Jump to content

Donal111

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Donal111
    I did another malware scan, but I selected full scan this time. There are still 3 PUP.optional.eyecandy files present.
  2. Donal111
    Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.11.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 CorkMan :: CORKMAN-PC [administrator] 12/08/2013 00:08:12 mbam-log-2013-08-12 (00-08-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 269776 Time elapsed: 3 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:12:51, on 12/08/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16635) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe C:\Program Files (x86)\Drakonia Configurator\hid.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Origin\Origin.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\CorkMan\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ie/alienware R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe O4 - HKLM\..\Run: [GamingMouse] C:\Program Files (x86)\Drakonia Configurator\hid.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-21-2682880818-2533039639-3530356265-1009\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2682880818-2533039639-3530356265-1009\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Global Startup: Content Manager Assistant for PlayStation®.lnk = C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11387 bytes I had no problem following your instructions, nor does there seem to be any fault with my computer.
  3. Donal111
    ComboFix 13-08-09.02 - CorkMan 11/08/2013 3:08.2.12 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.8145.4901 [GMT 1:00] Running from: c:\users\CorkMan\Downloads\ComboFix.exe Command switches used :: c:\users\CorkMan\Desktop\CFScript.txt AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-07-11 to 2013-08-11 ))))))))))))))))))))))))))))))) . . 2013-08-11 02:12 . 2013-08-11 02:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-08-11 02:12 . 2013-08-11 02:12 -------- d-----w- c:\users\Dónal\AppData\Local\temp 2013-08-11 02:12 . 2013-08-11 02:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-10 22:08 . 2013-08-10 22:08 -------- d-----w- c:\windows\ERUNT 2013-08-08 13:42 . 2013-08-08 15:00 -------- d-----w- c:\program files (x86)\Divinity Dragon Commander 2013-08-06 05:45 . 2013-08-11 00:24 -------- d-----w- c:\program files (x86)\Steam 2013-08-02 01:25 . 2013-08-02 01:31 -------- d-----w- c:\users\CorkMan\AppData\Local\Darksiders2 2013-07-24 02:00 . 2013-07-24 02:04 -------- d-----w- c:\windows\system32\MRT 2013-07-23 20:17 . 2013-07-26 18:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-06 12:12 . 2012-02-14 07:36 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-08-06 12:12 . 2012-02-14 07:31 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-08-06 12:07 . 2012-02-14 07:31 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-06-29 01:15 . 2013-05-19 01:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-29 01:15 . 2013-05-19 01:12 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-25 05:02 . 2013-06-25 05:02 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-25 05:02 . 2012-04-03 08:56 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-06-25 05:02 . 2012-01-27 00:28 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-23 23:57 . 2012-02-15 07:38 78277128 ----a-w- c:\windows\system32\MRT.exe 2013-06-17 21:43 . 2012-02-13 21:54 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-06-11 23:43 . 2013-07-10 23:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-06-11 23:43 . 2013-07-10 23:59 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-06-11 23:42 . 2013-07-10 23:59 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-06-11 23:42 . 2013-07-10 23:59 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-06-11 23:26 . 2013-07-10 23:59 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-06-11 23:26 . 2013-07-10 23:59 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-06-11 23:26 . 2013-07-10 23:59 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-06-11 23:25 . 2013-07-10 23:59 19238912 ----a-w- c:\windows\system32\mshtml.dll 2013-06-11 23:25 . 2013-07-10 23:59 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-06-11 23:25 . 2013-07-10 23:59 855552 ----a-w- c:\windows\system32\jscript.dll 2013-06-11 23:25 . 2013-07-10 23:59 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-06-11 23:25 . 2013-07-10 23:59 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-06-11 23:25 . 2013-07-10 23:59 526336 ----a-w- c:\windows\system32\ieui.dll 2013-06-11 23:25 . 2013-07-10 23:59 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-06-11 23:25 . 2013-07-10 23:59 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-06-11 23:25 . 2013-07-10 23:59 2648576 ----a-w- c:\windows\system32\iertutil.dll 2013-06-11 23:25 . 2013-07-10 23:59 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-06-11 23:25 . 2013-07-10 23:59 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-06-11 22:51 . 2013-07-10 23:59 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50 . 2013-07-10 23:59 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-06-07 03:22 . 2013-07-10 23:59 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-06-07 02:37 . 2013-07-10 23:59 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-06-05 03:34 . 2013-07-10 03:03 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 06:00 . 2013-07-10 03:03 624128 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 04:53 . 2013-07-10 03:03 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-05-23 05:25 . 2013-06-15 09:31 1139800 ----a-w- c:\windows\system32\drivers\NAVx64\1404000.028\symefa64.sys 2013-05-21 05:02 . 2013-06-15 09:31 493656 ----a-w- c:\windows\system32\drivers\NAVx64\1404000.028\symds64.sys 2013-05-16 05:02 . 2013-06-15 09:31 796760 ----a-w- c:\windows\system32\drivers\NAVx64\1404000.028\srtsp64.sys 2013-05-14 12:02 . 2012-06-27 12:06 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-13 05:51 . 2013-06-12 15:19 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-12 15:19 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-12 15:19 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-12 15:19 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-12 15:19 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-12 15:19 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 04:45 . 2013-06-12 15:19 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 03:43 . 2013-06-12 15:19 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 15:19 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-12 15:19 43008 ----a-w- c:\windows\SysWow64\certenc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-05-08 4284976] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-26 1807272] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-10-12 286720] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144] "GamingMouse"="c:\program files (x86)\Drakonia Configurator\hid.exe" [2012-06-07 246784] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\CorkMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-11-4 41160] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-6-18 3505048] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R3 AutoBoot;AutoBoot;c:\users\CorkMan\AppData\Local\Temp\21FTDK8B\NTGLM7X64.sys;c:\users\CorkMan\AppData\Local\Temp\21FTDK8B\NTGLM7X64.sys [x] R3 cpuz136;cpuz136;c:\users\CorkMan\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\CorkMan\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x] R3 GPU-Z;GPU-Z;c:\users\CorkMan\AppData\Local\Temp\GPU-Z.sys;c:\users\CorkMan\AppData\Local\Temp\GPU-Z.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\ccSetx64.sys [x] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130809.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130809.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1404000.028\SYMNETS.SYS [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x] S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [x] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 mio;Master IO Filter Driver;c:\windows\system32\DRIVERS\mio.sys;c:\windows\SYSNATIVE\DRIVERS\mio.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x] S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-01 02:17 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 23:31] . 2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 23:31] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-11-01 12616] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-21 6419560] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-21 1156712] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 89.101.160.5 89.101.160.4 FF - ProfilePath - c:\users\CorkMan\AppData\Roaming\Mozilla\Firefox\Profiles\4toxv2cy.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - ExtSQL: 2013-07-23 21:20; ALone-live@ya.ru; c:\users\CorkMan\AppData\Roaming\Mozilla\Firefox\Profiles\4toxv2cy.default\extensions\ALone-live@ya.ru FF - ExtSQL: 2013-07-24 19:38; nosquint@urandom.ca; c:\users\CorkMan\AppData\Roaming\Mozilla\Firefox\Profiles\4toxv2cy.default\extensions\nosquint@urandom.ca.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-ARMA 2 Operation Arrowhead - c:\program files (x86)\Bohemia Interactive\ArmA 2 Operation Arrowhead\UnInstall_OA.exe AddRemove-Batman - Arkham City - c:\program files (x86)\WB Games\Batman - Arkham City\Uninstall.exe AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe AddRemove-CDCE6956-DD16-4F82-ACA0-E4C7BAD6B26A_is1 - c:\program files (x86)\Divinity II - DKS\unins000.exe AddRemove-Doom 3 BFG Edition_is1 - c:\program files (x86)\Bethesda Softworks\Doom 3 BFG Edition\unins000.exe AddRemove-EVE - c:\program files (x86)\CCP\EVE\Uninstall.exe AddRemove-Gray Matter - c:\program files (x86)\Viva Media\Gray Matter\uninst.exe AddRemove-Grey - f:\ps3\STEAM\Steam\SteamApps\sourcemods\uninst.exe AddRemove-GTA IV Mod Setup 1.0.0.1 - f:\ps3\STEAM\Steam\steamapps\common\grand theft auto iv\GTAIV\Grand Theft Auto IV\Uninstall.exe AddRemove-Hitman Absolution_is1 - c:\program files (x86)\SQUARE ENIX\Hitman Absolution\unins000.exe AddRemove-MINERVA: Metastasis - f:\ps3\STEAM\Steam\STEAMA~1\SOURCE~1\METAST~1\UNWISE.EXE AddRemove-Prototype - c:\users\CorkMan\Documents\GameFly\games\Activision\Prototype\Uninstall.exe AddRemove-Steam App 101001 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 101006 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 1200 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 1220 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 1250 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 1290 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 15210 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 15620 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 16810 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 17080 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 200001 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 200510 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 200710 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 202530 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 203160 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 203770 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 204860 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 20570 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 205950 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 206783 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 207890 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 208580 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 20920 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 211420 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 214560 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 218 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 219150 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 221040 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 221380 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 22370 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 22380 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 22813 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 22817 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 22825 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 22835 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 24240 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 24800 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 24810 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 2600 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 3130 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 340 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 34440 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 35420 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 3590 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 3900 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 3990 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 4000 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 42990 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 4540 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 4550 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 46500 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 4760 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 4920 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 49520 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 500 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 50650 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 55230 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 56400 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 570 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 57690 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 6310 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 71340 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 71400 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 72850 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 8000 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 8190 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 8800 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 91310 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 91600 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 9310 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 9350 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 9420 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Sword of the Stars - c:\program files (x86)\Lighthouse Interactive\Sword of the Stars\Uninstall.exe AddRemove-The Sith Lords Restored Content Mod_is1 - f:\ps3\STEAM\Steam\steamapps\common\Knights of the Old Republic II\unins000.exe AddRemove-{297C7552-BA68-4F73-AB83-82510777421D}_is1 - f:\ps3\STEAM\Steam\steamapps\common\Fallout 3 goty\Unofficial Fallout 3 Patch\unins000.exe AddRemove-{2DB047C5-E3AF-4B0F-8787-B65DD990A4FC}_is1 - c:\program files (x86)\1C Company\King’s Bounty Platinum Edition\unins000.exe AddRemove-{79A2AB22-00D8-4F09-A00A-F1CB7DB3E916}_is1 - c:\program files (x86)\Paradox Interactive\Penumbra Collection\unins000.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2682880818-2533039639-3530356265-1000\Software\SecuROM\License information*] "datasecu"=hex:32,a5,e0,2f,17,2a,8b,42,72,ed,11,44,25,c9,cf,c4,bb,08,fc,49,fc, 54,49,38,b0,43,f3,08,c1,d2,21,96,ed,28,98,c9,fc,ab,ff,f9,be,be,0e,5b,f3,a4,\ "rkeysecu"=hex:3e,97,cc,a3,2f,08,f2,02,d7,f6,b3,5e,27,21,1d,9d . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-11 03:14:12 ComboFix-quarantined-files.txt 2013-08-11 02:14 ComboFix2.txt 2013-08-11 00:44 . Pre-Run: 97,030,717,440 bytes free Post-Run: 96,713,445,376 bytes free . - - End Of File - - 24E68933345164EE9715FEC6998076AB D41D8CD98F00B204E9800998ECF8427E While Combofix is scanning the internet connectivity box in the lower right hand size of my monitor goes to a yellow sign and says it has no internet. It then says "currently connected to unidentified network." But by the time the scan ends all is OK. My computer is doing ok, it looks that way anyway.
  4. Donal111
    ComboFix 13-08-09.02 - CorkMan 11/08/2013 1:31.1.12 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.8145.5187 [GMT 1:00] Running from: c:\users\CorkMan\Downloads\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\6280\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll c:\windows\SysWow64\frapsvid.dll . . ((((((((((((((((((((((((( Files Created from 2013-07-11 to 2013-08-11 ))))))))))))))))))))))))))))))) . . 2013-08-11 00:41 . 2013-08-11 00:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-08-11 00:41 . 2013-08-11 00:41 -------- d-----w- c:\users\Dónal\AppData\Local\temp 2013-08-11 00:41 . 2013-08-11 00:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-10 22:08 . 2013-08-10 22:08 -------- d-----w- c:\windows\ERUNT 2013-08-08 13:42 . 2013-08-08 15:00 -------- d-----w- c:\program files (x86)\Divinity Dragon Commander 2013-08-06 05:45 . 2013-08-11 00:24 -------- d-----w- c:\program files (x86)\Steam 2013-08-02 01:25 . 2013-08-02 01:31 -------- d-----w- c:\users\CorkMan\AppData\Local\Darksiders2 2013-07-24 02:00 . 2013-07-24 02:04 -------- d-----w- c:\windows\system32\MRT 2013-07-23 20:17 . 2013-07-26 18:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-06 12:12 . 2012-02-14 07:36 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-08-06 12:12 . 2012-02-14 07:31 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-08-06 12:07 . 2012-02-14 07:31 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-06-29 01:15 . 2013-05-19 01:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-29 01:15 . 2013-05-19 01:12 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-25 05:02 . 2013-06-25 05:02 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-25 05:02 . 2012-04-03 08:56 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-06-25 05:02 . 2012-01-27 00:28 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-23 23:57 . 2012-02-15 07:38 78277128 ----a-w- c:\windows\system32\MRT.exe 2013-06-17 21:43 . 2012-02-13 21:54 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-06-11 23:43 . 2013-07-10 23:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-06-11 23:43 . 2013-07-10 23:59 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-06-11 23:42 . 2013-07-10 23:59 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-06-11 23:42 . 2013-07-10 23:59 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-06-11 23:26 . 2013-07-10 23:59 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-06-11 23:26 . 2013-07-10 23:59 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-06-11 23:26 . 2013-07-10 23:59 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-06-11 23:25 . 2013-07-10 23:59 19238912 ----a-w- c:\windows\system32\mshtml.dll 2013-06-11 23:25 . 2013-07-10 23:59 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-06-11 23:25 . 2013-07-10 23:59 855552 ----a-w- c:\windows\system32\jscript.dll 2013-06-11 23:25 . 2013-07-10 23:59 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-06-11 23:25 . 2013-07-10 23:59 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-06-11 23:25 . 2013-07-10 23:59 526336 ----a-w- c:\windows\system32\ieui.dll 2013-06-11 23:25 . 2013-07-10 23:59 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-06-11 23:25 . 2013-07-10 23:59 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-06-11 23:25 . 2013-07-10 23:59 2648576 ----a-w- c:\windows\system32\iertutil.dll 2013-06-11 23:25 . 2013-07-10 23:59 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-06-11 23:25 . 2013-07-10 23:59 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-06-11 22:51 . 2013-07-10 23:59 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50 . 2013-07-10 23:59 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-06-07 03:22 . 2013-07-10 23:59 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-06-07 02:37 . 2013-07-10 23:59 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-06-05 03:34 . 2013-07-10 03:03 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 06:00 . 2013-07-10 03:03 624128 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 04:53 . 2013-07-10 03:03 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-05-23 05:25 . 2013-06-15 09:31 1139800 ----a-w- c:\windows\system32\drivers\NAVx64\1404000.028\symefa64.sys 2013-05-21 05:02 . 2013-06-15 09:31 493656 ----a-w- c:\windows\system32\drivers\NAVx64\1404000.028\symds64.sys 2013-05-16 05:02 . 2013-06-15 09:31 796760 ----a-w- c:\windows\system32\drivers\NAVx64\1404000.028\srtsp64.sys 2013-05-14 12:02 . 2012-06-27 12:06 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-13 05:51 . 2013-06-12 15:19 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-12 15:19 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-12 15:19 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-12 15:19 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-12 15:19 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-12 15:19 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 04:45 . 2013-06-12 15:19 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 03:43 . 2013-06-12 15:19 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 15:19 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-12 15:19 43008 ----a-w- c:\windows\SysWow64\certenc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-05-08 4284976] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-26 1807272] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe" [2011-10-12 286720] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144] "GamingMouse"="c:\program files (x86)\Drakonia Configurator\hid.exe" [2012-06-07 246784] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\CorkMan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-11-4 41160] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-6-18 3505048] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R3 AutoBoot;AutoBoot;c:\users\CorkMan\AppData\Local\Temp\21FTDK8B\NTGLM7X64.sys;c:\users\CorkMan\AppData\Local\Temp\21FTDK8B\NTGLM7X64.sys [x] R3 cpuz136;cpuz136;c:\users\CorkMan\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\CorkMan\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x] R3 GPU-Z;GPU-Z;c:\users\CorkMan\AppData\Local\Temp\GPU-Z.sys;c:\users\CorkMan\AppData\Local\Temp\GPU-Z.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\ccSetx64.sys [x] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130809.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130809.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1404000.028\SYMNETS.SYS [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x] S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [x] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [x] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 mio;Master IO Filter Driver;c:\windows\system32\DRIVERS\mio.sys;c:\windows\SYSNATIVE\DRIVERS\mio.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3hub.sys [x] S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\rusb3xhc.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-01 02:17 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 23:31] . 2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 23:31] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-11-01 12616] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-21 6419560] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-21 1156712] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 89.101.160.5 89.101.160.4 FF - ProfilePath - c:\users\CorkMan\AppData\Roaming\Mozilla\Firefox\Profiles\4toxv2cy.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - ExtSQL: 2013-07-23 21:20; ALone-live@ya.ru; c:\users\CorkMan\AppData\Roaming\Mozilla\Firefox\Profiles\4toxv2cy.default\extensions\ALone-live@ya.ru FF - ExtSQL: 2013-07-24 19:38; nosquint@urandom.ca; c:\users\CorkMan\AppData\Roaming\Mozilla\Firefox\Profiles\4toxv2cy.default\extensions\nosquint@urandom.ca.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) AddRemove-ARMA 2 Operation Arrowhead - c:\program files (x86)\Bohemia Interactive\ArmA 2 Operation Arrowhead\UnInstall_OA.exe AddRemove-Batman - Arkham City - c:\program files (x86)\WB Games\Batman - Arkham City\Uninstall.exe AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe AddRemove-CDCE6956-DD16-4F82-ACA0-E4C7BAD6B26A_is1 - c:\program files (x86)\Divinity II - DKS\unins000.exe AddRemove-Doom 3 BFG Edition_is1 - c:\program files (x86)\Bethesda Softworks\Doom 3 BFG Edition\unins000.exe AddRemove-EVE - c:\program files (x86)\CCP\EVE\Uninstall.exe AddRemove-Gray Matter - c:\program files (x86)\Viva Media\Gray Matter\uninst.exe AddRemove-Grey - f:\ps3\STEAM\Steam\SteamApps\sourcemods\uninst.exe AddRemove-GTA IV Mod Setup 1.0.0.1 - f:\ps3\STEAM\Steam\steamapps\common\grand theft auto iv\GTAIV\Grand Theft Auto IV\Uninstall.exe AddRemove-Hitman Absolution_is1 - c:\program files (x86)\SQUARE ENIX\Hitman Absolution\unins000.exe AddRemove-MINERVA: Metastasis - f:\ps3\STEAM\Steam\STEAMA~1\SOURCE~1\METAST~1\UNWISE.EXE AddRemove-Prototype - c:\users\CorkMan\Documents\GameFly\games\Activision\Prototype\Uninstall.exe AddRemove-Steam App 101001 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 101006 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 1200 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 1220 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 1250 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 1290 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 15210 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 15620 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 16810 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 17080 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 200001 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 200510 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 200710 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 202530 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 203160 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 203770 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 204860 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 20570 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 205950 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 206783 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 207890 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 208580 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 20920 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 211420 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 214560 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 218 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 219150 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 221040 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 221380 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 22370 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 22380 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 22813 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 22817 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 22825 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 22835 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 24240 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 24800 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 24810 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 2600 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 3130 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 340 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 34440 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 35420 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 3590 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 3900 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 3990 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 4000 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 42990 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 4540 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 4550 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 46500 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 4760 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 4920 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 49520 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 500 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 50650 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 55230 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 56400 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 570 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 57690 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 6310 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 71340 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 71400 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 72850 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 8000 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 8190 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 8800 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 91310 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 91600 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 9310 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 9350 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Steam App 9420 - f:\ps3\STEAM\Steam\steam.exe AddRemove-Sword of the Stars - c:\program files (x86)\Lighthouse Interactive\Sword of the Stars\Uninstall.exe AddRemove-The Sith Lords Restored Content Mod_is1 - f:\ps3\STEAM\Steam\steamapps\common\Knights of the Old Republic II\unins000.exe AddRemove-{297C7552-BA68-4F73-AB83-82510777421D}_is1 - f:\ps3\STEAM\Steam\steamapps\common\Fallout 3 goty\Unofficial Fallout 3 Patch\unins000.exe AddRemove-{2DB047C5-E3AF-4B0F-8787-B65DD990A4FC}_is1 - c:\program files (x86)\1C Company\King’s Bounty Platinum Edition\unins000.exe AddRemove-{79A2AB22-00D8-4F09-A00A-F1CB7DB3E916}_is1 - c:\program files (x86)\Paradox Interactive\Penumbra Collection\unins000.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2682880818-2533039639-3530356265-1000\Software\SecuROM\License information*] "datasecu"=hex:32,a5,e0,2f,17,2a,8b,42,72,ed,11,44,25,c9,cf,c4,bb,08,fc,49,fc, 54,49,38,b0,43,f3,08,c1,d2,21,96,ed,28,98,c9,fc,ab,ff,f9,be,be,0e,5b,f3,a4,\ "rkeysecu"=hex:3e,97,cc,a3,2f,08,f2,02,d7,f6,b3,5e,27,21,1d,9d . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-11 01:44:43 ComboFix-quarantined-files.txt 2013-08-11 00:44 . Pre-Run: 84,879,028,224 bytes free Post-Run: 96,926,535,680 bytes free . - - End Of File - - 9E7B4FCB4E01C3EE6CD2BB2C60CC8660 D41D8CD98F00B204E9800998ECF8427E I did not have any problems while running combofix, and my computer is doing fine. Though it was doing fine while I definitely had the malware on my computer too.
  5. Donal111
    I unfortunately ran JRT.exe (with my protection still on) before AdwCleaner by mistake . Here is my AdwCleaner file though, from when I ran AdwCleaner after I did my first JRT scan.. (I will inclute my JRT log which I did a 2nd time after my AdwCleaner file, with my protection turned off.) # AdwCleaner v2.306 - Logfile created 08/10/2013 at 23:24:23 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : CorkMan - CORKMAN-PC # Boot Mode : Normal # Running from : C:\Users\CorkMan\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit Folder Deleted : C:\ProgramData\Speedbit ***** [Registry] ***** Key Deleted : HKCU\Software\SpeedBit ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\CorkMan\AppData\Roaming\Mozilla\Firefox\Profiles\4toxv2cy.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\CorkMan\AppData\Local\Google\Chrome\User Data\Default\Preferences -\\ Chromium vnstall: 18757 File : C:\Users\CorkMan\AppData\Local\Chromium\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [1199 octets] - [10/08/2013 23:24:23] ########## EOF - C:\AdwCleaner[s1].txt - [1259 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.1 (08.10.2013:1) OS: Windows 7 Home Premium x64 Ran by CorkMan on 10/08/2013 at 23:31:39.83 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10/08/2013 at 23:35:41.20 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. Donal111
    DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2 Run by CorkMan at 22:04:45 on 2013-08-10 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.8145.3739 [GMT 1:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe C:\Program Files\Alienware\Command Center\AWCCServiceController.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe C:\Program Files (x86)\Drakonia Configurator\hid.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Drakonia Configurator\trayicon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe C:\Program Files\Alienware\Command Center\ThermalController.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Alienware\Command Center\AlienFusionService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Origin\Origin.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe mRun: [GamingMouse] C:\Program Files (x86)\Drakonia Configurator\hid.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\CorkMan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 89.101.160.5 89.101.160.4 TCP: Interfaces\{3BAF0C78-C57D-470D-B423-CA4E9CBCD10E} : DHCPNameServer = 89.101.160.5 89.101.160.4 TCP: Interfaces\{A30044E3-34E0-4C9E-BAC6-2806FA06438B} : DHCPNameServer = 192.168.1.254 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\CorkMan\AppData\Roaming\Mozilla\Firefox\Profiles\4toxv2cy.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\CorkMan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-07-23 21:20; ALone-live@ya.ru; C:\Users\CorkMan\AppData\Roaming\Mozilla\Firefox\Profiles\4toxv2cy.default\extensions\ALone-live@ya.ru FF - ExtSQL: 2013-07-24 19:38; nosquint@urandom.ca; C:\Users\CorkMan\AppData\Roaming\Mozilla\Firefox\Profiles\4toxv2cy.default\extensions\nosquint@urandom.ca.xpi . ============= SERVICES / DRIVERS =============== . P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-24 8704] R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-1-27 562456] R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-1-27 23832] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-27 55856] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1404000.028\symds64.sys [2013-6-15 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1404000.028\symefa64.sys [2013-6-15 1139800] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-17 1393240] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1404000.028\ccsetx64.sys [2013-6-15 169048] R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD04000.00A\ccsetx64.sys [2013-6-18 169048] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.5\Definitions\IPSDefs\20130809.001\IDSviA64.sys [2013-8-10 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\ironx64.sys [2013-6-15 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\symnets.sys [2013-6-15 433752] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-1-27 98208] R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-11-1 14664] R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-6-1 401920] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [2012-1-27 7168] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe [2013-6-15 144368] R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe [2013-6-18 144368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-5-12 413472] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-10 138912] R3 mio;Master IO Filter Driver;C:\Windows\System32\drivers\mio.sys [2011-5-4 7680] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-27 539240] R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\System32\drivers\rusb3hub.sys [2012-1-27 100352] R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2012-1-27 216064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AutoBoot;AutoBoot;C:\Users\CorkMan\AppData\Local\Temp\21FTDK8B\NTGLM7X64.sys [2012-9-3 44344] S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-6-9 131912] S3 GPU-Z;GPU-Z;C:\Users\CorkMan\AppData\Local\Temp\GPU-Z.sys [2012-9-4 27008] S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-11-19 13368] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-14 1255736] . =============== Created Last 30 ================ . 2013-08-08 13:42:18 -------- d-----w- C:\Program Files (x86)\Divinity Dragon Commander 2013-08-06 05:45:23 -------- d-----w- C:\Program Files (x86)\Steam 2013-08-02 01:25:07 -------- d-----w- C:\Users\CorkMan\AppData\Local\Darksiders2 2013-07-24 02:00:51 -------- d-----w- C:\Windows\System32\MRT 2013-07-23 20:17:11 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service . ==================== Find3M ==================== . 2013-08-06 12:12:18 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-08-06 12:12:18 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-08-06 12:07:56 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-06-29 01:15:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-29 01:15:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-25 05:02:11 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-25 05:02:08 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-06-25 05:02:08 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-17 21:43:15 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-05-23 05:25:28 1139800 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\symefa64.sys 2013-05-21 05:02:00 493656 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\symds64.sys 2013-05-16 05:02:14 796760 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\srtsp64.sys 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll . ============= FINISH: 22:05:13.85 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 02/02/2012 17:36:22 System Uptime: 09/08/2013 17:19:54 (29 hours ago) . Motherboard: Alienware | | 07JNH0 Processor: Intel® Core i7-3930K CPU @ 3.20GHz | CPU 1 | 3201/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 930 GiB total, 79.578 GiB free. D: is FIXED (NTFS) - 1 GiB total, 0.524 GiB free. E: is CDROM (CDFS) F: is FIXED (NTFS) - 1863 GiB total, 672.842 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP293: 06/08/2013 00:00:01 - Scheduled Checkpoint RP294: 06/08/2013 05:32:20 - Removed Steam RP295: 06/08/2013 05:33:10 - Removed Steam RP296: 06/08/2013 06:40:39 - Removed Steam RP297: 06/08/2013 06:44:22 - Installed Steam . ==== Installed Programs ====================== . 1C Company\Space Rangers 2 - Reboot 4Videosoft MKV Video Converter 7-Zip 9.20 (x64 edition) Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) MUI Adrenaline Crysis 2 Benchmark Tool 1.0 (Build 1.0.1.13) Age of Empires II: HD Edition Agricultural Simulator 2012 AlienAutopsy Amazon Games & Software Downloader ANNO 2070 Apple Application Support Apple Mobile Device Support Apple Software Update ARMA 2 Operation Arrowhead Uninstall ArmA 2 Uninstall Assassin's Creed® III v1.06 Batman - Arkham City Batman: Arkham City™ Battlefield 3™ Battlelog Web Plugins BattlEye Uninstall BitTorrent Bonjour Borderlands 2 BUG Mod 4.4 Capsule CCleaner Cities In Motion Command and Conquer 3: Kane's Wrath Command and Conquer: Red Alert 3 - Uprising Command Center Content Manager Assistant for PlayStation® CPUID HWMonitor 1.21 Crusader Kings II Crysis® Crysis® 2 D3DX10 Dark Souls: Prepare to Die Edition Darkest Hour Server Darksiders II DarksidersInstaller Dead Island Dead Rising 2 Dead Space 2 - Prima Official Strategy Guide Desura Diablo III Divinity Dragon Commander Divinity II - DKS Doom 3 BFG Edition Dota 2 Drakonia Configurator Dual-Core Optimizer Dungeons and Dragons Anthology: The Master Collection ESN Sonar EVE Online (remove only) Fallout 3 - Game of the Year Edition Fallout 3 - Unofficial Fallout 3 Patch Fallout Mod Manager 0.13.21 Fallout: New Vegas Fallout: New Vegas - Prima Official Strategy Guide Far Cry 3 FIFA 12 FINAL FANTASY XIV foobar2000 v1.2.1 Football Manager 2012 Editor Football Manager 2013 Fraps From Dust GameFly GameSpy Comrade Garry's Mod Google Chrome Google Earth Google Update Helper Gotham City Impostors Gray Matter 1.0 Grey 1.1.0 GTA IV Mod Setup 1.0.0.1 Guild Wars 2 Half-Life 2: Lost Coast Hi-Rez Studios Authenticate and Update Service Hitman Absolution Hotline Miami Intel® Rapid Storage Technology enterprise iTunes Java 7 Update 25 Java Auto Updater Java 7 Update 1 (64-bit) JavaFX 2.0.3 JDownloader 0.9 Jet Set Radio Just Cause 2 Just Cause 2 - Prima Official Strategy Guide Killing Floor Killing Floor Mod: Defence Alliance 2 King’s Bounty Platinum Edition (Remove Only) Kingdoms of Amalur: Reckoning L.A. Noire Brady Guide Last.fm Scrobbler 2.1.35 League of Legends Left 4 Dead Left 4 Dead 2 - Prima Official Strategy Guide Malwarebytes Anti-Malware version 1.75.0.1300 Mark of the Ninja Mass Effect™ 3 Max Payne 3 Medal of Honor MediaMonkey 4.0 Men of War: Condemned Heroes Men of War: Red Tide Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 3.1 MINERVA: Metastasis Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MSI Afterburner 2.3.0 MSI Kombustor 2.0.0 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My Game Long Name Natural Selection 2 Nexus Mod Manager Norton AntiVirus Norton Identity Safe NVIDIA 3D Vision Controller Driver 320.18 NVIDIA 3D Vision Driver 320.18 NVIDIA Control Panel 320.18 NVIDIA GeForce Experience 1.5 NVIDIA Graphics Driver 320.18 NVIDIA HD Audio Driver 1.3.24.2 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Stereoscopic 3D Driver NVIDIA Update 4.11.9 NVIDIA Update Components Octoshape add-in for Adobe Flash Player OpenAL Origin Pando Media Booster PAYDAY: The Heist Penumbra Plants vs. Zombies: Game of the Year Prototype PunkBuster Services Rainmeter Realtek High Definition Audio Driver Red Orchestra: Ostfront 41-45 RedOrchestra SDK Beta RESIDENT EVIL 6 / BIOHAZARD 6 Resident Evil 6 Benchmark Risen Rockstar Games Social Club RollerCoaster Tycoon 3 Platinum Rome: Total War Gold Edition Saints Row The Third Prima Official Strategy Guide Saints Row: The Third Sanctum Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) SEGA Mega Drive Classics SHIFT 2 UNLEASHED™ Sid Meier's Civilization IV Sid Meier's Civilization IV: Beyond the Sword Sid Meier's Civilization IV: Colonization Sid Meier's Civilization IV: Warlords Sid Meier's Civilization V Silent Hunter III SimCity™ Sonic Generations SONIC THE HEDGEHOG 4 Episode I Source SDK Base 2007 SPORE™ Star Wars: Knights of the Old Republic II Star Wars: The Old Republic StarCraft II Steam Supreme Commander Supreme Commander: Forged Alliance Sword of the Stars Complete Collection Sword of the Stars II Syberia System Requirements Lab CYRI The Elder Scrolls V: Skyrim The Longest Journey The Sims™ 3 The Sims™ 3 Ambitions The Sims™ 3 Fast Lane Stuff The Sims™ 3 Generations The Sims™ 3 High-End Loft Stuff The Sims™ 3 Late Night The Sims™ 3 Master Suite Stuff The Sims™ 3 Outdoor Living Stuff The Sims™ 3 Pets The Sims™ 3 Showtime The Sims™ 3 Supernatural The Sims™ 3 Town Life Stuff The Witcher 2 Enhanced Edition Prima Official Strategy Guide The Witcher 2: Assassins of Kings Enhanced Edition Titan Quest Titan Quest: Immortal Throne Tom Clancy's Ghost Recon Future Soldier Tomb Raider Tomb Raider: Anniversary Torchlight II Total War: Shogun 2 Brady Guide Trader's Little Helper 2.7.0 Tribes: Ascend Tropico 4 TSLRCM 1.8.1 Ubisoft Game Launcher Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Uplay Vampire: The Masquerade - Bloodlines Veetle TV Victoria 2 VLC media player 2.0.7 Warhammer 40,000: Dawn of War – Winter Assault Warhammer® 40,000™: Dawn of War® II Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ Warhammer® 40,000™: Dawn of War® II – Retribution™ Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.11 (64-bit) XCOM: Enemy Unknown . ==== Event Viewer Messages From Past Week ======== . 06/08/2013 22:05:46, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 06/08/2013 06:59:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 06/08/2013 06:59:20, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 05/08/2013 21:40:38, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File ===========================
  7. Donal111
    Hello, I have these 3 files on my system at the moment. Earlier in the day I did a quick scan, saw 3 PUP.optional files and removed them, then restarted. After restarting, I then did another scan, a full scan this time, and these 3 files pop up. These files are on my external drive, whereas the other files where on my onboard hard drive. (the hard drive that came with my computer.) I am certain the 3 PUP.optional files that appeared before restarting had 2 seperate names, one was eyecandy too. I haven't removed the malware yet. I have tried to copy and paste my malware bytes log but I can't.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.