Jump to content

heyscotttt

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by heyscotttt

  1. Having slight problem on second step to scan c:\windows\F896D02690164122B9BD957FF092FFE9.TMP when I locate it, it is a folder and has 10 files inside of it. Please advise before I continue?
  2. Thank you for your help here TheDarkKnight, I deleted Norton from my computer through uninstall, followed the instructions for combofix and here is my log (should also mention I ran a quick scan with malwarebytes and it found two still:: Trojan.Agent File C:\Windows\svchost.exe Trojan.Agent Memory Process C:\Windows\svchost.exe 4016 ComboFix 12-08-25.04 - White Lightning 08/25/2012 9:14.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8104.6626 [GMT -4:00] Running from: c:\users\White Lightning\Desktop\antiviri\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\White Lightning\AppData\Local\Temp\{D8BABD8F-611F-40D5-B3CD-1FB70C94468E}\fpb.tmp c:\users\White Lightning\AppData\Roaming\RIFT c:\users\White Lightning\AppData\Roaming\RIFT\rift.cfg c:\users\WHITEL~1\AppData\Local\Temp\{D8BABD8F-611F-40D5-B3CD-1FB70C94468E}\fpb.tmp c:\windows\Installer\{6354c69b-1d97-8b81-a18e-269bbef811f4}\@ c:\windows\Installer\{6354c69b-1d97-8b81-a18e-269bbef811f4}\L\00000004.@ c:\windows\Installer\{6354c69b-1d97-8b81-a18e-269bbef811f4}\L\201d3dde c:\windows\Installer\{6354c69b-1d97-8b81-a18e-269bbef811f4}\U\00000008.@ c:\windows\svchost.exe F:\install.exe G:\Autorun.inf . Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 ))))))))))))))))))))))))))))))) . . 2012-08-25 13:17 . 2012-08-25 13:17 -------- d-----w- c:\users\postgres\AppData\Local\temp 2012-08-25 13:17 . 2012-08-25 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-25 01:58 . 2012-08-25 01:58 -------- d-----w- c:\program files\Enigma Software Group 2012-08-25 01:58 . 2012-08-25 02:05 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-08-24 00:29 . 2012-08-24 00:29 -------- d-----w- c:\users\White Lightning\AppData\Local\SplitMediaLabs 2012-08-24 00:27 . 2012-08-24 00:27 -------- d-----w- c:\programdata\SplitMediaLabs 2012-08-24 00:27 . 2012-08-24 00:27 -------- d-----w- c:\program files (x86)\SplitMediaLabs 2012-08-24 00:27 . 2012-08-24 00:27 -------- d-----w- c:\users\White Lightning\AppData\Roaming\SplitMediaLabs 2012-08-20 12:45 . 2012-08-20 12:45 -------- d-----w- c:\users\White Lightning\AppData\Roaming\Malwarebytes 2012-08-20 12:45 . 2012-08-20 13:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-20 12:45 . 2012-08-20 12:45 -------- d-----w- c:\programdata\Malwarebytes 2012-08-20 12:45 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-19 23:53 . 2012-08-19 23:53 -------- d-----w- c:\users\White Lightning\AppData\Roaming\SpeedyPC Software 2012-08-19 23:53 . 2012-08-19 23:53 -------- d-----w- c:\users\White Lightning\AppData\Roaming\DriverCure 2012-08-19 23:53 . 2012-08-20 12:42 -------- d-----w- c:\programdata\SpeedyPC Software 2012-08-19 20:12 . 2012-08-19 20:12 -------- d-----w- c:\users\White Lightning\AppData\Roaming\Tific 2012-08-19 20:12 . 2012-08-19 20:12 -------- d-----w- c:\users\White Lightning\AppData\Local\Symantec 2012-08-19 20:10 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-08-19 20:10 . 2012-07-03 16:21 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-08-19 20:10 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-08-19 20:10 . 2012-07-03 16:21 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-08-19 20:09 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-08-19 20:09 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-08-19 20:09 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-08-19 20:09 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-08-19 20:09 . 2012-07-03 16:21 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-08-19 20:09 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-08-19 20:09 . 2012-06-27 20:33 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2012-08-19 20:09 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr 2012-08-19 20:09 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-08-19 20:09 . 2012-08-19 20:09 -------- d-----w- c:\programdata\AVAST Software 2012-08-19 20:09 . 2012-08-19 20:09 -------- d-----w- c:\program files\AVAST Software 2012-08-19 19:56 . 2012-08-19 19:56 -------- d-----w- c:\users\White Lightning\AppData\Local\WinZip 2012-08-19 19:56 . 2012-08-19 19:56 -------- d-----w- c:\programdata\WinZip 2012-08-19 19:56 . 2012-08-19 19:56 -------- d-----w- c:\program files\WinZip 2012-08-19 01:16 . 2012-08-19 01:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-19 01:08 . 2012-08-19 01:08 -------- d-----w- c:\windows\Sun 2012-08-12 16:53 . 2012-08-12 16:53 -------- d-----w- c:\programdata\ATI 2012-08-12 16:53 . 2012-08-12 16:53 -------- d-----w- c:\program files (x86)\AMD APP 2012-08-05 13:39 . 2012-08-12 16:37 -------- d-----w- c:\users\White Lightning\AppData\Roaming\TS3Client 2012-08-05 13:36 . 2012-08-05 13:36 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client 2012-08-03 23:34 . 2012-08-03 23:34 -------- d-----w- c:\users\White Lightning\AppData\Local\Macromedia 2012-08-03 23:34 . 2012-08-15 00:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-03 23:33 . 2012-08-03 23:33 -------- d-----w- c:\users\White Lightning\AppData\Local\Mozilla 2012-08-03 23:33 . 2012-08-03 23:33 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-07-31 23:12 . 2012-07-31 23:12 -------- d-----w- C:\unidpredict . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 00:59 . 2012-01-18 02:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll 2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-06-11 17:24 . 2012-04-06 02:21 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-06-11 17:23 . 2011-10-12 20:13 1090560 ----a-w- c:\windows\system32\aticfx64.dll 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-06-11 17:16 . 2012-04-06 02:13 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-06-11 17:01 . 2011-10-12 19:54 6914560 ----a-w- c:\windows\system32\atidxx64.dll 2012-06-11 16:51 . 2011-12-06 02:39 4246528 ----a-w- c:\windows\system32\atiumd6a.dll 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll 2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-06-11 16:36 . 2011-12-06 02:24 6605824 ----a-w- c:\windows\system32\atiumd64.dll 2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-06-11 16:25 . 2011-10-12 19:29 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-06-11 16:25 . 2012-04-06 01:09 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-06-11 16:25 . 2011-12-06 02:11 45056 ----a-w- c:\windows\system32\atiu9p64.dll 2012-06-11 16:24 . 2012-06-11 16:24 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2012-01-18 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2012-01-18 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\DeviceVM\SmartView\AddressBarSearch.dll" [2010-09-02 162080] . [HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}] [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}] [HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-01-19 4942336] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "SmartViewAgent"="c:\program files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" [2010-09-02 948504] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-02-02 31808] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-18 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-06-27 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-02-02 834544] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-01-19 15936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-07-03 133912] S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w [x] S2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-09-02 125216] S2 WCUService;SmartView Software Updater Service;c:\program files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [2010-09-02 456976] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 netr28ux;Belkin Basic Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2012-01-19 1118048] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144] S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-07-07 66336] . . Contents of the 'Scheduled Tasks' folder . 2012-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 00:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072] "XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\White Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\ptiozzse.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-ASRockXTU - (no file) Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file) Wow6432Node-HKCU-Run-SPMTray - c:\program files (x86)\PC Speed Maximizer\SPMTray.exe AddRemove-ProfitUI Reborn Updater - c:\windows\system32\javaws.exe AddRemove-SOE-EverQuest II - c:\program files (x86)\Sony\EverQuest II\Uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4] "ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4] "ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\Q%7*] "Successes"=dword:c0000000 "Failures"=dword:c0000003 "{E39A8E7A-4C6A-4276-9245-3B25E378FC86}"=hex:00,14,bf,9b,24,92 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\postgresql\bin\pg_ctl.exe c:\postgresql\bin\postgres.exe c:\postgresql\bin\postgres.exe c:\postgresql\bin\postgres.exe c:\postgresql\bin\postgres.exe c:\postgresql\bin\postgres.exe c:\\.\globalroot\systemroot\svchost.exe c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe . ************************************************************************** . Completion time: 2012-08-25 09:19:58 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-25 13:19 . Pre-Run: 19,607,220,224 bytes free Post-Run: 20,883,349,504 bytes free . - - End Of File - - 835151BCC442646602C71B9A9B209DE9
  3. So i'm having the problem it seems a lot of people are having with this virus and really could use help in removing it. I'll follow all directions if anyone can assist me here. Thanks, Scott Amoroso Ran the program DDS and text as follows is: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by White Lightning at 22:12:53 on 2012-08-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8104.5861 [GMT -4:00] . AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ASRock\XFast LAN\spd.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\ASRock\XFast LAN\cfosspeed.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe c:\postgreSQL\bin\pg_ctl.exe C:\Users\White Lightning\AppData\Local\Apps\2.0\GLMKNDN2.139\8OQKHL8Y.EGW\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\CurseClient.exe C:\Program Files (x86)\XFastUsb\XFastUsb.exe C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe c:\postgreSQL\bin\postgres.exe C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\postgreSQL\bin\postgres.exe c:\postgreSQL\bin\postgres.exe c:\postgreSQL\bin\postgres.exe c:\postgreSQL\bin\postgres.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\DeviceVM\SmartView\SmartViewClientService.exe C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\msiexec.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: SearchHook Class: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll mWinlogon: Userinit=userinit.exe, BHO: SmartView VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [ASRockXTU] uRun: [zASRockInstantBoot] uRun: [sPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [smartViewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{E39A8E7A-4C6A-4276-9245-3B25E378FC86} : DhcpNameServer = 75.75.75.75 75.75.76.76 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: SmartView VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [smartViewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe IE-X64: {7000ccff-ab59-4eab-a7ae-a502e91a89e8} - C:\Users\White Lightning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lock Poker\Lock Poker.lnk IE-X64: {bdb825fa-7a98-498f-b101-45a8f268a1ff} - C:\Users\White Lightning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aced.com\Aced.com.lnk AppInit_DLLs-X64: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\White Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\ptiozzse.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll . ============= SERVICES / DRIVERS =============== . R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?] R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?] R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?] R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-3-2 1157240] R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120316.005\IDSviA64.sys [2012-3-17 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-19 44808] R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-8-19 133912] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-20 655944] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-12 130008] R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w --> c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 [?] R2 SmartViewService;SmartView service;C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-9-2 125216] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-18 2656280] R2 WCUService;SmartView Software Updater Service;C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [2010-9-2 456976] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 netr28ux;Belkin Basic Wireless USB Adapter Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 VirtuWDDM;VirtuWDDM;C:\Windows\system32\DRIVERS\VirtuWDDM.sys --> C:\Windows\system32\DRIVERS\VirtuWDDM.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-3 250056] S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-3 113120] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-08-25 01:58:56 -------- d-----w- C:\Program Files\Enigma Software Group 2012-08-25 01:58:30 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-08-25 01:53:27 -------- d-----w- C:\Windows\pss 2012-08-24 11:37:41 -------- d-----w- C:\Users\White Lightning\AppData\Local\{88C923C4-C7EB-4E4B-8377-F41E6EB97067} 2012-08-24 00:40:49 20480 ----a-w- C:\Windows\svchost.exe 2012-08-24 00:29:07 -------- d-----w- C:\Users\White Lightning\AppData\Local\SplitMediaLabs 2012-08-24 00:27:43 -------- d-----w- C:\ProgramData\SplitMediaLabs 2012-08-24 00:27:43 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs 2012-08-24 00:27:29 -------- d-----w- C:\Users\White Lightning\AppData\Roaming\SplitMediaLabs 2012-08-20 13:07:24 -------- d-----w- C:\Users\White Lightning\AppData\Local\{142C1BC3-A595-4A71-91A1-39E29B056651} 2012-08-20 12:45:37 -------- d-----w- C:\Users\White Lightning\AppData\Roaming\Malwarebytes 2012-08-20 12:45:21 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-20 12:45:21 -------- d-----w- C:\ProgramData\Malwarebytes 2012-08-20 12:45:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-20 11:52:29 -------- d-----w- C:\Users\White Lightning\AppData\Local\{DA7DB74E-7B18-4C8F-A7A8-A5EE5531F55C} 2012-08-19 23:53:52 -------- d-----w- C:\Users\White Lightning\AppData\Roaming\SpeedyPC Software 2012-08-19 23:53:52 -------- d-----w- C:\Users\White Lightning\AppData\Roaming\DriverCure 2012-08-19 23:53:46 -------- d-----w- C:\ProgramData\SpeedyPC Software 2012-08-19 20:12:40 -------- d-----w- C:\Users\White Lightning\AppData\Local\{F8353FF2-D081-4A7A-97DD-F0C6515D92B8} 2012-08-19 20:12:33 -------- d-----w- C:\Users\White Lightning\AppData\Roaming\Tific 2012-08-19 20:12:32 -------- d-----w- C:\Users\White Lightning\AppData\Local\Symantec 2012-08-19 20:10:03 142128 ----a-w- C:\Windows\System32\drivers\aswFW.sys 2012-08-19 20:10:00 266776 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys 2012-08-19 20:09:59 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-08-19 20:09:59 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-08-19 20:09:59 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-08-19 20:09:59 19600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2012-08-19 20:09:55 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys 2012-08-19 20:09:49 41224 ----a-w- C:\Windows\avastSS.scr 2012-08-19 20:09:40 -------- d-----w- C:\ProgramData\AVAST Software 2012-08-19 20:09:40 -------- d-----w- C:\Program Files\AVAST Software 2012-08-19 19:56:34 -------- d-----w- C:\Users\White Lightning\AppData\Local\WinZip 2012-08-19 01:16:35 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-08-15 12:43:27 -------- d-----w- C:\Users\White Lightning\AppData\Local\{F0F0F837-0B46-4CE4-AB91-93E52C31D5BE} 2012-08-15 12:43:16 -------- d-----w- C:\Users\White Lightning\AppData\Local\{EEE0B824-6306-402F-B5A5-3B48EA7CD144} 2012-08-12 16:53:14 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-08-12 16:47:25 -------- d-----w- C:\Users\White Lightning\AppData\Local\{D625E932-F519-4A04-8C1E-DEEA5989D805} 2012-08-12 16:47:15 -------- d-----w- C:\Users\White Lightning\AppData\Local\{41B6E374-08DD-4404-A995-D09BB837B586} 2012-08-05 13:39:21 -------- d-----w- C:\Users\White Lightning\AppData\Roaming\TS3Client 2012-08-05 13:36:20 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client 2012-08-03 23:34:39 -------- d-----w- C:\Users\White Lightning\AppData\Local\Macromedia 2012-08-03 23:34:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-02 21:18:08 -------- d-----w- C:\Users\White Lightning\AppData\Local\{65A490A9-6344-4804-8FF2-ABCE3CB943BF} 2012-08-02 21:17:58 -------- d-----w- C:\Users\White Lightning\AppData\Local\{4AD6B986-6BF2-4C19-9482-BD2FD21354C9} 2012-07-31 23:12:24 -------- d-----w- C:\unidpredict . ==================== Find3M ==================== . 2012-08-15 00:59:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll 2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll 2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll 2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll 2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe 2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll 2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll 2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll . ============= FINISH: 22:13:21.84 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.