Jump to content

sheepdisease

Members
  • Posts

    20
  • Joined

  • Last visited

Everything posted by sheepdisease

  1. I did look up that folder and saw that the tool always deleted it but nothing explained why. I don't have the files any more to check them out. I mean the restore points that you asked me to enable. I want them to be saved to a different partition.
  2. Thanks for your reply. I have attached the results of your instructions. Can you please tell me what this is? C:\Users\Hill\AppData\Roaming\AdvertismentImages C:\Users\Hill\AppData\Roaming\AdvertismentImages Also, I have a partition set up for backups. Can I tell Windows where to store the backup for the C:\ drive to another partition? Fixlog.txt
  3. Nothing found in MBAM. Not sure what this entry is in Adware: C:\Users\Hill\AppData\Roaming\AdvertismentImages For information I am using NordVPN and AdGuard (both up to date) so the IP addresses showing in hosts and elsewhere are very likely connected to that. MWBAM.txt AdwCleaner[S00].txt FRST.txt Addition.txt
  4. Hello there, I am very savvy when it comes to not getting caught out by phishing scams and any attempts to get me to provide sensitive information of bogus websites. That being said, somehow someone ordered two £100.00 Amazon Vouchers without my consent and not using my laptop this month. I know it is true because when I log into amazon.co.uk it shows as an order. I have contacted Amazon to inform them about it but it has left me wondering how this is even possible. I have two step authentication set up, so even if they knew my password from one of the many breaches which seem to happen all the time with websites being hacked, how did they get in? Even when I try to login, it usually asks me to verify using my phone. That makes me wonder if there is actually something on my system that I should be concerned about. I am using Bitdefender Total Security 2019 (fully up-to-date), which has detected nothing malicious during a thorough scan of everything (it took over 15 hours). I ran GMER 2.2.19882 and couldn't see anything obvious, could someone else please cast their eye over this? Needless to say, in the mean time I have changed my password. rootkit.log
  5. SystemLook 30.07.11 by jpshortstuff Log created at 06:56 on 29/08/2011 by Media Centre Administrator - Elevation successful ========== regfind ========== Searching for "Firefox.exe" [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet] @="FIREFOX.EXE" [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\84044d0f_0] @="{0.0.0.00000000}.{bf7cf083-b7c9-4013-9757-6080b6e91783}|\Device\HarddiskVolume3\Program Files (x86)\Mozilla Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList] "b"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList] "c"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList] "b"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Firefox\WWW_OpenURL] "ProcessName"="firefox.exe" [HKEY_CURRENT_USER\Software\Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_CURRENT_USER\Software\Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_CURRENT_USER\Software\Classes\ftp\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\http\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\https\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\https\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxHTML\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities] "ApplicationIcon"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\StartMenu] "StartMenuInternet"="FIREFOX.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\firefox.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications] "Firefox"="Software\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\FIREFOX.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 5.0 (x86 en-GB)] "DisplayIcon"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\5.0 (en-GB)\Main] "PathToExe"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox 5.0\bin] "PathToExe"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities] "ApplicationIcon"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\StartMenu] "StartMenuInternet"="FIREFOX.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications] "Firefox"="Software\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\3] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\3] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\13\Rules\12\Allowed\0] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\13\Rules\12\Allowed\0] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\14\Rules\12\Allowed\0] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\14\Rules\12\Allowed\0] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\25] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\25] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Clients\StartMenuInternet] @="FIREFOX.EXE" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\84044d0f_0] @="{0.0.0.00000000}.{bf7cf083-b7c9-4013-9757-6080b6e91783}|\Device\HarddiskVolume3\Program Files (x86)\Mozilla Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList] "b"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList] "c"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList] "b"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Firefox\WWW_OpenURL] "ProcessName"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\ftp\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\http\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\https\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\https\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\ftp\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\http\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\https\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\https\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" -= EOF =-
  6. Apologies, I didn't follow your instructions correctly before: SystemLook 30.07.11 by jpshortstuff Log created at 07:19 on 25/08/2011 by Media Centre Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== regfind ========== Searching for "Firefox.exe" [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet] @="FIREFOX.EXE" [HKEY_CURRENT_USER\Software\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\84044d0f_0] @="{0.0.0.00000000}.{bf7cf083-b7c9-4013-9757-6080b6e91783}|\Device\HarddiskVolume3\Program Files (x86)\Mozilla Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList] "b"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList] "c"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList] "b"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList] "a"="firefox.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Firefox\WWW_OpenURL] "ProcessName"="firefox.exe" [HKEY_CURRENT_USER\Software\Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_CURRENT_USER\Software\Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_CURRENT_USER\Software\Classes\ftp\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\http\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\https\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_CURRENT_USER\Software\Classes\https\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\FIREFOX.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 5.0 (x86 en-GB)] "DisplayIcon"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\5.0 (en-GB)\Main] "PathToExe"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 5.0\bin] "PathToExe"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxHTML\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities] "ApplicationIcon"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\StartMenu] "StartMenuInternet"="FIREFOX.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode" [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications] "Firefox"="Software\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\3] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\Firewall\Policy\3] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\20] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\20] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\8\Rules\12\Allowed\0] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\8\Rules\12\Allowed\0] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\9\Rules\12\Allowed\0] "Filename"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\0\HIPS\Policy\9\Rules\12\Allowed\0] "DeviceName"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Clients\StartMenuInternet] @="FIREFOX.EXE" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Clients\StartMenuInternet\FIREFOX.EXE] [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\84044d0f_0] @="{0.0.0.00000000}.{bf7cf083-b7c9-4013-9757-6080b6e91783}|\Device\HarddiskVolume3\Program Files (x86)\Mozilla Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList] "b"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList] "c"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList] "b"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList] "a"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\Firefox\WWW_OpenURL] "ProcessName"="firefox.exe" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\ftp\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\http\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\https\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\Classes\https\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\FirefoxHTML\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\FirefoxURL\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\FirefoxURL\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\ftp\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\http\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\https\DefaultIcon] @="C:\Program Files (x86)\Mozilla Firefox\firefox.exe,1" [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000_Classes\https\shell\open\command] @=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"" -= EOF =-
  7. Thank you, I do appreciate all your hard work. When I tried running that program I was issued with a prompt, 'Script Required!'. It wouldn't run as a result.
  8. Firefox 5.0 Apologies, couldn;t attach the file directly as the forum restricted this. steam.exe.rar
  9. It's really annoying, whenever I use this program it deletes Steam! ComboFix 11-08-14.02 - Media Centre 08/14/2011 8:31.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.5993 [GMT 1:00] Running from: d:\downloads\ComboFix.exe AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51} FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Steam\steam.exe . . ((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 ))))))))))))))))))))))))))))))) . . 2011-08-14 07:36 . 2011-08-14 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-10 22:21 . 2011-07-16 05:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-08-03 17:47 . 2011-08-03 17:51 -------- d-----w- c:\users\Media Centre\AppData\Roaming\GetRightToGo 2011-08-03 17:47 . 2011-08-03 17:47 -------- d-----w- c:\programdata\NCH Software 2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files\iTunes 2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files (x86)\iTunes 2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files\iPod 2011-07-20 16:26 . 2011-07-20 16:26 -------- d-----w- c:\program files\Bonjour 2011-07-20 16:26 . 2011-07-20 16:26 -------- d-----w- c:\program files (x86)\Bonjour . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-11 02:25 . 2011-06-11 01:15 25640 ----a-w- c:\windows\gdrv.sys 2011-07-16 04:26 . 2011-08-10 22:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-12 10:34 . 2011-07-12 10:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 10:34 . 2011-07-12 10:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 10:34 . 2011-07-12 10:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 10:34 . 2011-07-12 10:34 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-07-10 19:32 . 2011-06-11 06:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-07-10 11:16 . 2011-07-10 11:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-07-08 06:56 . 2011-06-11 00:59 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-07-08 06:39 . 2011-07-08 06:42 430555 ----a-w- C:\ati_winflash_2.0.1.14.zip 2011-07-08 06:27 . 2011-07-08 06:44 2731134 ----a-w- C:\Mod_BIOS_HD_6950.zip 2011-07-07 21:34 . 2011-06-11 01:11 25640 ----a-w- c:\windows\etdrv.sys 2011-07-07 21:17 . 2011-07-07 21:17 53248 ----a-r- c:\users\Media Centre\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-07-07 11:48 . 2011-06-11 11:10 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-07-07 11:48 . 2011-06-11 11:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-07-06 17:35 . 2011-06-11 12:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-06 17:15 . 2011-07-06 17:15 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys 2011-07-06 17:15 . 2011-06-11 17:05 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys 2011-07-06 17:15 . 2011-07-06 17:15 970336 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-06-30 08:38 . 2011-05-07 15:17 92688 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-06-30 08:38 . 2011-05-02 19:36 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-06-30 08:38 . 2011-05-02 19:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-06-30 08:38 . 2011-05-02 19:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-06-30 08:37 . 2011-05-02 19:36 285256 ----a-w- c:\windows\SysWow64\guard32.dll 2011-06-30 08:37 . 2011-05-02 19:36 363560 ----a-w- c:\windows\system32\guard64.dll 2011-06-26 05:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-06-26 05:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-06-24 11:33 . 2011-06-11 11:27 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-06-24 11:32 . 2011-06-11 11:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-06-13 18:19 . 2011-06-13 18:19 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-06-13 11:47 . 2011-06-13 11:47 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-06-12 07:14 . 2011-06-12 07:14 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2011-06-12 07:14 . 2011-06-12 07:14 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2011-06-12 07:13 . 2011-06-12 07:13 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-06-12 07:13 . 2011-06-12 07:13 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-06-11 20:24 . 2011-06-11 20:24 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-06-11 20:24 . 2011-06-11 20:24 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-06-11 20:23 . 2011-06-11 20:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-06-11 20:23 . 2011-06-11 20:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-06-11 20:23 . 2011-06-11 20:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-06-11 20:23 . 2011-06-11 20:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-06-11 20:23 . 2011-06-11 20:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-06-11 20:23 . 2011-06-11 20:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-06-11 20:23 . 2011-06-11 20:23 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-06-11 20:23 . 2011-06-11 20:23 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-06-11 20:23 . 2011-06-11 20:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-06-11 20:23 . 2011-06-11 20:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-06-11 20:23 . 2011-06-11 20:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-06-11 20:23 . 2011-06-11 20:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-06-11 20:23 . 2011-06-11 20:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-11 20:23 . 2011-06-11 20:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-06-11 20:23 . 2011-06-11 20:23 222208 ----a-w- c:\windows\system32\msls31.dll 2011-06-11 20:23 . 2011-06-11 20:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-06-11 20:23 . 2011-06-11 20:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-06-11 20:23 . 2011-06-11 20:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-06-11 20:23 . 2011-06-11 20:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-11 20:23 . 2011-06-11 20:23 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-06-11 20:23 . 2011-06-11 20:23 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-06-11 20:23 . 2011-06-11 20:23 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-06-11 20:23 . 2011-06-11 20:23 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-06-11 20:23 . 2011-06-11 20:23 448512 ----a-w- c:\windows\system32\html.iec 2011-06-11 20:23 . 2011-06-11 20:23 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-11 20:23 . 2011-06-11 20:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-06-11 20:23 . 2011-06-11 20:23 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-11 20:23 . 2011-06-11 20:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-06-11 20:23 . 2011-06-11 20:23 12288 ----a-w- c:\windows\system32\mshta.exe 2011-06-11 20:23 . 2011-06-11 20:23 114176 ----a-w- c:\windows\system32\admparse.dll 2011-06-11 20:23 . 2011-06-11 20:23 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-06-11 20:23 . 2011-06-11 20:23 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-06-11 20:23 . 2011-06-11 20:23 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-06-11 20:23 . 2011-06-11 20:23 160256 ----a-w- c:\windows\system32\wextract.exe 2011-06-11 19:17 . 2011-06-11 19:17 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2011-06-11 17:05 . 2011-06-11 17:05 277088 ----a-w- c:\windows\system32\drivers\snapman.sys 2011-06-11 12:43 . 2011-06-11 12:43 388096 ----a-r- c:\users\Media Centre\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-11 11:10 . 2011-06-11 11:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-06-11 11:09 . 2011-06-11 11:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-06-11 06:43 . 2011-06-11 06:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-06-11 06:43 . 2011-06-11 06:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2011-06-11 03:07 . 2011-07-13 06:22 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-06-11 00:58 . 2011-06-11 00:58 81744 ----a-w- c:\windows\SysWow64\mfcm100u.dll 2011-06-11 00:58 . 2011-06-11 00:58 81744 ----a-w- c:\windows\SysWow64\mfcm100.dll 2011-06-11 00:58 . 2011-06-11 00:58 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll 2011-06-11 00:58 . 2011-06-11 00:58 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll 2011-06-11 00:58 . 2011-06-11 00:58 64336 ----a-w- c:\windows\SysWow64\mfc100deu.dll 2011-06-11 00:58 . 2011-06-11 00:58 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll 2011-06-11 00:58 . 2011-06-11 00:58 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll 2011-06-11 00:58 . 2011-06-11 00:58 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll 2011-06-11 00:58 . 2011-06-11 00:58 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll 2011-06-11 00:58 . 2011-06-11 00:58 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll 2011-06-11 00:58 . 2011-06-11 00:58 4422992 ----a-w- c:\windows\SysWow64\mfc100u.dll 2011-06-11 00:58 . 2011-06-11 00:58 4397384 ----a-w- c:\windows\SysWow64\mfc100.dll 2011-06-11 00:58 . 2011-06-11 00:58 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll 2011-06-11 00:58 . 2011-06-11 00:58 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll 2011-06-11 00:58 . 2011-06-11 00:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2011-06-11 00:58 . 2011-06-11 00:58 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll 2011-06-11 00:58 . 2011-06-11 00:58 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] "Consumer Input Update"="c:\program files (x86)\Consumer Input\dca-ua.exe" [2011-02-21 175800] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-08-13 107000] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-10 2536440] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-27 5550840] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWinKeys"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 atillk64;atillk64;c:\users\MEDIAC~1\AppData\Local\Temp\Rar$EX00.121\atillk64.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-07-07 25640] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976] R3 GService;Easy Tune;c:\program files (x86)\GIGABYTE\ET6\GService.exe [2010-11-10 40960] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-07-08 30528] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112] R3 MSICDSetup;MSICDSetup;G:\CDriver64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Appupdater;Appupdater;c:\program files (x86)\Appupdater\appupdaters.exe [2009-04-22 2756979] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-06 3246040] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 bbtest_svc;Broadband Test Application;c:\program files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-06-14 815104] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S2 TunerFreeMCEService;TunerFreeMCEService;c:\program files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [2011-04-26 13824] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x] S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x] S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022568182-3715623078-2412027832-1000Core.job - c:\users\Media Centre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 08:03] . 2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022568182-3715623078-2412027832-1000UA.job - c:\users\Media Centre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 08:03] . 2011-08-14 c:\windows\Tasks\IsposureAgent.job - c:\program files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-03-24 17:28] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}] 2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752] . [HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}] [HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-05-17 390736] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152] "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe AddRemove-Steam App 218 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 240 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 260 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 34330 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 44320 - c:\program files (x86)\Steam\steam.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:68,c6,52,5a,ed,ee,85,70,9d,04,7c,9b,68,7f,17,ec,7c,c8,ef,9e,64,43,49, ca,f9,c7,c0,a2,e8,9b,f2,3f,01,c2,9a,c3,96,48,93,c3,9a,8d,78,7a,3d,ed,b7,9b,\ "??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa . [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\SecuROM\License information*] "datasecu"=hex:ee,5a,30,0f,a7,26,53,38,80,ef,b6,b4,d2,6b,95,dd,1d,53,97,e2,50, 9e,f2,60,40,4a,69,be,73,18,21,80,41,9e,26,ca,76,01,73,bc,8c,33,d6,e5,a3,88,\ "rkeysecu"=hex:bb,99,c2,b0,96,01,dc,a8,1e,60,1a,1a,86,2a,f3,2c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-08-14 08:37:35 ComboFix-quarantined-files.txt 2011-08-14 07:37 ComboFix2.txt 2011-07-21 06:39 . Pre-Run: 93,202,755,584 bytes free Post-Run: 94,115,483,648 bytes free . - - End Of File - - CCA125A8F11B1AF3078C3F0F006283A5
  10. Still with you, unfortunately I am on holiday so unable to test your suggestion.
  11. Unfortunately, when I renamed firefox3.exe back to firefox.exe I get the crashing problems back and instability issues.
  12. # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=1dadabdacc97944cb17ba5761f9731ab # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-07-10 10:46:08 # local_time=2011-07-10 11:46:08 (+0000, GMT Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 2492588 2492588 0 0 # compatibility_mode=3073 16777213 80 75 7319 865806 0 0 # compatibility_mode=5893 16776574 100 94 1132887 62753861 0 0 # compatibility_mode=8192 67108863 100 0 231 231 0 0 # scanned=386994 # found=2 # cleaned=2 # scan_time=5956 D:\Downloads\Tag & Rename 3.5.7+Patch[h33t][eSpNs].rar a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C D:\Downloads\Unlocker1.9.1.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=1dadabdacc97944cb17ba5761f9731ab # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-31 10:06:10 # local_time=2011-07-31 11:06:10 (+0000, GMT Daylight Time) # country="United States" # lang=9 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 4353744 4353744 0 0 # compatibility_mode=3073 16777213 80 75 5688 2726962 0 0 # compatibility_mode=5893 16776574 100 94 2994043 64615017 0 0 # compatibility_mode=8192 67108863 100 0 1861387 1861387 0 0 # scanned=164 # found=0 # cleaned=0 # scan_time=2 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=1dadabdacc97944cb17ba5761f9731ab # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-08-01 12:04:55 # local_time=2011-08-01 01:04:55 (+0000, GMT Daylight Time) # country="United States" # lang=9 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 4353774 4353774 0 0 # compatibility_mode=3073 16777213 80 75 5718 2726992 0 0 # compatibility_mode=5893 16776574 100 94 2994073 64615047 0 0 # compatibility_mode=8192 67108863 100 0 1861417 1861417 0 0 # scanned=406476 # found=0 # cleaned=0 # scan_time=7099 Results of screen317's Security Check version 0.99.18 Windows 7 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player 10.3.181.34 Adobe Reader X (10.1.0) Mozilla Firefox (x86 en-GB..) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe ``````````End of Log````````````
  13. +ComboFix 11-07-20.05 - Media Centre 07/21/2011 7:29.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.5468 [GMT 1:00] Running from: d:\downloads\ComboFix.exe AV: COMODO Antivirus *Disabled/Outdated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51} FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Steam\Steam.exe c:\users\Media Centre\AppData\Local\common_functions.dll c:\users\Media Centre\AppData\Local\ie_runner_app.exe D:\install.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 ))))))))))))))))))))))))))))))) . . 2011-07-21 06:38 . 2011-07-21 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files\iTunes 2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files (x86)\iTunes 2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files\iPod 2011-07-20 16:26 . 2011-07-20 16:26 -------- d-----w- c:\program files\Bonjour 2011-07-20 16:26 . 2011-07-20 16:26 -------- d-----w- c:\program files (x86)\Bonjour 2011-07-14 06:17 . 2011-07-14 06:17 -------- d-----w- c:\users\Media Centre\AppData\Roaming\qliner 2011-07-13 16:38 . 2011-07-13 16:38 -------- d-----w- c:\users\Media Centre\AppData\Local\ElevatedDiagnostics 2011-07-13 16:36 . 2011-07-13 16:36 -------- d-----w- c:\program files (x86)\Unknown Device Identifier 2011-07-13 06:23 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-07-13 06:23 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-07-13 06:23 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-07-13 06:23 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-07-13 06:23 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2011-07-13 06:23 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2011-07-13 06:23 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-07-13 06:22 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2011-07-13 06:22 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2011-07-13 06:22 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-07-13 06:21 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll 2011-07-13 06:21 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe 2011-07-13 06:21 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys 2011-07-13 06:21 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys 2011-07-13 06:21 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys 2011-07-13 06:21 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys 2011-07-13 06:21 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2011-07-13 06:21 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys 2011-07-13 06:21 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys 2011-07-13 06:21 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll 2011-07-13 06:21 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe 2011-07-12 10:34 . 2011-07-12 10:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 10:34 . 2011-07-12 10:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 10:34 . 2011-07-12 10:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 10:34 . 2011-07-12 10:34 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-07-11 20:49 . 2011-07-11 20:49 -------- d-----w- c:\users\Media Centre\AppData\Local\Chromium 2011-07-11 06:53 . 2011-07-11 06:53 -------- d-----w- c:\users\Media Centre\AppData\Roaming\Macro Recorder 2011-07-11 06:49 . 2011-07-11 06:49 -------- d-----w- c:\program files\American Systems 2011-07-11 06:49 . 2008-07-01 12:24 302184 ----a-w- c:\windows\amuninst.exe 2011-07-11 06:36 . 2011-07-11 06:36 -------- d-----w- c:\program files (x86)\Qliner Hotkeys 2011-07-11 06:25 . 2011-07-11 06:25 -------- d-----w- c:\program files (x86)\AutoHotkey 2011-07-11 06:21 . 2011-07-11 06:22 -------- d-----w- c:\program files (x86)\AC Tool 2011-07-10 11:18 . 2011-07-10 11:18 -------- d-----w- c:\users\Media Centre\AppData\Local\Sunbelt Software 2011-07-10 11:16 . 2011-07-10 11:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-07-10 11:14 . 2011-07-21 06:14 -------- d-----w- c:\programdata\Lavasoft 2011-07-10 09:05 . 2011-07-10 09:05 -------- d-----w- c:\users\Media Centre\AppData\Roaming\QuickScan 2011-07-10 09:03 . 2011-07-10 09:03 -------- d-----w- c:\program files (x86)\ESET 2011-07-08 06:44 . 2011-07-08 06:48 -------- d-----w- C:\Mod_BIOS_HD_6950 2011-07-08 06:42 . 2011-07-08 06:49 -------- d-----w- C:\ati_winflash_2.0.1.14 2011-07-08 06:25 . 2011-07-08 06:25 -------- d-----w- c:\program files (x86)\MSI Kombustor 2011-07-08 06:24 . 2010-10-27 02:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll 2011-07-07 21:28 . 2011-06-10 13:34 74272 ----a-w- c:\windows\system32\RtNicProp64.dll 2011-07-07 21:28 . 2011-06-10 13:34 539240 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2011-07-07 21:17 . 2011-07-07 21:17 53248 ----a-r- c:\users\Media Centre\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-07-07 17:55 . 2010-12-24 12:18 73728 ----a-w- c:\windows\system\vdremote.dll 2011-07-07 17:55 . 2010-12-24 12:17 65536 ----a-w- c:\windows\system\vdsvrlnk.dll 2011-07-06 20:40 . 2010-01-10 18:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2011-07-06 20:40 . 2010-01-10 18:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2011-07-06 20:40 . 2011-07-06 20:40 -------- d-----w- c:\program files (x86)\SpywareBlaster 2011-07-06 18:09 . 2011-07-06 18:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2011-07-06 17:15 . 2011-07-06 17:15 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys 2011-07-06 17:15 . 2011-07-06 17:15 -------- d-----w- c:\users\Media Centre\AppData\Roaming\C65C1E7F-D311-430A-8691-B7C3D7A3D6FF 2011-07-06 17:15 . 2011-07-06 17:15 -------- d-----w- c:\users\Media Centre\AppData\Roaming\271B7EB2-D121-41A0-9944-2E5941B5A648 2011-07-06 17:15 . 2011-07-06 17:15 970336 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-07-05 20:18 . 2011-07-05 20:18 -------- d-----w- c:\users\Media Centre\AppData\Roaming\SUPERAntiSpyware.com 2011-07-05 20:18 . 2011-07-05 20:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-07-05 20:18 . 2011-07-05 20:18 -------- d-----w- c:\programdata\!SASCORE 2011-07-05 20:18 . 2011-07-09 06:27 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-07-05 16:46 . 2011-07-09 06:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-07-05 16:46 . 2011-07-05 16:53 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-07-05 06:55 . 2011-07-05 06:55 -------- d-----w- c:\users\Media Centre\AppData\Local\IsolatedStorage 2011-07-05 06:55 . 2011-07-05 06:55 -------- d-----w- c:\users\Media Centre\AppData\Local\Futuremark_Corporation 2011-07-05 06:37 . 2011-07-05 06:37 -------- d-----w- c:\program files (x86)\Futuremark 2011-07-05 06:36 . 2011-07-05 06:36 -------- d-----w- c:\program files\Futuremark 2011-07-02 20:10 . 2011-07-02 20:10 -------- d-----w- c:\programdata\TomTom 2011-07-02 20:10 . 2011-07-02 20:10 -------- d-----w- c:\users\Media Centre\AppData\Roaming\TomTom 2011-07-02 20:10 . 2011-07-02 20:10 -------- d-----w- c:\users\Media Centre\AppData\Local\TomTom 2011-07-02 20:10 . 2011-07-02 20:10 -------- d-----w- c:\program files (x86)\TomTom International B.V 2011-07-02 20:09 . 2011-07-02 20:09 -------- d-----w- c:\program files (x86)\TomTom HOME 2 2011-06-30 17:02 . 2011-07-14 06:19 -------- d-----w- c:\programdata\Soulseek 2011-06-30 16:37 . 2011-06-30 16:37 -------- d-----w- c:\program files (x86)\Consumer Input 2011-06-27 17:15 . 2011-06-27 17:15 -------- d-----w- c:\program files (x86)\Google 2011-06-27 06:47 . 2011-06-27 06:47 -------- d-----w- c:\programdata\ATI 2011-06-27 06:46 . 2011-06-27 06:46 -------- d-----w- c:\program files (x86)\AMD APP 2011-06-26 19:25 . 2011-06-26 19:25 -------- d-----w- c:\users\Media Centre\AppData\Roaming\mp3DirectCut 2011-06-26 19:07 . 2011-06-26 19:07 -------- d-----w- c:\program files (x86)\mp3DirectCut 2011-06-26 05:51 . 2011-06-26 05:51 -------- d-----w- c:\windows\system32\SPReview 2011-06-26 05:49 . 2011-06-26 05:49 -------- d-----w- c:\windows\system32\EventProviders 2011-06-24 17:45 . 2011-06-24 17:45 -------- d-----w- c:\users\Media Centre\AppData\Roaming\AV Soft 2011-06-23 19:27 . 2010-11-20 13:33 289664 ----a-w- c:\windows\system32\drivers\fltMgr.sys 2011-06-23 19:26 . 2010-11-20 13:27 10752 ----a-w- c:\windows\system32\riched32.dll 2011-06-23 19:25 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2011-06-23 15:22 . 2011-06-23 15:22 -------- d-----w- c:\program files (x86)\Westwood Chat 2011-06-22 16:56 . 2011-06-22 16:56 -------- d-----w- c:\users\Media Centre\AppData\Local\Origin 2011-06-22 16:56 . 2011-06-22 16:57 -------- d-----w- c:\programdata\Origin 2011-06-22 16:56 . 2011-06-22 16:56 -------- d-----w- c:\program files (x86)\Origin Games 2011-06-22 16:56 . 2011-06-22 16:56 -------- d-----w- c:\program files (x86)\Origin 2011-06-22 16:54 . 2011-06-22 16:56 -------- d-----w- c:\programdata\Electronic Arts 2011-06-22 16:52 . 2011-06-22 16:52 -------- d-----w- c:\program files (x86)\Microsoft WSE 2011-06-22 16:39 . 2011-06-22 16:56 -------- d-----w- c:\program files (x86)\Electronic Arts 2011-06-21 20:45 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2011-06-21 20:45 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll 2011-06-21 20:45 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll 2011-06-21 20:45 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2011-06-21 20:45 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll 2011-06-21 20:45 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll 2011-06-21 20:45 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll 2011-06-21 20:45 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll 2011-06-21 20:00 . 2011-06-21 20:00 -------- d-----w- c:\program files (x86)\EA Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-21 06:17 . 2011-06-11 01:15 25640 ----a-w- c:\windows\gdrv.sys 2011-07-10 19:32 . 2011-06-11 06:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-07-08 06:56 . 2011-06-11 00:59 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-07-08 06:39 . 2011-07-08 06:42 430555 ----a-w- C:\ati_winflash_2.0.1.14.zip 2011-07-08 06:27 . 2011-07-08 06:44 2731134 ----a-w- C:\Mod_BIOS_HD_6950.zip 2011-07-07 21:34 . 2011-06-11 01:11 25640 ----a-w- c:\windows\etdrv.sys 2011-07-07 11:48 . 2011-06-11 11:10 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-07-07 11:48 . 2011-06-11 11:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-07-06 17:35 . 2011-06-11 12:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-06 17:15 . 2011-06-11 17:05 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys 2011-06-30 08:38 . 2011-05-07 15:17 92688 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-06-30 08:38 . 2011-05-02 19:36 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-06-30 08:38 . 2011-05-02 19:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-06-30 08:38 . 2011-05-02 19:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-06-30 08:37 . 2011-05-02 19:36 285256 ----a-w- c:\windows\SysWow64\guard32.dll 2011-06-30 08:37 . 2011-05-02 19:36 363560 ----a-w- c:\windows\system32\guard64.dll 2011-06-26 05:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-06-26 05:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-06-24 11:33 . 2011-06-11 11:27 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2011-06-24 11:32 . 2011-06-11 11:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2011-06-13 18:19 . 2011-06-13 18:19 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-06-13 11:47 . 2011-06-13 11:47 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2011-06-12 07:14 . 2011-06-12 07:14 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2011-06-12 07:14 . 2011-06-12 07:14 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2011-06-12 07:13 . 2011-06-12 07:13 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-06-12 07:13 . 2011-06-12 07:13 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-06-11 20:24 . 2011-06-11 20:24 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-06-11 20:24 . 2011-06-11 20:24 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-06-11 20:24 . 2011-06-11 20:24 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-06-11 20:23 . 2011-06-11 20:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-06-11 20:23 . 2011-06-11 20:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-06-11 20:23 . 2011-06-11 20:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-06-11 20:23 . 2011-06-11 20:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-06-11 20:23 . 2011-06-11 20:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-06-11 20:23 . 2011-06-11 20:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-06-11 20:23 . 2011-06-11 20:23 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-06-11 20:23 . 2011-06-11 20:23 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-06-11 20:23 . 2011-06-11 20:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-06-11 20:23 . 2011-06-11 20:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-06-11 20:23 . 2011-06-11 20:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-06-11 20:23 . 2011-06-11 20:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-06-11 20:23 . 2011-06-11 20:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-11 20:23 . 2011-06-11 20:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-06-11 20:23 . 2011-06-11 20:23 222208 ----a-w- c:\windows\system32\msls31.dll 2011-06-11 20:23 . 2011-06-11 20:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-06-11 20:23 . 2011-06-11 20:23 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-06-11 20:23 . 2011-06-11 20:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-06-11 20:23 . 2011-06-11 20:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-06-11 20:23 . 2011-06-11 20:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-11 20:23 . 2011-06-11 20:23 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-06-11 20:23 . 2011-06-11 20:23 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-06-11 20:23 . 2011-06-11 20:23 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-06-11 20:23 . 2011-06-11 20:23 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-06-11 20:23 . 2011-06-11 20:23 448512 ----a-w- c:\windows\system32\html.iec 2011-06-11 20:23 . 2011-06-11 20:23 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-11 20:23 . 2011-06-11 20:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-06-11 20:23 . 2011-06-11 20:23 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-11 20:23 . 2011-06-11 20:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-06-11 20:23 . 2011-06-11 20:23 12288 ----a-w- c:\windows\system32\mshta.exe 2011-06-11 20:23 . 2011-06-11 20:23 114176 ----a-w- c:\windows\system32\admparse.dll 2011-06-11 20:23 . 2011-06-11 20:23 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-06-11 20:23 . 2011-06-11 20:23 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-06-11 20:23 . 2011-06-11 20:23 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-06-11 20:23 . 2011-06-11 20:23 160256 ----a-w- c:\windows\system32\wextract.exe 2011-06-11 19:17 . 2011-06-11 19:17 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2011-06-11 17:05 . 2011-06-11 17:05 277088 ----a-w- c:\windows\system32\drivers\snapman.sys 2011-06-11 12:43 . 2011-06-11 12:43 388096 ----a-r- c:\users\Media Centre\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-11 11:10 . 2011-06-11 11:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-06-11 11:09 . 2011-06-11 11:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-06-11 06:43 . 2011-06-11 06:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-06-11 06:43 . 2011-06-11 06:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2011-06-10 13:34 . 2011-06-11 01:02 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2011-06-03 05:57 . 2011-07-13 06:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-05-29 08:11 . 2011-06-11 12:44 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 08:11 . 2011-06-11 12:44 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-25 18:19 . 2011-05-25 18:19 52608 ----a-w- c:\windows\system32\drivers\EtronHub3.sys 2011-05-25 18:19 . 2011-03-07 16:22 76160 ----a-w- c:\windows\system32\drivers\EtronXHCI.sys 2011-05-25 04:26 . 2011-05-25 04:26 9359872 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-05-25 03:53 . 2011-05-25 03:53 23336960 ----a-w- c:\windows\system32\atio6axx.dll 2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll 2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe 2011-05-25 03:07 . 2011-04-20 02:09 688128 ----a-w- c:\windows\SysWow64\aticfx32.dll 2011-05-25 03:06 . 2010-11-18 10:29 811008 ----a-w- c:\windows\system32\aticfx64.dll 2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-05-25 03:04 . 2011-05-25 03:04 485376 ----a-w- c:\windows\system32\atieclxx.exe 2011-05-25 03:03 . 2011-05-25 03:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe 2011-05-25 03:02 . 2011-05-25 03:02 120320 ----a-w- c:\windows\system32\atitmm64.dll 2011-05-25 03:02 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll 2011-05-25 03:02 . 2010-11-18 10:25 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll 2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll 2011-05-25 03:01 . 2011-05-25 03:01 16384 ----a-w- c:\windows\system32\atimuixx.dll 2011-05-25 03:01 . 2011-05-25 03:01 59392 ----a-w- c:\windows\system32\atiedu64.dll 2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2011-05-25 03:00 . 2011-05-25 03:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll 2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2011-05-25 02:59 . 2011-05-25 02:59 3810816 ----a-w- c:\windows\system32\atiumd6a.dll 2011-05-25 02:58 . 2011-04-20 01:59 4219904 ----a-w- c:\windows\SysWow64\atidxx32.dll 2011-05-25 02:50 . 2011-05-25 02:50 4017152 ----a-w- c:\windows\SysWow64\atiumdva.dll 2011-05-25 02:49 . 2010-11-18 10:14 5008384 ----a-w- c:\windows\system32\atidxx64.dll 2011-05-25 02:47 . 2011-05-25 02:47 51200 ----a-w- c:\windows\system32\aticalrt64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] "Consumer Input Update"="c:\program files (x86)\Consumer Input\dca-ua.exe" [2011-02-21 175800] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-07-09 107000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-10 2536440] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-27 5550840] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736] . c:\users\Media Centre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWinKeys"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] R3 atillk64;atillk64;c:\users\MEDIAC~1\AppData\Local\Temp\Rar$EX00.121\atillk64.sys [x] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-07-07 25640] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976] R3 GService;Easy Tune;c:\program files (x86)\GIGABYTE\ET6\GService.exe [2010-11-10 40960] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-07-08 30528] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112] R3 MSICDSetup;MSICDSetup;G:\CDriver64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Appupdater;Appupdater;c:\program files (x86)\Appupdater\appupdaters.exe [2009-04-22 2756979] R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-06 3246040] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 bbtest_svc;Broadband Test Application;c:\program files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-06-14 815104] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688] S2 TunerFreeMCEService;TunerFreeMCEService;c:\program files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [2011-04-26 13824] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x] S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x] S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022568182-3715623078-2412027832-1000Core.job - c:\users\Media Centre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 08:03] . 2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022568182-3715623078-2412027832-1000UA.job - c:\users\Media Centre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 08:03] . 2011-07-21 c:\windows\Tasks\IsposureAgent.job - c:\program files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-03-24 17:28] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}] 2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752] . [HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}] [HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-05-17 390736] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152] "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\steam.exe AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe AddRemove-Steam App 218 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 240 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 260 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 34330 - c:\program files (x86)\Steam\steam.exe AddRemove-Steam App 44320 - c:\program files (x86)\Steam\steam.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:68,c6,52,5a,ed,ee,85,70,9d,04,7c,9b,68,7f,17,ec,7c,c8,ef,9e,64,43,49, ca,f9,c7,c0,a2,e8,9b,f2,3f,01,c2,9a,c3,96,48,93,c3,9a,8d,78,7a,3d,ed,b7,9b,\ "??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa . [HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\SecuROM\License information*] "datasecu"=hex:ee,5a,30,0f,a7,26,53,38,80,ef,b6,b4,d2,6b,95,dd,1d,53,97,e2,50, 9e,f2,60,40,4a,69,be,73,18,21,80,41,9e,26,ca,76,01,73,bc,8c,33,d6,e5,a3,88,\ "rkeysecu"=hex:bb,99,c2,b0,96,01,dc,a8,1e,60,1a,1a,86,2a,f3,2c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-07-21 07:39:40 ComboFix-quarantined-files.txt 2011-07-21 06:39 . Pre-Run: 22,778,933,248 bytes free Post-Run: 20,317,343,744 bytes free . - - End Of File - - A698437C29589020DE7EEEA5D27647F5 DDS (Ver_2011-07-14.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by Media Centre at 17:28:33 on 2011-07-21 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.5671 [GMT 1:00] . AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\spoolsv.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\Consumer Input\dca-ua.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DllHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\explorer.exe C:\Windows\ehome\ehRecvr.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe C:\Windows\system32\notepad.exe C:\Windows\ehome\mcGlidHost.exe C:\Users\Media Centre\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox3.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup uRun: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [sAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\MEDIAC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoWinKeys = dword:1 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM IE: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.254 TCP: Interfaces\{747C689B-E33D-4726-A4ED-0928A481B762} : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} - x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} - x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Run: [VX1000] C:\Windows\vVX1000.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-6-11 1263200] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-6-11 21104] R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2011-5-2 16016] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-5-2 252344] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-5-2 41712] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-7-6 3246040] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-25 204288] R2 bbtest_svc;Broadband Test Application;C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-3-24 815104] R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-6-11 21992] R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-6-11 68136] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-11 366640] R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-6-11 114688] R2 TunerFreeMCEService;TunerFreeMCEService;C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [2011-4-26 13824] R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-7-6 285280] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-5-25 9359872] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-5-25 309760] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-5-25 52608] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-3-7 76160] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-11 25912] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-11 56344] R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\System32\drivers\Ph3xIB64.sys [2009-6-10 1627520] R3 RRNetCapMP;RRNetCapMP;C:\Windows\System32\drivers\rrnetcap.sys [2011-4-1 37480] R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-7 539240] S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-7-10 93360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-11 116752] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-6-11 25640] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-6-13 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-7-5 130976] S3 GService;Easy Tune;C:\Program Files (x86)\GIGABYTE\ET6\GService.exe [2010-11-10 40960] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-6-11 30528] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-23 20992] S3 RRNetCap;RRNetCap Service;C:\Windows\System32\drivers\rrnetcap.sys [2011-4-1 37480] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-11 1255736] S4 Appupdater;Appupdater;C:\Program Files (x86)\Appupdater\appupdaters.exe [2009-4-22 2756979] S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-07-21 06:28:09 98816 ----a-w- C:\Windows\sed.exe 2011-07-21 06:28:09 256000 ----a-w- C:\Windows\PEV.exe 2011-07-21 06:28:09 208896 ----a-w- C:\Windows\MBR.exe 2011-07-20 16:28:02 -------- d-----w- C:\Program Files\iTunes 2011-07-20 16:28:02 -------- d-----w- C:\Program Files\iPod 2011-07-20 16:28:02 -------- d-----w- C:\Program Files (x86)\iTunes 2011-07-20 16:26:33 -------- d-----w- C:\Program Files\Bonjour 2011-07-20 16:26:33 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-07-14 06:17:44 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\qliner 2011-07-13 16:38:17 -------- d-----w- C:\Users\Media Centre\AppData\Local\ElevatedDiagnostics 2011-07-13 16:36:53 -------- d-----w- C:\Program Files (x86)\Unknown Device Identifier 2011-07-13 06:23:09 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2011-07-13 06:23:08 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2011-07-13 06:23:08 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys 2011-07-13 06:23:08 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2011-07-13 06:23:08 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2011-07-13 06:23:08 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2011-07-13 06:23:08 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2011-07-13 06:22:44 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS 2011-07-13 06:22:44 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys 2011-07-13 06:22:25 3137536 ----a-w- C:\Windows\System32\win32k.sys 2011-07-13 06:21:29 96768 ----a-w- C:\Windows\System32\fsutil.exe 2011-07-13 06:21:29 2565632 ----a-w- C:\Windows\System32\esent.dll 2011-07-13 06:21:28 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2011-07-13 06:21:28 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2011-07-13 06:21:28 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2011-07-13 06:21:28 189824 ----a-w- C:\Windows\System32\drivers\storport.sys 2011-07-13 06:21:28 1699328 ----a-w- C:\Windows\SysWow64\esent.dll 2011-07-13 06:21:28 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2011-07-13 06:21:28 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2011-07-13 06:21:28 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2011-07-13 06:21:28 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2011-07-12 10:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-07-12 10:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-07-12 10:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-07-12 10:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-07-12 10:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-07-12 10:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-07-12 10:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-07-12 10:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-07-11 20:49:50 -------- d-----w- C:\Users\Media Centre\AppData\Local\Chromium 2011-07-11 06:53:53 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\Macro Recorder 2011-07-11 06:49:16 302184 ----a-w- C:\Windows\amuninst.exe 2011-07-11 06:49:16 -------- d-----w- C:\Program Files\American Systems 2011-07-11 06:36:15 -------- d-----w- C:\Program Files (x86)\Qliner Hotkeys 2011-07-11 06:25:19 -------- d-----w- C:\Program Files (x86)\AutoHotkey 2011-07-11 06:21:59 -------- d-----w- C:\Program Files (x86)\AC Tool 2011-07-10 11:18:59 -------- d-----w- C:\Users\Media Centre\AppData\Local\Sunbelt Software 2011-07-10 11:16:42 93360 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2011-07-10 09:05:34 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\QuickScan 2011-07-10 09:03:00 -------- d-----w- C:\Program Files (x86)\ESET 2011-07-08 06:44:25 -------- d-----w- C:\Mod_BIOS_HD_6950 2011-07-08 06:42:30 -------- d-----w- C:\ati_winflash_2.0.1.14 2011-07-08 06:25:15 -------- d-----w- C:\Program Files (x86)\MSI Kombustor 2011-07-08 06:24:57 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll 2011-07-07 21:28:30 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll 2011-07-07 21:28:30 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2011-07-07 21:17:50 53248 ----a-r- C:\Users\Media Centre\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-07-07 17:55:52 73728 ----a-w- C:\Windows\system\vdremote.dll 2011-07-07 17:55:52 65536 ----a-w- C:\Windows\system\vdsvrlnk.dll 2011-07-07 06:21:47 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-07-06 20:40:20 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL 2011-07-06 20:40:20 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2011-07-06 20:40:19 -------- d-----w- C:\Program Files (x86)\SpywareBlaster 2011-07-06 18:09:40 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2011-07-06 17:15:55 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys 2011-07-06 17:15:55 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\C65C1E7F-D311-430A-8691-B7C3D7A3D6FF 2011-07-06 17:15:55 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\271B7EB2-D121-41A0-9944-2E5941B5A648 2011-07-06 17:15:49 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys 2011-07-05 20:18:57 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\SUPERAntiSpyware.com 2011-07-05 20:18:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2011-07-05 20:18:54 -------- d-----w- C:\ProgramData\!SASCORE 2011-07-05 20:18:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-07-05 16:46:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2011-07-05 16:46:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2011-07-05 06:55:40 -------- d-----w- C:\Users\Media Centre\AppData\Local\IsolatedStorage 2011-07-05 06:55:39 -------- d-----w- C:\Users\Media Centre\AppData\Local\Futuremark_Corporation 2011-07-05 06:37:33 -------- d-----w- C:\Program Files (x86)\Futuremark 2011-07-05 06:36:37 -------- d-----w- C:\Program Files\Futuremark 2011-07-02 20:10:36 -------- d-----w- C:\ProgramData\TomTom 2011-07-02 20:10:12 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\TomTom 2011-07-02 20:10:12 -------- d-----w- C:\Users\Media Centre\AppData\Local\TomTom 2011-07-02 20:10:04 -------- d-----w- C:\Program Files (x86)\TomTom International B.V 2011-07-02 20:09:54 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2 2011-06-30 17:02:52 -------- d-----w- C:\ProgramData\Soulseek 2011-06-30 16:37:25 -------- d-----w- C:\Program Files (x86)\Consumer Input 2011-06-27 06:46:46 -------- d-----w- C:\Program Files (x86)\AMD APP 2011-06-26 19:25:42 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\mp3DirectCut 2011-06-26 19:07:18 -------- d-----w- C:\Program Files (x86)\mp3DirectCut 2011-06-26 05:51:15 -------- d-----w- C:\Windows\System32\SPReview 2011-06-26 05:49:58 -------- d-----w- C:\Windows\System32\EventProviders 2011-06-24 17:45:56 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\AV Soft 2011-06-23 19:27:59 833024 ----a-w- C:\Windows\SysWow64\user32.dll 2011-06-23 19:26:59 61440 ----a-w- C:\Windows\System32\drivers\appid.sys 2011-06-23 19:25:19 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-06-23 15:22:26 -------- d-----w- C:\Program Files (x86)\Westwood Chat 2011-06-22 16:56:59 -------- d-----w- C:\Users\Media Centre\AppData\Local\Origin 2011-06-22 16:56:39 -------- d-----w- C:\ProgramData\Origin 2011-06-22 16:56:39 -------- d-----w- C:\Program Files (x86)\Origin Games 2011-06-22 16:56:17 -------- d-----w- C:\Program Files (x86)\Origin 2011-06-22 16:54:32 -------- d-----w- C:\ProgramData\Electronic Arts 2011-06-22 16:52:25 -------- d-----w- C:\Program Files (x86)\Microsoft WSE 2011-06-21 20:45:48 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll 2011-06-21 20:45:48 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll 2011-06-21 20:45:47 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll 2011-06-21 20:45:47 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll 2011-06-21 20:45:47 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll 2011-06-21 20:45:46 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll 2011-06-21 20:45:45 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll 2011-06-21 20:45:44 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll 2011-06-21 20:44:29 -------- d-----w- C:\Windows\SysWow64\directx 2011-06-21 20:00:33 -------- d-----w- C:\Program Files (x86)\EA Games . ==================== Find3M ==================== . 2011-07-21 06:17:09 25640 ----a-w- C:\Windows\gdrv.sys 2011-07-10 19:32:55 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2011-07-08 06:56:37 30528 ----a-w- C:\Windows\GVTDrv64.sys 2011-07-07 21:34:05 25640 ----a-w- C:\Windows\etdrv.sys 2011-07-06 17:35:47 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-06 17:15:51 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys 2011-06-30 08:38:08 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2011-06-30 08:38:07 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys 2011-06-30 08:38:06 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2011-06-30 08:37:25 285256 ----a-w- C:\Windows\SysWow64\guard32.dll 2011-06-30 08:37:24 363560 ----a-w- C:\Windows\System32\guard64.dll 2011-06-26 05:58:08 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-06-26 05:58:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-06-12 07:14:00 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2011-06-12 07:14:00 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2011-06-12 07:13:59 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2011-06-12 07:13:59 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2011-06-11 20:24:00 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2011-06-11 20:24:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll 2011-06-11 20:24:00 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-06-11 19:17:59 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll 2011-06-11 17:05:42 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys 2011-06-11 06:43:45 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2011-06-11 06:43:45 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2011-06-11 01:15:38 0 ----a-w- C:\Windows\ativpsrm.bin 2011-06-10 13:34:52 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe 2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-05-29 08:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 08:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-05-25 18:19:00 76160 ----a-w- C:\Windows\System32\drivers\EtronXHCI.sys 2011-05-25 18:19:00 52608 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys 2011-05-25 04:26:56 9359872 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2011-05-25 03:53:28 23336960 ----a-w- C:\Windows\System32\atio6axx.dll 2011-05-25 03:31:38 17940992 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2011-05-25 03:07:58 151552 ----a-w- C:\Windows\System32\atiapfxx.exe 2011-05-25 03:07:48 688128 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2011-05-25 03:06:38 811008 ----a-w- C:\Windows\System32\aticfx64.dll 2011-05-25 03:04:16 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2011-05-25 03:04:10 485376 ----a-w- C:\Windows\System32\atieclxx.exe 2011-05-25 03:03:38 204288 ----a-w- C:\Windows\System32\atiesrxx.exe 2011-05-25 03:02:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2011-05-25 03:02:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll 2011-05-25 03:02:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll 2011-05-25 03:02:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll 2011-05-25 03:01:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll 2011-05-25 03:01:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2011-05-25 03:01:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2011-05-25 03:00:00 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll 2011-05-25 02:59:38 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2011-05-25 02:59:26 3810816 ----a-w- C:\Windows\System32\atiumd6a.dll 2011-05-25 02:58:52 4219904 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2011-05-25 02:50:38 4017152 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2011-05-25 02:49:44 5008384 ----a-w- C:\Windows\System32\atidxx64.dll 2011-05-25 02:47:40 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2011-05-25 02:47:38 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2011-05-25 02:47:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2011-05-25 02:47:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2011-05-25 02:47:18 8489472 ----a-w- C:\Windows\System32\aticaldd64.dll 2011-05-25 02:43:52 6847488 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2011-05-25 02:39:16 4330496 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2011-05-25 02:38:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll 2011-05-25 02:38:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll 2011-05-25 02:38:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2011-05-25 02:38:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2011-05-25 02:33:04 5486592 ----a-w- C:\Windows\System32\atiumd64.dll 2011-05-25 02:26:18 366592 ----a-w- C:\Windows\System32\atiadlxx.dll 2011-05-25 02:26:12 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2011-05-25 02:26:04 14848 ----a-w- C:\Windows\System32\atig6pxx.dll 2011-05-25 02:26:00 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2011-05-25 02:26:00 12800 ----a-w- C:\Windows\System32\atiglpxx.dll 2011-05-25 02:25:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll 2011-05-25 02:25:48 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2011-05-25 02:25:42 309760 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2011-05-25 02:24:58 40960 ----a-w- C:\Windows\System32\atiuxp64.dll 2011-05-25 02:24:50 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2011-05-25 02:24:44 38912 ----a-w- C:\Windows\System32\atiu9p64.dll 2011-05-25 02:24:36 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2011-05-25 02:24:08 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2011-05-25 02:19:00 58880 ----a-w- C:\Windows\System32\coinst.dll 2011-05-24 22:44:30 61952 ----a-w- C:\Windows\System32\OVDecode64.dll 2011-05-24 22:44:26 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2011-05-24 22:44:04 16672768 ----a-w- C:\Windows\System32\amdocl64.dll 2011-05-24 22:43:50 12798976 ----a-w- C:\Windows\SysWow64\amdocl.dll . ============= FINISH: 17:30:01.95 ===============
  14. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7084 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 7/17/2011 9:31:34 PM mbam-log-2011-07-17 (21-31-34).txt Scan type: Quick scan Objects scanned: 171651 Time elapsed: 2 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_2011-07-14.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by Media Centre at 21:33:10 on 2011-07-17 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6108 [GMT 1:00] . AV: COMODO Antivirus *Enabled/Outdated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC} FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\DllHost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Windows\vVX1000.exe C:\Program Files (x86)\Consumer Input\dca-ua.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Mozilla Firefox\firefox3.exe C:\Program Files (x86)\SoulseekNS\slsk.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Steam\Steam.exe C:\Windows\ehome\ehRecvr.exe C:\Windows\ehome\mcGlidHost.exe C:\Users\Media Centre\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe c:\program files (x86)\common files\installshield\updateservice\isuspm.exe C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\Windows\ehome\ehsched.exe C:\Windows\eHome\EhTray.exe C:\Windows\ehome\ehRec.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\MEDIAC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoWinKeys = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM IE: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.254 TCP: Interfaces\{747C689B-E33D-4726-A4ED-0928A481B762} : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} - x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} - x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Run: [VX1000] C:\Windows\vVX1000.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2011-7-13 27008] R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-14 367696] R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2011-6-23 459248] R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-14 70224] R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2011-6-23 223248] R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2011-6-23 14720] R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2011-6-23 152960] R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-7-10 69152] R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-14 15424] R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-14 50768] R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2011-6-23 213888] R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008] R0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;C:\Windows\System32\drivers\vmstorfl.sys [2011-6-23 46464] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-6-11 1263200] R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-14 36432] R0 vmbus;Virtual Machine Bus;C:\Windows\System32\drivers\vmbus.sys [2011-6-23 199552] R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2011-6-23 71552] R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2011-6-23 363392] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-6-11 21104] R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-14 45056] R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2011-5-2 16016] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-5-2 252344] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-5-2 41712] R1 CSC;Offline Files Driver;C:\Windows\System32\drivers\csc.sys [2011-6-23 514560] R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2011-6-23 102400] R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-14 40448] R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-14 24576] R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-14 7680] R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-14 8192] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360] R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2011-6-23 119296] R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-6-23 88576] R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-14 12800] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-7-6 3246040] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-25 204288] R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] R2 bbtest_svc;Broadband Test Application;C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-3-24 815104] R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136] R2 cmdagent;COMODO Internet Security Helper Service;C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-5-9 2528096] R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-6-11 21992] R2 CscService;Offline Files;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-6-11 68136] R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136] R2 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136] R2 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136] R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136] R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136] R2 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] R2 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136] R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136] R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-14 27136] R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-14 60928] R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-14 113152] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-11 366640] R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136] R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136] R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136] R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-14 651264] R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136] R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136] R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-14 27136] R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-6-11 114688] R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2011-6-23 45056] R2 TunerFreeMCEService;TunerFreeMCEService;C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [2011-4-26 13824] R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] R3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2011-6-23 229888] R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-7-6 285280] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-5-25 9359872] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-5-25 309760] R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2011-6-11 90624] R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2011-6-23 38912] R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2011-6-23 982912] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-5-25 52608] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-3-7 76160] R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2009-7-14 31232] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-11 25912] R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-11 56344] R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-14 30208] R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-14 77312] R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2011-6-16 289280] R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2011-6-16 128000] R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136] R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\System32\drivers\Ph3xIB64.sys [2009-6-10 1627520] R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-14 60416] R3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-14 24064] R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-7 539240] R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2011-6-16 410112] R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2011-6-16 168448] R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2011-6-23 125440] R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2011-6-23 48640] R3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136] R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136] R3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-7-10 93360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136] S2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2011-6-23 3524608] S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2011-6-23 12800] S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088] S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536] S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2011-7-13 107904] S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128] S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2011-6-23 61440] S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136] S3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-11 116752] S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-14 27136] S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480] S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848] S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136] S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-14 18432] S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-14 8704] S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-14 286720] S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-14 47104] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-14 14976] S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136] S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-14 45568] S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-14 27136] S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016] S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-6-11 25640] S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-14 34304] S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-14 55376] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-6-13 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-7-5 130976] S3 GService;Easy Tune;C:\Program Files (x86)\GIGABYTE\ET6\GService.exe [2010-11-10 40960] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-6-11 30528] S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232] S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2011-6-23 78720] S3 iaStorV;Intel RAID Controller Windows 7;C:\Windows\System32\drivers\iaStorV.sys [2011-7-13 410496] S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2011-6-23 78848] S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2011-6-23 273792] S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-14 27136] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-9-24 1181328] S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136] S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752] S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560] S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600] S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776] S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112] S3 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\System32\drivers\mpio.sys [2011-6-23 155008] S3 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2011-6-23 31104] S3 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\System32\drivers\msdsm.sys [2011-6-23 140672] S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-14 8192] S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136] S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2011-6-23 366976] S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-14 15360] S3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-14 318976] S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-14 35328] S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264] S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2011-7-13 166272] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PeerDistSvc;BranchCache;C:\Windows\System32\svchost.exe -k PeerDist [2009-7-14 27136] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-14 20992] S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136] S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136] S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816] S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-23 20992] S3 s3cap;s3cap;C:\Windows\System32\drivers\vms3cap.sys [2011-6-23 6656] S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2011-6-23 29696] S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136] S3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-14 27136] S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136] S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136] S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-14 13824] S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464] S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-14 93184] S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136] S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656] S3 storvsc;storvsc;C:\Windows\System32\drivers\storvsc.sys [2011-6-23 34688] S3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136] S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136] S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2011-6-23 194048] S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2011-6-23 39424] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392] S3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-14 40960] S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-14 64592] S3 UmRdpService;Remote Desktop Services UserMode Port Redirector;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2009-7-14 100352] S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2009-7-14 31232] S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2011-6-23 215936] S3 VMBusHID;VMBusHID;C:\Windows\System32\drivers\VMBusHID.sys [2011-6-23 21760] S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872] S3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-14 24576] S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-14 27776] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-11 1255736] S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2011-6-23 1504256] S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-14 27136] S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-14 27136] S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-14 21056] S3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136] S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136] S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-14 27136] S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-14 22096] S3 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-14 27136] S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136] S3 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136] S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136] S4 Appupdater;Appupdater;C:\Program Files (x86)\Appupdater\appupdaters.exe [2009-4-22 2756979] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920] S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136] S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-07-14 06:17:44 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\qliner 2011-07-13 16:38:17 -------- d-----w- C:\Users\Media Centre\AppData\Local\ElevatedDiagnostics 2011-07-13 16:36:53 -------- d-----w- C:\Program Files (x86)\Unknown Device Identifier 2011-07-13 06:23:09 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2011-07-13 06:23:08 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2011-07-13 06:23:08 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys 2011-07-13 06:23:08 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2011-07-13 06:23:08 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2011-07-13 06:23:08 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2011-07-13 06:23:08 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2011-07-13 06:22:44 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS 2011-07-13 06:22:44 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys 2011-07-13 06:22:25 3137536 ----a-w- C:\Windows\System32\win32k.sys 2011-07-13 06:21:29 96768 ----a-w- C:\Windows\System32\fsutil.exe 2011-07-13 06:21:29 2565632 ----a-w- C:\Windows\System32\esent.dll 2011-07-13 06:21:28 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2011-07-13 06:21:28 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2011-07-13 06:21:28 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2011-07-13 06:21:28 189824 ----a-w- C:\Windows\System32\drivers\storport.sys 2011-07-13 06:21:28 1699328 ----a-w- C:\Windows\SysWow64\esent.dll 2011-07-13 06:21:28 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2011-07-13 06:21:28 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2011-07-13 06:21:28 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2011-07-13 06:21:28 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2011-07-11 20:49:50 -------- d-----w- C:\Users\Media Centre\AppData\Local\Chromium 2011-07-11 06:53:53 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\Macro Recorder 2011-07-11 06:49:16 302184 ----a-w- C:\Windows\amuninst.exe 2011-07-11 06:49:16 -------- d-----w- C:\Program Files\American Systems 2011-07-11 06:36:15 -------- d-----w- C:\Program Files (x86)\Qliner Hotkeys 2011-07-11 06:25:19 -------- d-----w- C:\Program Files (x86)\AutoHotkey 2011-07-11 06:21:59 -------- d-----w- C:\Program Files (x86)\AC Tool 2011-07-10 15:57:27 15880 ----a-w- C:\Windows\System32\lsdelete.exe 2011-07-10 11:18:59 -------- d-----w- C:\Users\Media Centre\AppData\Local\Sunbelt Software 2011-07-10 11:16:52 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2011-07-10 11:16:42 93360 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2011-07-10 11:14:58 -------- dc-h--w- C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE} 2011-07-10 11:14:56 -------- d-----w- C:\Program Files (x86)\Lavasoft 2011-07-10 09:05:34 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\QuickScan 2011-07-10 09:03:00 -------- d-----w- C:\Program Files (x86)\ESET 2011-07-09 06:49:46 -------- d-s---w- C:\ComboFix 2011-07-08 06:44:25 -------- d-----w- C:\Mod_BIOS_HD_6950 2011-07-08 06:42:30 -------- d-----w- C:\ati_winflash_2.0.1.14 2011-07-08 06:25:15 -------- d-----w- C:\Program Files (x86)\MSI Kombustor 2011-07-08 06:24:57 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll 2011-07-07 21:28:30 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll 2011-07-07 21:28:30 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2011-07-07 21:17:50 53248 ----a-r- C:\Users\Media Centre\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-07-07 17:55:52 73728 ----a-w- C:\Windows\system\vdremote.dll 2011-07-07 17:55:52 65536 ----a-w- C:\Windows\system\vdsvrlnk.dll 2011-07-07 06:21:47 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-07-06 20:40:20 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL 2011-07-06 20:40:20 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2011-07-06 20:40:19 -------- d-----w- C:\Program Files (x86)\SpywareBlaster 2011-07-06 18:09:40 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2011-07-06 17:15:55 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys 2011-07-06 17:15:55 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\C65C1E7F-D311-430A-8691-B7C3D7A3D6FF 2011-07-06 17:15:55 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\271B7EB2-D121-41A0-9944-2E5941B5A648 2011-07-06 17:15:49 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys 2011-07-05 20:18:57 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\SUPERAntiSpyware.com 2011-07-05 20:18:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2011-07-05 20:18:54 -------- d-----w- C:\ProgramData\!SASCORE 2011-07-05 20:18:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-07-05 16:46:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2011-07-05 16:46:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2011-07-05 06:55:40 -------- d-----w- C:\Users\Media Centre\AppData\Local\IsolatedStorage 2011-07-05 06:55:39 -------- d-----w- C:\Users\Media Centre\AppData\Local\Futuremark_Corporation 2011-07-05 06:37:33 -------- d-----w- C:\Program Files (x86)\Futuremark 2011-07-05 06:36:37 -------- d-----w- C:\Program Files\Futuremark 2011-07-02 20:10:36 -------- d-----w- C:\ProgramData\TomTom 2011-07-02 20:10:12 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\TomTom 2011-07-02 20:10:12 -------- d-----w- C:\Users\Media Centre\AppData\Local\TomTom 2011-07-02 20:10:04 -------- d-----w- C:\Program Files (x86)\TomTom International B.V 2011-07-02 20:09:54 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2 2011-06-30 17:02:52 -------- d-----w- C:\ProgramData\Soulseek 2011-06-30 16:37:25 -------- d-----w- C:\Program Files (x86)\Consumer Input 2011-06-27 06:46:46 -------- d-----w- C:\Program Files (x86)\AMD APP 2011-06-26 19:25:42 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\mp3DirectCut 2011-06-26 19:07:18 -------- d-----w- C:\Program Files (x86)\mp3DirectCut 2011-06-26 05:51:15 -------- d-----w- C:\Windows\System32\SPReview 2011-06-26 05:49:58 -------- d-----w- C:\Windows\System32\EventProviders 2011-06-24 17:45:56 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\AV Soft 2011-06-23 19:27:59 833024 ----a-w- C:\Windows\SysWow64\user32.dll 2011-06-23 19:26:59 61440 ----a-w- C:\Windows\System32\drivers\appid.sys 2011-06-23 19:25:19 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-06-23 15:22:26 -------- d-----w- C:\Program Files (x86)\Westwood Chat 2011-06-22 16:56:59 -------- d-----w- C:\Users\Media Centre\AppData\Local\Origin 2011-06-22 16:56:39 -------- d-----w- C:\ProgramData\Origin 2011-06-22 16:56:39 -------- d-----w- C:\Program Files (x86)\Origin Games 2011-06-22 16:56:17 -------- d-----w- C:\Program Files (x86)\Origin 2011-06-22 16:54:32 -------- d-----w- C:\ProgramData\Electronic Arts 2011-06-22 16:52:25 -------- d-----w- C:\Program Files (x86)\Microsoft WSE 2011-06-21 20:45:48 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll 2011-06-21 20:45:48 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll 2011-06-21 20:45:47 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll 2011-06-21 20:45:47 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll 2011-06-21 20:45:47 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll 2011-06-21 20:45:46 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll 2011-06-21 20:45:45 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll 2011-06-21 20:45:44 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll 2011-06-21 20:44:29 -------- d-----w- C:\Windows\SysWow64\directx 2011-06-21 20:00:33 -------- d-----w- C:\Program Files (x86)\EA Games 2011-06-19 21:34:48 -------- d-----w- C:\Users\Media Centre\AppData\Local\Adobe 2011-06-19 18:03:45 -------- d-----w- C:\ProgramData\MillieSoft 2011-06-19 18:03:45 -------- d-----w- C:\Program Files (x86)\MillieSoft 2011-06-19 17:07:22 31080 ----a-w- C:\Windows\SysWow64\drivers\hid8106.sys 2011-06-19 17:07:21 73728 ----a-w- C:\Windows\SysWow64\dancemat.exe . ==================== Find3M ==================== . 2011-07-14 02:21:38 25640 ----a-w- C:\Windows\gdrv.sys 2011-07-10 19:32:55 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2011-07-08 06:56:37 30528 ----a-w- C:\Windows\GVTDrv64.sys 2011-07-07 21:34:05 25640 ----a-w- C:\Windows\etdrv.sys 2011-07-06 17:35:47 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-06 17:15:51 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys 2011-06-30 08:38:08 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2011-06-30 08:38:07 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys 2011-06-30 08:38:06 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2011-06-30 08:37:25 285256 ----a-w- C:\Windows\SysWow64\guard32.dll 2011-06-30 08:37:24 363560 ----a-w- C:\Windows\System32\guard64.dll 2011-06-26 05:58:08 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-06-26 05:58:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-06-12 07:14:00 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2011-06-12 07:14:00 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2011-06-12 07:13:59 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2011-06-12 07:13:59 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2011-06-11 20:24:00 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2011-06-11 20:24:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll 2011-06-11 20:24:00 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-06-11 19:17:59 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll 2011-06-11 17:05:42 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys 2011-06-11 06:43:45 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2011-06-11 06:43:45 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2011-06-11 01:15:38 0 ----a-w- C:\Windows\ativpsrm.bin 2011-06-10 13:34:52 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe 2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-05-29 08:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 08:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-05-25 18:19:00 76160 ----a-w- C:\Windows\System32\drivers\EtronXHCI.sys 2011-05-25 18:19:00 52608 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys 2011-05-25 04:26:56 9359872 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2011-05-25 03:53:28 23336960 ----a-w- C:\Windows\System32\atio6axx.dll 2011-05-25 03:31:38 17940992 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2011-05-25 03:07:58 151552 ----a-w- C:\Windows\System32\atiapfxx.exe 2011-05-25 03:07:48 688128 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2011-05-25 03:06:38 811008 ----a-w- C:\Windows\System32\aticfx64.dll 2011-05-25 03:04:16 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2011-05-25 03:04:10 485376 ----a-w- C:\Windows\System32\atieclxx.exe 2011-05-25 03:03:38 204288 ----a-w- C:\Windows\System32\atiesrxx.exe 2011-05-25 03:02:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2011-05-25 03:02:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll 2011-05-25 03:02:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll 2011-05-25 03:02:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll 2011-05-25 03:01:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll 2011-05-25 03:01:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2011-05-25 03:01:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2011-05-25 03:00:00 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll 2011-05-25 02:59:38 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2011-05-25 02:59:26 3810816 ----a-w- C:\Windows\System32\atiumd6a.dll 2011-05-25 02:58:52 4219904 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2011-05-25 02:50:38 4017152 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2011-05-25 02:49:44 5008384 ----a-w- C:\Windows\System32\atidxx64.dll 2011-05-25 02:47:40 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2011-05-25 02:47:38 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2011-05-25 02:47:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2011-05-25 02:47:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2011-05-25 02:47:18 8489472 ----a-w- C:\Windows\System32\aticaldd64.dll 2011-05-25 02:43:52 6847488 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2011-05-25 02:39:16 4330496 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2011-05-25 02:38:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll 2011-05-25 02:38:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll 2011-05-25 02:38:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2011-05-25 02:38:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2011-05-25 02:33:04 5486592 ----a-w- C:\Windows\System32\atiumd64.dll 2011-05-25 02:26:18 366592 ----a-w- C:\Windows\System32\atiadlxx.dll 2011-05-25 02:26:12 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2011-05-25 02:26:04 14848 ----a-w- C:\Windows\System32\atig6pxx.dll 2011-05-25 02:26:00 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2011-05-25 02:26:00 12800 ----a-w- C:\Windows\System32\atiglpxx.dll 2011-05-25 02:25:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll 2011-05-25 02:25:48 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2011-05-25 02:25:42 309760 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2011-05-25 02:24:58 40960 ----a-w- C:\Windows\System32\atiuxp64.dll 2011-05-25 02:24:50 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2011-05-25 02:24:44 38912 ----a-w- C:\Windows\System32\atiu9p64.dll 2011-05-25 02:24:36 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2011-05-25 02:24:08 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2011-05-25 02:19:00 58880 ----a-w- C:\Windows\System32\coinst.dll 2011-05-24 22:44:30 61952 ----a-w- C:\Windows\System32\OVDecode64.dll 2011-05-24 22:44:26 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2011-05-24 22:44:04 16672768 ----a-w- C:\Windows\System32\amdocl64.dll 2011-05-24 22:43:50 12798976 ----a-w- C:\Windows\SysWow64\amdocl.dll . ============= FINISH: 21:34:47.79 ===============
  15. Hello there, I must have downloaded something nasty recently as I had problems with firefox for a long time until I renamed the file firefox3.exe. There were permission errors with toolbars and when I tried to open gmail it would crash firefox. These issues had never arisen previously. Someone said that I shouldn't have to rename the file for it to work, so I thought it best I get it checked out. I have scanned the system several times each with Malwarebyte's Anti-Malware, Spybot Search and Destroy, SUPERAntiSPyware and COMODO Internet Security PRO 2011 and managed to clear a few different things from the system. I have also used CrapCleaner to sweep the registry and application data. The moment I rename firefox3.exe back to firefox.exe, I get the same problems back. As we speak I am doing another scan. Here is my HiJackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:50:24 AM, on 7/9/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Consumer Input\dca-ua.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\SoulseekNS\slsk.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files (x86)\Mozilla Firefox\firefox3.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing) O23 - Service: Broadband Test Application (bbtest_svc) - Epitiro Ltd. - C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdagent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe O23 - Service: Easy Tune (GService) - Unknown owner - C:\Program Files (x86)\GIGABYTE\ET6\GService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TunerFreeMCEService - MillieSoft - C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16738 bytes Please let me know what you think.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.