kit LibUSB-Win32-0.1.10.1 LightScribe System Software Malwarebytes Anti-Malware version 1.62.0.1300 Mass Effect Mass Effect 2 Mass Effect™ 3 Mesh Runtime Messenger Companion Messenger Plus Live Australia Toolbar Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 4.0 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 NEC Electronics USB 3.0 Host Controller Driver NVIDIA PhysX Oddworld: Abe's Exoddus Oddworld: Abe's Oddysee Oddworld: Stranger's Wrath OmniPage SE 2.0 OpenAL OpenOffice.org 3.3 Origin PAYDAY: The Heist Planescape Torment Plants vs. Zombies Poker Night at the Inventory Portal PowerISO PunkBuster Services PyQt4 - QtHelp 4.7.1 PyQt4 - Qwt5 5.2.1 Python 2.6 - docutils 0.7 Python 2.6 - formlayout 1.0.9 Python 2.6 - Gnuplot 1.8 Python 2.6 - guidata 1.3.0 Python 2.6 - guiqwt 2.1.0 Python 2.6 - h5py 1.3.1 Python 2.6 - IPython 0.10.1 Python 2.6 - jinja2 2.5.5 Python 2.6 - matplotlib 1.0.1 Python 2.6 - nose 1.0.0 Python 2.6 - numexpr 1.4.2 Python 2.6 - numpy 1.5.1 Python 2.6 - PIL 1.1.7.1 Python 2.6 - py2exe 0.6.9 Python 2.6 - pygments 1.4.0 Python 2.6 - pylint 0.23.0 Python 2.6 - PyQt4 4.8.3 Python 2.6 - pyreadline 1.6 Python 2.6 - pywin32 2.16 Python 2.6 - reportlab 2.5 Python 2.6 - scipy 0.9.0 Python 2.6 - setuptools 0.6.11 Python 2.6 - sphinx 1.0.7 Python 2.6 - spyder 2.0.10 Python 2.6 - tables 2.2.1 Python 2.6 - vitables 2.1 Python 2.6 - vtk 5.6.1.1 Python 2.6 - xy 1.2.5 Python 2.6.6 Python(x,y) Python(x,y) - console 2.0.147.1 Python(x,y) - eclipse 3.5.2 Python(x,y) - mingw 4.5.2 Python(x,y) - SciTE 2.25 Python(x,y) - Veusz 1.10 Python(x,y) - WinMerge 2.12.4 Python(x,y) - xydoc 1.0.4 Quantum Conundrum QuickTime Raptor - Call of the Shadows Ray Adams ATI Tray Tools Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver RollerCoaster Tycoon 2 Triple Thrill Pack Samsung SyncMaster 3D Game Launcher (TriDef 3D) 1.1.6 Samsung_MonSetup Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Shank Shank 2 Sid Meier's Civilization V Sid Meier's Civilization V SDK SimCity 4 SimCity 4 Deluxe Skype Click to Call Skype™ 5.8 Sound Blaster X-Fi SPORE™ Star Wars: Knights of the Old Republic Star Wars: The Old Republic Steam Strand7 Release 2.4 Demo Super Meat Boy Synergy System Requirements Lab System Requirements Lab CYRI Tag - IGF Professional 2008 Team Fortress 2 Terraria The Elder Scrolls V: Skyrim Thief: Deadly Shadows Tom Clancy's Ghost Recon Future Soldier Tom Clancy's Ghost Recon: Advanced Warfighter Tom Clancy's Ghost Recon: Advanced Warfighter 2 Total War: SHOGUN 2 TriDef Photo Builder 2.1.6 TriDef Photo Samples 1.8.1 TriDef Photo Transformer 1.10.6 TriDef Photo Transformer Bundle 1.10.5 TriDef Photo Viewer 1.10.4 Tropico 4 TurboV EVO TVersity Codec Pack 1.4 TVersity Media Server 1.9.3 Ubisoft Game Launcher Unity Web Player Universe Sandbox Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition User's Guide EPSON NX130 TX130 Series WeGame Client 2.2.2 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinSCP 4.2.9 Zeno Clash . ==== Event Viewer Messages From Past Week ======== . 9/08/2012 5:04:07 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 9/08/2012 5:04:07 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 12/08/2012 2:09:32 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified. 12/08/2012 2:09:30 PM, Error: Service Control Manager [7000] - The lirsgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. 12/08/2012 2:09:29 PM, Error: Service Control Manager [7000] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error: The system cannot find the file specified. 12/08/2012 2:09:29 PM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. 12/08/2012 12:08:15 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 12/08/2012 1:34:39 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 12/08/2012 1:33:32 AM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). 12/08/2012 1:33:25 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 12/08/2012 1:32:50 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 11/08/2012 8:19:29 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.5. The computer with the IP address 192.168.0.6 did not allow the name to be claimed by this computer. 10/08/2012 9:32:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 10/08/2012 9:32:23 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
  6. Hi, I recently was infected with Sireref. I believe I have removed most of it utilising malwarebytes, TDSSkiller and various pieces of advice, if not all of it, however I am currently being presented with attempted browser hijack attempts to the IP 91.218.121.57, which Malwarebytes is blocking. It does not appear to be happening in Internet Explorer. I have seen a few topics like this where the person's computer becomes clean and would be very grateful for help doing the same. Attached are the DDS and attach logs. Any help would be greatly appreciated. DDS.txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.