Jump to content

Bayoubilly

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Bayoubilly
    Sorry, I didn't attach it properly on the previous post. It has been successfully attached to this one. zoek-results.log
  2. Bayoubilly
    Thanks for taking the time to help. I have attached the zoek log.
  3. Bayoubilly
    Hello, I came home today to find someone in the house had clicked on a link that brought them to a scam page with the common "call a number, you've been infected" message. The only experience I've had with this was an extreme lockout that was readily apparent on another system. I was able to get rid of that, but this one has me wondering if i missed something because after killing the process there were no indications that anything was wrong. The page was running in Chrome so i killed the process without acknowledging the prompt. I've attached a screenshot to show what I'm talking about. Please, as time permits, look over the logs requested from the I'm infected - What do I do now? topic. Note, the topic says to run a "Quick Scan" on Malwarebytes. The newest version doesn't have that exact option (from what I could find), but it did have a "Hyper-Scan" which is what I have posted below. I had attempted to add the contents of the scans to the post but it said the post was too long so I have attached them instead. Addition.txt FRST.txt malwarebytes_hyper_scan.txt
  4. Bayoubilly
    Great thanks for the advice. I thought I had actually uninstalled the McaFee Security Scan Plus software a few nights ago so I'm surprised that it showed up, but I see now that it's still installed. As for AVG, I'm not a fan of all of their stuff myself, but it's what was on the system and I hadn't changed it yet. I'll follow up with the link you provided. Thanks again.
  5. Bayoubilly
    Ron, thank you very much for the assistance. I totally agree that Blizzard wouldn't be running from a Nigerian based server So the story goes that my friend left his laptop here for me to do some updates on and when I first logged into it there were tons of nefarious things going on malware wise. I spent a long time getting rid of what I could but couldn't find anything else that was readily evident. Here are the logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720Run by JR Ezell at 12:34:18 on 2013-11-01Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.2192 [GMT -5:00].AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2014\avgrsa.exeC:\Program Files (x86)\AVG\AVG2014\avgcsrva.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exeC:\Users\JR Ezell\AppData\Local\JogoBox\JogoBoxService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files (x86)\AVG\AVG2014\avgui.exeC:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\AUDIODG.EXEC:\Program Files (x86)\AVG\AVG2014\avgcfgex.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankBHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dllBHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dlluRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLYmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"StartupFolder: C:\Users\JREZEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeIE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204TCP: NameServer = 192.168.11.1TCP: Interfaces\{A2226729-6648-4382-8522-012B20EB8C29} : DHCPNameServer = 192.168.11.1TCP: Interfaces\{A2226729-6648-4382-8522-012B20EB8C29}\56A756C6C686F657375686F6C64613 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{A2226729-6648-4382-8522-012B20EB8C29}\A42516E646C456F6E61654A756C6C6 : DHCPNameServer = 192.168.2.1Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllFilter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromeIFEO: bejeweled3-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: blackhawk2-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: cradleofrome2-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: doraadventure-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: drivegreen1-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchx64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qnx64-IFEO: bejeweled3-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: blackhawk2-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: cradleofrome2-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: doraadventure-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: drivegreen1-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe".Note: multiple IFEO entries found. Please refer to Attach.txt.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-6-17 79488]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-6-17 40064]R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-28 204288]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-5-2 2413056]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-31 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-31 701512]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2013-10-8 2099000]R2 TWEService;TWEService;C:\Users\JR Ezell\AppData\Local\JogoBox\JogoBoxService.exe [2012-4-20 147512]R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-12-17 46136]R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-30 114704]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-31 25928]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-5-2 338536]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-17 425064]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-12-17 878184]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2013-9-18 14112]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-12-17 53376]S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-30 19456]S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-10-30 31800]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-30 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-30 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-12 1255736]S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-11-01 16:11:38 -------- d-----w- C:\Program Files\iPod2013-11-01 16:11:37 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-11-01 16:11:37 -------- d-----w- C:\Program Files\iTunes2013-11-01 16:11:37 -------- d-----w- C:\Program Files (x86)\iTunes2013-11-01 16:05:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll2013-11-01 16:05:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll2013-11-01 16:05:32 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll2013-11-01 16:05:31 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll2013-11-01 16:05:31 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll2013-11-01 07:46:50 -------- d-----w- C:\Users\JR Ezell\AppData\Local\Blizzard Entertainment2013-11-01 07:46:46 -------- d-----w- C:\Users\JR Ezell\AppData\Roaming\Battle.net2013-11-01 07:46:46 -------- d-----w- C:\Users\JR Ezell\AppData\Local\Battle.net2013-11-01 07:45:39 -------- d-----w- C:\Blizzard2013-11-01 06:41:24 40248 ----a-w- C:\Windows\System32\TURegOpt.exe2013-11-01 06:41:22 29496 ----a-w- C:\Windows\System32\authuitu.dll2013-11-01 06:41:22 25400 ----a-w- C:\Windows\SysWow64\authuitu.dll2013-11-01 06:41:03 -------- d-----w- C:\Users\JR Ezell\AppData\Roaming\AVG2013-11-01 06:39:17 -------- d-----w- C:\ProgramData\AVG2013-11-01 06:37:45 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}2013-11-01 03:47:24 -------- d-----w- C:\Users\JR Ezell\AppData\Roaming\Malwarebytes2013-11-01 03:46:42 -------- d-----w- C:\ProgramData\Malwarebytes2013-11-01 03:46:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-11-01 03:46:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-11-01 03:34:39 -------- d-----w- C:\AdwCleaner2013-11-01 03:13:42 -------- d-sh--w- C:\$RECYCLE.BIN2013-11-01 02:58:27 98816 ----a-w- C:\Windows\sed.exe2013-11-01 02:58:27 256000 ----a-w- C:\Windows\PEV.exe2013-11-01 02:58:27 208896 ----a-w- C:\Windows\MBR.exe2013-11-01 01:38:01 -------- d-----w- C:\Windows\Microsoft Antimalware2013-10-31 05:29:36 -------- d-----w- C:\Users\JR Ezell\AppData\Local\Google2013-10-31 05:29:08 -------- d-----w- C:\Users\JR Ezell\AppData\Local\Apps2013-10-31 05:29:05 -------- d-----w- C:\Users\JR Ezell\AppData\Local\Deployment2013-10-31 05:17:18 -------- d-----w- C:\Users\JR Ezell\AppData\Roaming\AVG20142013-10-31 05:11:13 -------- d-----w- C:\ProgramData\AVG20142013-10-31 05:07:49 -------- d-----w- C:\Users\JR Ezell\AppData\Local\Avg20142013-10-31 04:34:30 -------- d-----w- C:\ProgramData\Synaptics2013-10-31 04:23:04 340992 ----a-w- C:\Windows\System32\schannel.dll2013-10-31 04:23:04 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-10-31 04:23:03 458712 ----a-w- C:\Windows\System32\drivers\cng.sys2013-10-31 04:23:03 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-10-31 04:23:03 1448448 ----a-w- C:\Windows\System32\lsasrv.dll2013-10-31 04:23:02 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-10-31 04:23:02 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-10-31 04:22:50 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll2013-10-31 04:22:50 366592 ----a-w- C:\Windows\System32\qdvd.dll2013-10-31 04:22:47 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-10-31 04:22:47 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-10-31 04:22:47 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-10-31 04:22:47 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-10-31 04:22:47 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-10-31 04:22:47 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-10-31 04:22:47 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-10-31 03:09:07 -------- d-----w- C:\Windows\System32\MRT2013-10-31 02:57:56 1930752 ----a-w- C:\Windows\System32\authui.dll2013-10-31 02:56:49 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-10-31 02:56:49 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-10-31 02:56:48 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-10-31 02:56:48 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-10-31 02:56:47 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-10-31 02:56:47 624128 ----a-w- C:\Windows\System32\qedit.dll2013-10-31 02:56:47 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-10-31 02:56:47 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-10-31 02:56:28 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-10-31 02:56:27 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-10-31 02:56:05 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-10-31 02:56:05 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-10-31 02:54:16 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-10-31 02:54:16 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-10-31 02:54:15 52224 ----a-w- C:\Windows\System32\certenc.dll2013-10-31 02:54:15 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-10-31 02:53:27 984512 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-10-31 02:53:27 265152 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-10-31 02:53:25 461312 ----a-w- C:\Windows\System32\scavengeui.dll2013-10-31 02:51:30 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys2013-10-31 02:51:03 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll2013-10-31 02:51:03 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll2013-10-31 02:36:37 -------- d-----w- C:\Windows\System32\catroot22013-10-31 02:07:36 -------- d-----w- C:\Program Files\McAfee Security Scan2013-10-31 01:51:25 -------- d-----w- C:\Users\JR Ezell\AppData\Local\VS Revo Group2013-10-31 01:51:21 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys2013-10-31 01:51:21 -------- d-----w- C:\ProgramData\VS Revo Group2013-10-31 01:51:19 -------- d-----w- C:\Program Files\VS Revo Group2013-10-31 01:50:59 -------- d-----w- C:\Users\JR Ezell\AppData\Local\Programs2013-10-28 19:08:08 -------- d-----w- C:\ProgramData\Blizzard Entertainment2013-10-28 19:08:08 -------- d-----w- C:\Program Files (x86)\StarCraft II2013-10-28 19:08:08 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment2013-10-28 00:29:46 -------- d-----w- C:\ProgramData\Battle.net.==================== Find3M ====================.2013-10-31 03:39:59 23040 ----a-w- C:\Windows\SysWow64\licmgr10.dll2013-10-29 20:57:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-29 20:57:02 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-09-26 03:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-09 04:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-09-02 16:59:14 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys2013-09-02 16:29:18 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys2013-09-02 16:26:50 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys2013-09-02 16:26:42 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-08-21 04:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys.============= FINISH: 12:34:53.77 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 2/9/2012 8:23:33 PMSystem Uptime: 11/1/2013 11:15:10 AM (1 hours ago).Motherboard: Hewlett-Packard | | 3568Processor: AMD A6-3420M APU with Radeon HD Graphics | Socket FS1 | 1500/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 675 GiB total, 529.634 GiB free.D: is FIXED (NTFS) - 20 GiB total, 2.152 GiB free.E: is FIXED (FAT32) - 4 GiB total, 1.077 GiB free.F: is CDROM (UDF).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP123: 10/30/2013 11:23:23 PM - Windows UpdateRP125: 10/30/2013 11:58:55 PM - Revo Uninstaller Pro's restore point - Mozilla Firefox 19.0.2 (x86 en-US)RP126: 10/31/2013 12:10:05 AM - Installed AVG 2014RP127: 10/31/2013 12:11:23 AM - Installed AVG 2014RP128: 11/1/2013 1:39:27 AM - Installed AVG PC TuneUp 2014.==== Image File Execution Options =============.IFEO: bejeweled3-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: blackhawk2-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: cradleofrome2-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: doraadventure-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: drivegreen1-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: farm frenzy-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: farmscapes-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: fate-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: golf-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: hoyle card games-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: hpdst.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: hplaunchbox.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: hpsf.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: jewelmatch3-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: jqm3_premiumedition-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: launcher.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: lettersfromnowhere2-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: luxor hd-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: mahjong2-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: onplay.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: penguins-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: plantsvszombies-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: poker3-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: polar-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: provider.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: racing-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: rct3plus-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: tomi. the ghost ship-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: torchlight-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: virtualvillagers4thetreeoflife-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO: zumasrevenge-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: bejeweled3-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: blackhawk2-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: cradleofrome2-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: doraadventure-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: drivegreen1-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: farm frenzy-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: farmscapes-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: fate-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: golf-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: hoyle card games-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: hpdst.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: hplaunchbox.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: hpsf.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: jewelmatch3-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: jqm3_premiumedition-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: launcher.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: lettersfromnowhere2-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: luxor hd-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: mahjong2-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: onplay.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: penguins-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: plantsvszombies-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: poker3-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: polar-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: provider.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: racing-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: rct3plus-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: tomi. the ghost ship-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: torchlight-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: virtualvillagers4thetreeoflife-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"x64-IFEO: zumasrevenge-wt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe".==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.8) MUIAdobe Shockwave Player 11.6AMD APP SDK RuntimeAMD Catalyst Install ManagerAMD FuelAMD Media Foundation DecodersAMD Steady Video Plug-In AMD System MonitorAMD VISION Engine Control CenterApple Application SupportApple Mobile Device SupportApple Software UpdateAVG 2014AVG PC TuneUp 2014AVG PC TuneUp 2014 (en-US)Battle.netBejeweled 3Blackhawk Striker 2BonjourCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishChuzzle DeluxeCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCradle of Rome 2CyberLink YouCamD3DX10DiabloDiablo IIDora's World AdventureDungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801ESU for Microsoft Windows 7 SP1Evernote v. 4.2.3Farm FrenzyFarmscapesFATEFinal Drive FuryFLV PlayerGoogle ChromeGoogle Update HelperHalf-Life 2Half-Life 2: DeathmatchHalf-Life 2: Lost CoastHewlett-Packard ACLM.NET v1.2.1.1Hoyle Card GamesHP Application AssistantHP AutoHP Client ServicesHP Customer Experience EnhancementsHP DocumentationHP GamesHP Launch BoxHP MovieStoreHP On Screen DisplayHP Power ManagerHP Quick LaunchHP QuickWebHP Recovery ManagerHP Security AssistantHP SetupHP Setup ManagerHP Software FrameworkHP Support AssistantiCloudIDT AudioImpulse®iTunesJewel Match 3Jewel Quest Mysteries: The Seventh Gate Collector's EditionJogoBoxJohn Deere Drive GreenJunk Mail filter updateLeague of LegendsLetters from Nowhere 2Luxor HDMah Jong MedleyMalwarebytes Anti-Malware version 1.75.0.1300McAfee Security Scan PlusMesh RuntimeMicrosoft .NET Framework 1.1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WSE 3.0 RuntimeMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)OpenOffice.org 3.1opensourceOriginPenguins!Plants vs. Zombies - Game of the YearPoker Superstars IIIPolar BowlerPolar GolferQuickTimeRealtek Ethernet Controller DriverRealtek PCIE Card ReaderREALTEK Wireless LAN DriverRevo Uninstaller Pro 3.0.7RollerCoaster Tycoon 3: PlatinumSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Serious Sam 2Shank 2Skype™ 5.10Source SDKSource SDK Base 2006SPORE™SteamStoneLoops of JurassicaswMSMSynaptics Pointing Device DriverThe Treasures of Mystery Island: The Ghost ShipTorchlightUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Update Installer for WildTangent Games AppVirtual Villagers 4 - The Tree of LifeVisual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesVisual Studio 2012 x64 RedistributablesVisual Studio 2012 x86 RedistributablesVizzed Retro Game RoomWildTangent Games App (HP Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesZuma's Revenge.==== Event Viewer Messages From Past Week ========.11/1/2013 2:41:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.11/1/2013 11:17:00 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.11/1/2013 11:15:52 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 12611/1/2013 11:09:12 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.10/31/2013 9:56:43 PM, Error: Service Control Manager [7034] - The TWEService service terminated unexpectedly. It has done this 1 time(s).10/31/2013 9:52:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.10/31/2013 12:20:19 AM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753627.10/31/2013 10:11:09 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.10/30/2013 11:42:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.10/30/2013 11:42:30 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/30/2013 11:33:07 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.10/30/2013 11:14:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2879017).10/28/2013 2:24:20 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.10/28/2013 2:24:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}10/28/2013 2:24:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.10/28/2013 1:38:52 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds..==== End Of File =========================== attach.txt dds.txt
  6. Bayoubilly
    Hello all, Last night I installed the Blizzard Battle.net Launcher application which allows you to have a centralized location to launch all of your Blizzard PC games. Between the hours of 3:13 a.m and 4:47 a.m. Malwarebytes logged the following action 20 times: 2013/11/01 03:13:42 -0500 <PCNAME> <ACCOUNTNAME> IP-BLOCK 41.203.69.5 (Type: outgoing, Port: 6681, Process: agent.exe) The only process that I can see running that is called "agent.exe" is the actual Blizzard executable. I know that during this time, the application was updating my copy of Starcraft. It started updating a little after 3 a.m. I went to bet at that point and figure it would have taken about an hour to update. When I look up the IP address, the top google result shows that IP as being located in Nigeria and associated with nefarious activity. I'm confused as to how this would be happening with a Blizzard application. I understand that it's always possible that I installed a fake application, but it was digitally signed by Blizzard so I felt safe enough. Thanks for any help that may be offered!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.