Jump to content

Possible Multiple Malware


Erebus

Recommended Posts

Ping.exe is constantly being blocked by Malwarebytes'

Firefox has another tab that pops up around my pop up blocker when I open a new window

Kasprosky 2010 found the Trojan Backdoor.Win64.ZAccess.aj that it seems unable to remove.

As well as a number of other viruses, I believe as a result of this trojan.

Malwarebytes failed to find that virus.

Attach.txt

DDS.txt

Link to post
Share on other sites

Quick Scan, no viruses found.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8251

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

11/27/2011 2:18:36 AM

mbam-log-2011-11-27 (02-18-36).txt

Scan type: Quick scan

Objects scanned: 171181

Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26

Run by Owner at 2:20:34 on 2011-11-27

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8191.5347 [GMT -8:00]

.

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

AV: Kaspersky Anti-Virus *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

c:\altera\11.0sp1\quartus\bin64\jtagserver.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Razer\Lachesis\razerhid.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Razer\Lachesis\OSD.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Razer\Lachesis\razertra.exe

C:\Program Files (x86)\Razer\Lachesis\razerofa.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\SysWOW64\WinMsgBalloonServer.exe

C:\Windows\SysWOW64\WinMsgBalloonClient.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe

C:\Windows\SysWOW64\BeepApp.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\conime.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Windows\SysWOW64\ping.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

uRun: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart

uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe -update plugin

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE

mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun: [Lachesis] "C:\Program Files (x86)\Razer\Lachesis\razerhid.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4C6875B5-B67C-40AF-A67B-764DA640E3AC} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{7DDD79FB-31D2-43BD-92E3-649A51DF78C5} : DhcpNameServer = 192.168.2.1 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

BHO-X64: link filter bho - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE

mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun-x64: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun-x64: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun-x64: [Lachesis] "C:\Program Files (x86)\Razer\Lachesis\razerhid.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer

AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cduts96v.default\

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npWebLaunch.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll

FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R0 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]

R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]

R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2008-9-4 122880]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340520]

R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-21 366152]

R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-8-14 89920]

.

=============== Created Last 30 ================

.

2011-11-27 10:13:49 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-11-25 09:49:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3B2B081-729B-4E1E-9CF6-8B294948CC18}\offreg.dll

2011-11-25 09:49:16 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D3B2B081-729B-4E1E-9CF6-8B294948CC18}\mpengine.dll

2011-11-22 01:25:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes

2011-11-22 01:25:13 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-22 01:25:09 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-22 01:25:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-18 05:28:49 -------- d--h--w- C:\$AVG

2011-11-18 04:42:10 -------- d--h--w- C:\ProgramData\Common Files

2011-11-18 04:37:14 -------- d-----w- C:\ProgramData\AVG2012

2011-11-18 04:31:05 -------- d-----w- C:\Program Files (x86)\AVG

2011-11-18 04:22:27 -------- d-----w- C:\ProgramData\MFAData

2011-11-14 04:44:32 -------- d-----we C:\Windows\system64

2011-11-14 04:43:41 -------- d-----w- C:\Users\Owner\AppData\Roaming\XjjjUVVelIBzPyc

2011-11-14 04:43:40 -------- d-----w- C:\Users\Owner\AppData\Roaming\NlllOBBtP0yc1i

2011-11-12 04:05:35 -------- d-----w- C:\Users\Owner\AppData\Local\SWTOR

2011-11-11 09:59:10 -------- d-----w- C:\Users\Owner\AppData\Local\Skyrim

2011-11-10 05:12:01 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare

2011-11-10 05:01:40 -------- d-----w- C:\Users\Owner\AppData\Roaming\Origin

2011-11-10 05:01:38 -------- d-----w- C:\Users\Owner\AppData\Local\Origin

2011-11-10 05:01:22 -------- d-----w- C:\ProgramData\Origin

2011-11-10 05:01:22 -------- d-----w- C:\ProgramData\Electronic Arts

2011-11-10 05:01:22 -------- d-----w- C:\Program Files (x86)\Origin Games

2011-11-10 05:00:35 -------- d-----w- C:\Program Files\Origin

2011-11-09 11:31:04 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 11:31:03 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2011-11-09 11:31:03 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

2011-11-09 11:31:02 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 11:31:01 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 11:31:01 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll

2011-11-08 01:14:03 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-11-08 01:14:03 238936 ----a-w- C:\Windows\SysWow64\xactengine3_5.dll

2011-11-08 01:14:01 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll

2011-11-08 01:13:59 5501792 ----a-w- C:\Windows\SysWow64\d3dcsx_42.dll

2011-11-08 01:13:53 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-11-08 01:13:47 74576 ----a-w- C:\Windows\System32\XAPOFX1_2.dll

2011-11-08 01:13:47 70992 ----a-w- C:\Windows\SysWow64\XAPOFX1_2.dll

2011-11-08 01:13:47 518480 ----a-w- C:\Windows\System32\XAudio2_3.dll

2011-11-08 01:13:47 514384 ----a-w- C:\Windows\SysWow64\XAudio2_3.dll

2011-11-08 01:13:46 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll

2011-11-08 01:13:46 175440 ----a-w- C:\Windows\System32\xactengine3_3.dll

2011-11-08 01:13:45 25936 ----a-w- C:\Windows\System32\X3DAudio1_5.dll

2011-11-08 01:13:45 23376 ----a-w- C:\Windows\SysWow64\X3DAudio1_5.dll

2011-11-06 09:48:24 -------- d-----w- C:\Program Files (x86)\Terrafirma

2011-10-29 07:21:36 -------- d-----w- C:\Users\Owner\AppData\Local\AMD

2011-10-29 07:20:11 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-10-29 07:19:27 -------- d-----w- C:\ProgramData\AMD

2011-10-29 07:19:18 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys

2011-10-29 07:02:58 51200 ----a-w- C:\Windows\System32\ATIODCLI.exe

2011-10-29 07:02:58 4944896 ----a-w- C:\Windows\System32\atidxx64.dll

2011-10-29 07:02:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-10-28 18:23:08 -------- d-----w- C:\Users\Owner\AppData\Local\Sword of the Stars II

.

==================== Find3M ====================

.

2011-09-14 18:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-09-14 18:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-09-14 18:47:22 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-09-14 18:47:18 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-09-14 18:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll

2011-09-14 18:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-09-14 18:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll

2011-09-14 18:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll

2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys

2011-09-02 14:15:02 1383424 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-02 13:39:07 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 2:22:20.16 ===============

Do you need the Attach.txt?

Link to post
Share on other sites

ComboFix

ComboFix 11-12-05.02 - Owner 12/05/2011 10:23:22.1.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8191.6172 [GMT -8:00]

Running from: c:\users\Owner\Downloads\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

AV: Kaspersky Anti-Virus *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Owner\AppData\Roaming\Local

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))

.

.

2011-12-05 18:54 . 2011-12-05 18:54 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D17721F-4297-45EC-B618-D91FCDF2B4D9}\offreg.dll

2011-12-05 18:52 . 2011-12-05 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-02 10:13 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D17721F-4297-45EC-B618-D91FCDF2B4D9}\mpengine.dll

2011-11-30 07:54 . 2011-11-30 07:54 -------- d-sh--w- c:\programdata\DSS

2011-11-22 01:25 . 2011-11-22 01:25 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes

2011-11-22 01:25 . 2011-11-22 01:25 -------- d-----w- c:\programdata\Malwarebytes

2011-11-22 01:25 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-22 01:25 . 2011-11-22 01:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-18 05:28 . 2011-11-18 05:28 -------- d-----w- C:\$AVG

2011-11-18 04:42 . 2011-11-18 04:42 -------- d--h--w- c:\programdata\Common Files

2011-11-18 04:37 . 2011-11-18 04:54 -------- d-----w- c:\programdata\AVG2012

2011-11-18 04:31 . 2011-11-18 04:31 -------- d-----w- c:\program files (x86)\AVG

2011-11-18 04:22 . 2011-11-18 04:23 -------- d-----w- c:\programdata\MFAData

2011-11-14 04:43 . 2011-11-14 04:43 -------- d-----w- c:\users\Owner\AppData\Roaming\XjjjUVVelIBzPyc

2011-11-14 04:43 . 2011-11-14 04:43 -------- d-----w- c:\users\Owner\AppData\Roaming\NlllOBBtP0yc1i

2011-11-12 04:05 . 2011-11-18 21:32 -------- d-----w- c:\users\Owner\AppData\Local\SWTOR

2011-11-11 09:59 . 2011-11-11 09:59 -------- d-----w- c:\users\Owner\AppData\Local\Skyrim

2011-11-10 05:12 . 2011-11-18 21:32 -------- d-----w- c:\program files (x86)\Electronic Arts

2011-11-10 05:12 . 2011-11-10 05:12 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2011-11-10 05:01 . 2011-11-10 05:04 -------- d-----w- c:\users\Owner\AppData\Roaming\Origin

2011-11-10 05:01 . 2011-11-10 05:01 -------- d-----w- c:\users\Owner\AppData\Local\Origin

2011-11-10 05:01 . 2011-11-18 21:32 -------- d-----w- c:\programdata\Electronic Arts

2011-11-10 05:01 . 2011-11-10 05:04 -------- d-----w- c:\programdata\Origin

2011-11-10 05:01 . 2011-11-10 05:01 -------- d-----w- c:\program files (x86)\Origin Games

2011-11-10 05:00 . 2011-11-18 21:32 -------- d-----w- c:\program files\Origin

2011-11-09 11:31 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 11:31 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-11-09 11:31 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-11-09 11:31 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-09 11:31 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll

2011-11-09 11:31 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-08 01:14 . 2009-09-05 01:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2011-11-08 01:14 . 2009-09-05 01:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll

2011-11-08 01:14 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll

2011-11-08 01:13 . 2009-09-05 01:29 5501792 ----a-w- c:\windows\SysWow64\d3dcsx_42.dll

2011-11-08 01:13 . 2009-09-05 01:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2011-11-08 01:13 . 2008-10-27 18:04 518480 ----a-w- c:\windows\system32\XAudio2_3.dll

2011-11-08 01:13 . 2008-10-27 18:04 514384 ----a-w- c:\windows\SysWow64\XAudio2_3.dll

2011-11-08 01:13 . 2008-10-27 18:04 74576 ----a-w- c:\windows\system32\XAPOFX1_2.dll

2011-11-08 01:13 . 2008-10-27 18:04 70992 ----a-w- c:\windows\SysWow64\XAPOFX1_2.dll

2011-11-08 01:13 . 2008-10-27 18:04 235856 ----a-w- c:\windows\SysWow64\xactengine3_3.dll

2011-11-08 01:13 . 2008-10-27 18:04 175440 ----a-w- c:\windows\system32\xactengine3_3.dll

2011-11-08 01:13 . 2008-10-27 18:04 25936 ----a-w- c:\windows\system32\X3DAudio1_5.dll

2011-11-08 01:13 . 2008-10-27 18:04 23376 ----a-w- c:\windows\SysWow64\X3DAudio1_5.dll

2011-11-06 09:48 . 2011-11-06 09:48 -------- d-----w- c:\program files (x86)\Terrafirma

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-29 07:03 . 2011-10-29 07:03 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll

2011-10-29 07:03 . 2011-10-29 07:03 24229376 ----a-w- c:\windows\system32\atio6axx.dll

2011-10-29 07:03 . 2011-07-23 19:13 5428736 ----a-w- c:\windows\system32\atiumd64.dll

2011-10-29 07:03 . 2011-07-23 19:13 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2011-10-29 07:03 . 2011-10-29 07:03 15360 ----a-w- c:\windows\system32\atig6pxx.dll

2011-10-29 07:03 . 2011-07-23 19:13 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll

2011-10-29 07:03 . 2011-10-29 07:03 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2011-10-29 07:03 . 2011-10-29 07:03 120320 ----a-w- c:\windows\system32\atitmm64.dll

2011-10-29 07:03 . 2011-10-29 07:03 8723456 ----a-w- c:\windows\system32\aticaldd64.dll

2011-10-29 07:03 . 2011-07-23 19:13 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2011-10-29 07:03 . 2011-10-29 07:03 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-10-29 07:03 . 2011-10-29 07:03 486912 ----a-w- c:\windows\system32\atieclxx.exe

2011-10-29 07:03 . 2010-07-07 01:24 58880 ----a-w- c:\windows\system32\coinst.dll

2011-10-29 07:03 . 2011-10-29 07:03 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-10-29 07:03 . 2011-10-29 07:03 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2011-10-29 07:03 . 2011-10-29 07:03 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2011-10-29 07:03 . 2011-10-29 07:03 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2011-10-29 07:03 . 2011-10-29 07:03 40960 ----a-w- c:\windows\system32\atiuxp64.dll

2011-10-29 07:03 . 2011-10-29 07:03 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll

2011-10-29 07:03 . 2011-07-23 19:13 862720 ----a-w- c:\windows\system32\aticfx64.dll

2011-10-29 07:03 . 2011-10-29 07:03 381952 ----a-w- c:\windows\system32\atiadlxx.dll

2011-10-29 07:03 . 2011-10-29 07:03 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2011-10-29 07:03 . 2011-10-29 07:03 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-10-29 07:03 . 2011-10-29 07:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe

2011-10-29 07:03 . 2011-10-29 07:03 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll

2011-10-29 07:03 . 2011-10-29 07:03 423424 ----a-w- c:\windows\system32\atipdl64.dll

2011-10-29 07:03 . 2011-10-29 07:03 39936 ----a-w- c:\windows\system32\atig6txx.dll

2011-10-29 07:03 . 2011-10-29 07:03 54784 ----a-w- c:\windows\system32\atimpc64.dll

2011-10-29 07:03 . 2011-10-29 07:03 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2011-10-29 07:03 . 2011-10-29 07:03 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll

2011-10-29 07:03 . 2011-10-29 07:03 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-10-29 07:03 . 2011-10-29 07:03 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2011-10-29 07:03 . 2011-10-29 07:03 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2011-10-29 07:03 . 2011-10-29 07:03 13312 ----a-w- c:\windows\system32\atiglpxx.dll

2011-10-29 07:03 . 2011-10-29 07:03 3888640 ----a-w- c:\windows\system32\atiumd6a.dll

2011-10-29 07:03 . 2011-10-29 07:03 59392 ----a-w- c:\windows\system32\atiedu64.dll

2011-10-29 07:03 . 2011-10-29 07:03 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2011-10-29 07:03 . 2011-10-29 07:03 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-10-29 07:03 . 2011-10-29 07:03 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll

2011-10-29 07:03 . 2011-10-29 07:03 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2011-10-29 07:03 . 2011-07-23 19:13 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll

2011-10-29 07:03 . 2011-10-29 07:03 332800 ----a-w- c:\windows\system32\ATIODE.exe

2011-10-29 07:03 . 2011-10-29 07:03 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll

2011-10-29 07:03 . 2011-10-29 07:03 90128 ----a-w- c:\windows\system32\drivers\AtihdLH6.sys

2011-10-29 07:03 . 2011-07-23 19:13 45056 ----a-w- c:\windows\system32\atitmp64.dll

2011-10-29 07:03 . 2011-07-23 19:13 38912 ----a-w- c:\windows\system32\atiu9p64.dll

2011-10-29 07:03 . 2011-10-29 07:03 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2011-10-29 07:03 . 2011-10-29 07:03 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2011-10-29 07:03 . 2011-10-29 07:03 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2011-10-29 07:03 . 2011-10-29 07:02 4944896 ----a-w- c:\windows\system32\atidxx64.dll

2011-10-29 07:02 . 2011-10-29 07:02 21504 ----a-w- c:\windows\system32\atimuixx.dll

2011-10-29 07:02 . 2011-10-29 07:02 51200 ----a-w- c:\windows\system32\ATIODCLI.exe

2011-09-14 18:47 . 2011-09-14 18:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll

2011-09-14 18:47 . 2011-09-14 18:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll

2011-09-14 18:47 . 2011-09-14 18:47 51200 ----a-w- c:\windows\system32\OpenCL.dll

2011-09-14 18:47 . 2011-09-14 18:47 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-09-14 18:47 . 2011-09-14 18:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll

2011-09-14 18:46 . 2011-09-14 18:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll

2011-09-14 18:38 . 2011-09-14 18:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll

2011-09-14 18:38 . 2011-09-14 18:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-06-04 2736736]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2010-06-04 01:24 2736736 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-06-04 2736736]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]

"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]

"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-18 1152296]

"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-18 189736]

"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]

"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2011-10-28 340520]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll"="c:\windows\system32\rundll32.exe" [2006-11-02 44544]

"B Register c:\program files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll"="c:\windows\system32\rundll32.exe" [2006-11-02 44544]

"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll"="c:\windows\system32\rundll32.exe" [2006-11-02 44544]

"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll"="c:\windows\system32\rundll32.exe" [2006-11-02 44544]

"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll"="c:\windows\system32\rundll32.exe" [2006-11-02 44544]

"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll"="c:\windows\system32\rundll32.exe" [2006-11-02 44544]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-09-10 25888]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]

S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]

S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]

S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2008-09-04 122880]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [x]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-04 c:\windows\Tasks\Driver Robot.job

- c:\program files (x86)\Driver Robot\Driver Robot.lnk [2010-12-05 23:36]

.

2011-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4153474012-3867970363-2514925673-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-30 22:55]

.

2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4153474012-3867970363-2514925673-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-30 22:55]

.

2011-11-23 c:\windows\Tasks\HPCeeScheduleForOwner.job

- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-11-13 19:12]

.

2011-11-13 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF27440.3XE" [2008-01-21 363008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

mLocal Page = %SystemRoot%\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cduts96v.default\

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-sp41121 - c:\hp\Softpaq\sp41121\sp41121.exe

AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe

AddRemove-1254850575.elitistjerks.com - c:\program files (x86)\Microsoft Silverlight\4.0.51204.0\Silverlight.Configuration.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]

"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4153474012-3867970363-2514925673-1000\Software\SecuROM\License information*]

"datasecu"=hex:cb,75,87,3d,d5,94,47,31,d5,27,ad,9c,1e,71,b2,96,ec,15,f1,44,46,

b1,f7,14,e6,cf,88,35,81,85,17,db,52,4e,7e,ce,d4,62,07,9f,6f,25,a8,41,86,7f,\

"rkeysecu"=hex:80,0c,7e,18,e3,68,19,77,7e,b0,33,94,29,f0,f6,02

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@SACL=

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]

@Denied: (A 2) (Everyone)

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Razer\Lachesis\OSD.exe

c:\program files (x86)\Razer\Lachesis\razertra.exe

c:\program files (x86)\Razer\Lachesis\razerofa.exe

.

**************************************************************************

.

Completion time: 2011-12-05 11:05:58 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-05 19:05

.

Pre-Run: 50,054,180,864 bytes free

Post-Run: 52,805,152,768 bytes free

.

- - End Of File - - 2EBB36222A18F1D14FFC3095CBC87022

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26

Run by Owner at 11:11:21 on 2011-12-05

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8191.6014 [GMT -8:00]

.

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

AV: Kaspersky Anti-Virus *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

c:\altera\11.0sp1\quartus\bin64\jtagserver.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Razer\Lachesis\razerhid.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Razer\Lachesis\OSD.exe

C:\Program Files (x86)\Razer\Lachesis\razertra.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Razer\Lachesis\razerofa.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\explorer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE

mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun: [Lachesis] "C:\Program Files (x86)\Razer\Lachesis\razerhid.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4C6875B5-B67C-40AF-A67B-764DA640E3AC} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{7DDD79FB-31D2-43BD-92E3-649A51DF78C5} : DhcpNameServer = 192.168.2.1 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

BHO-X64: link filter bho - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE

mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun-x64: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun-x64: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun-x64: [Lachesis] "C:\Program Files (x86)\Razer\Lachesis\razerhid.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer

AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

Hosts: 216.240.133.193 www.google-analytics.com.

Hosts: 216.240.133.193 ad-emea.doubleclick.net.

Hosts: 216.240.133.193 www.statcounter.com.

Hosts: 69.72.252.254 www.google-analytics.com.

Hosts: 69.72.252.254 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cduts96v.default\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npWebLaunch.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll

FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

============= SERVICES / DRIVERS ===============

.

R0 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]

R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]

R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2008-9-4 122880]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340520]

R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-21 366152]

R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-8-14 89920]

.

=============== Created Last 30 ================

.

2011-12-05 18:54:51 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D17721F-4297-45EC-B618-D91FCDF2B4D9}\offreg.dll

2011-12-05 18:18:59 98816 ----a-w- C:\Windows\sed.exe

2011-12-05 18:18:59 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-05 18:18:59 256000 ----a-w- C:\Windows\PEV.exe

2011-12-05 18:18:59 208896 ----a-w- C:\Windows\MBR.exe

2011-12-02 10:13:12 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D17721F-4297-45EC-B618-D91FCDF2B4D9}\mpengine.dll

2011-11-30 07:54:15 -------- d-sh--w- C:\ProgramData\DSS

2011-11-22 01:25:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes

2011-11-22 01:25:13 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-22 01:25:09 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-22 01:25:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-18 05:28:49 -------- d-----w- C:\$AVG

2011-11-18 04:42:10 -------- d--h--w- C:\ProgramData\Common Files

2011-11-18 04:37:14 -------- d-----w- C:\ProgramData\AVG2012

2011-11-18 04:31:05 -------- d-----w- C:\Program Files (x86)\AVG

2011-11-18 04:22:27 -------- d-----w- C:\ProgramData\MFAData

2011-11-14 04:43:41 -------- d-----w- C:\Users\Owner\AppData\Roaming\XjjjUVVelIBzPyc

2011-11-14 04:43:40 -------- d-----w- C:\Users\Owner\AppData\Roaming\NlllOBBtP0yc1i

2011-11-12 04:05:35 -------- d-----w- C:\Users\Owner\AppData\Local\SWTOR

2011-11-11 09:59:10 -------- d-----w- C:\Users\Owner\AppData\Local\Skyrim

2011-11-10 05:12:01 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare

2011-11-10 05:01:40 -------- d-----w- C:\Users\Owner\AppData\Roaming\Origin

2011-11-10 05:01:38 -------- d-----w- C:\Users\Owner\AppData\Local\Origin

2011-11-10 05:01:22 -------- d-----w- C:\ProgramData\Origin

2011-11-10 05:01:22 -------- d-----w- C:\ProgramData\Electronic Arts

2011-11-10 05:01:22 -------- d-----w- C:\Program Files (x86)\Origin Games

2011-11-10 05:00:35 -------- d-----w- C:\Program Files\Origin

2011-11-09 11:31:04 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 11:31:03 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2011-11-09 11:31:03 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

2011-11-09 11:31:02 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 11:31:01 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 11:31:01 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll

2011-11-08 01:14:03 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-11-08 01:14:03 238936 ----a-w- C:\Windows\SysWow64\xactengine3_5.dll

2011-11-08 01:14:01 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll

2011-11-08 01:13:59 5501792 ----a-w- C:\Windows\SysWow64\d3dcsx_42.dll

2011-11-08 01:13:53 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-11-08 01:13:47 74576 ----a-w- C:\Windows\System32\XAPOFX1_2.dll

2011-11-08 01:13:47 70992 ----a-w- C:\Windows\SysWow64\XAPOFX1_2.dll

2011-11-08 01:13:47 518480 ----a-w- C:\Windows\System32\XAudio2_3.dll

2011-11-08 01:13:47 514384 ----a-w- C:\Windows\SysWow64\XAudio2_3.dll

2011-11-08 01:13:46 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll

2011-11-08 01:13:46 175440 ----a-w- C:\Windows\System32\xactengine3_3.dll

2011-11-08 01:13:45 25936 ----a-w- C:\Windows\System32\X3DAudio1_5.dll

2011-11-08 01:13:45 23376 ----a-w- C:\Windows\SysWow64\X3DAudio1_5.dll

2011-11-06 09:48:24 -------- d-----w- C:\Program Files (x86)\Terrafirma

.

==================== Find3M ====================

.

2011-10-29 07:02:59 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-10-29 07:02:58 51200 ----a-w- C:\Windows\System32\ATIODCLI.exe

2011-09-14 18:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-09-14 18:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-09-14 18:47:22 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-09-14 18:47:18 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-09-14 18:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll

2011-09-14 18:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-09-14 18:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll

2011-09-14 18:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll

.

============= FINISH: 11:12:12.20 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please see:

Forum Piracy Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It's likely why your issue began in the first place.

Link to post
Share on other sites

Hi,

Please see:

Forum Piracy Policy

We will not assist users that are obviously using illegal software.

If any such evidence is found you will be given the benefit of the doubt and the opportunity to completely uninstall and delete any such data from your system.

During the scanning process if any further evidence shows up your topic will be closed and no further assistance will be provided.

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

It's likely why your issue began in the first place.

I'm confused.

It is because I have Vuze on my computer? I have downloaded two items with it ever, and both were shareware distributed via torrent by the creator (or at least as far as I can tell).

If there is ANYTHING else on my computer, I did not install it, and I would like for your help in identifying it.

I do not support piracy, and Peer 2 Peer software is not illegal, but what you do with it can be. However, I have uninstalled Vuze, I haven't even used it in several months, well before these problems started.

I appreciate the time and effort you have given so far, but I don't really appreciate the attack against me. As far as I know, everything on my computer is either freeware, shareware under a trial license, or purchased licenses. So identifying any illegal software can help me remove it and attempt to identify the source.

I'm not saying I'm perfect, but I'm pretty sure my problems came from clicking a malicious link. I probably should have known better, but I haven't consciously done anything illegal.

Thanks.

Link to post
Share on other sites

  • Staff

Hi,

Thank you for your cooperation. It is not my policy, but I have to enforce it with the people that I help.

I do not support piracy, and Peer 2 Peer software is not illegal, but what you do with it can be. However, I have uninstalled Vuze, I haven't even used it in several months, well before these problems started.

This is more than fine. Let's proceed.

Please update MBAM, run a Quick Scan, and post its log. Grab a fresh copy of ComboFix, run it, and post its log in addition to a fresh DDS log.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  • Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

Link to post
Share on other sites

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  • Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

I downloaded this program and ran it. However when I hit Scan, I had Windows crash with a critical error and a memory dump.

I stopped here to make sure I haven't done anything wrong or this isn't an indication of another problem. I'll attach my Scan log from malwarebytes, my combofix, and my DDS file in a seperate post.

Link to post
Share on other sites

Malwarebytes' Log

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8400

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

12/19/2011 4:15:03 PM

mbam-log-2011-12-19 (16-14-17).txt

Scan type: Quick scan

Objects scanned: 180399

Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Owner\AppData\Local\Temp\671.1919.exe (Rootkit.0Access) -> No action taken.

c:\Users\Owner\AppData\Local\Temp\msimg32.dll (Trojan.Agent) -> No action taken.

c:\Windows\Temp\ebcmcg\setup.exe (Trojan.Downloader.BH) -> No action taken.

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26

Run by Owner at 17:57:17 on 2011-12-19

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8191.6079 [GMT -8:00]

.

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

AV: Kaspersky Anti-Virus *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

c:\altera\11.0sp1\quartus\bin64\jtagserver.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Razer\Lachesis\razerhid.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Razer\Lachesis\OSD.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Razer\Lachesis\razertra.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files (x86)\Razer\Lachesis\razerofa.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\PROGRA~2\Raptr\raptr.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\PROGRA~2\Raptr\raptr_im.exe

C:\Program Files (x86)\Raptr\raptr_ep64.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE

mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun: [Lachesis] "C:\Program Files (x86)\Razer\Lachesis\razerhid.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer

dRun: [ Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.dll",DllRegisterServer

dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4C6875B5-B67C-40AF-A67B-764DA640E3AC} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{7DDD79FB-31D2-43BD-92E3-649A51DF78C5} : DhcpNameServer = 192.168.2.1 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

BHO-X64: link filter bho - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE

mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun-x64: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun-x64: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun-x64: [Lachesis] "C:\Program Files (x86)\Razer\Lachesis\razerhid.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer

AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

Hosts: 66.197.194.231 www.google-analytics.com.

Hosts: 66.197.194.231 ad-emea.doubleclick.net.

Hosts: 66.197.194.231 www.statcounter.com.

Hosts: 69.72.252.254 www.google-analytics.com.

Hosts: 69.72.252.254 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cduts96v.default\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npWebLaunch.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll

FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]

R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]

R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2008-9-4 122880]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340520]

R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-21 366152]

R2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]

R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-8-14 89920]

.

=============== Created Last 30 ================

.

2011-12-20 01:00:06 -------- d-----w- C:\$RECYCLE.BIN

2011-12-20 00:56:44 -------- d-----w- C:\Users\Owner\AppData\Local\temp

2011-12-20 00:18:33 -------- d-----w- C:\ComboFix

2011-12-16 17:30:47 -------- d-----w- C:\Cache

2011-12-16 13:56:30 -------- d-----w- C:\w

2011-12-16 13:56:29 -------- d-----w- C:\skins

2011-12-16 13:39:38 0 ---ha-w- C:\Windows\SysWow64\bhiivsywkw.tmp

2011-12-16 13:39:36 -------- d-----w- C:\e

2011-12-16 13:39:35 -------- d-----w- C:\Data

2011-12-15 16:38:14 -------- d-----w- C:\Users\Owner\AppData\Roaming\Uvaviv

2011-12-15 16:38:14 -------- d-----w- C:\Users\Owner\AppData\Roaming\Niafno

2011-12-14 19:37:08 85504 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-14 19:37:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-14 19:37:02 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-13 07:57:41 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5B39243-A11B-4C7A-A2BE-7C0E88B74408}\mpengine.dll

2011-12-13 00:47:54 -------- d-----w- C:\Program Files\Common Files\Safenet Sentinel

2011-12-13 00:47:49 -------- d-----w- C:\Windows\Downloaded Installations

2011-12-11 20:16:39 -------- d-----w- C:\Users\Owner\Xilinx

2011-12-11 20:15:10 -------- d-----w- C:\.Xilinx

2011-12-11 20:05:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\Xilinx

2011-12-11 20:01:36 -------- d-----w- C:\Program Files (x86)\Digilent

2011-12-11 20:01:36 -------- d-----w- C:\Program Files (x86)\Common Files\Digilent

2011-12-11 20:01:31 27384 ----a-w- C:\Windows\System32\drivers\xpc4drvr.sys

2011-12-11 19:58:21 -------- d-----w- C:\Program Files (x86)\WinPcap

2011-12-11 19:05:38 254976 ----a-w- C:\Windows\System32\drivers\windrvr6.sys

2011-12-11 19:05:31 -------- d-----w- C:\Xilinx

2011-12-05 18:18:59 98816 ----a-w- C:\Windows\sed.exe

2011-12-05 18:18:59 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-05 18:18:59 256000 ----a-w- C:\Windows\PEV.exe

2011-12-05 18:18:59 208896 ----a-w- C:\Windows\MBR.exe

2011-11-30 07:54:15 -------- d-sh--w- C:\ProgramData\DSS

2011-11-22 01:25:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes

2011-11-22 01:25:13 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-22 01:25:09 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-22 01:25:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys

2011-11-04 15:20:26 1383424 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-04 14:54:57 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-29 07:02:59 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-10-29 07:02:58 51200 ----a-w- C:\Windows\System32\ATIODCLI.exe

2011-10-20 16:19:14 1032192 ----a-w- C:\Windows\System32\wininet.dll

2011-10-20 15:55:43 834048 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-10-20 14:40:54 485376 ----a-w- C:\Windows\System32\html.iec

2011-10-20 14:08:44 389632 ----a-w- C:\Windows\SysWow64\html.iec

2011-10-14 17:30:05 559616 ----a-w- C:\Windows\System32\EncDec.dll

2011-10-14 16:02:19 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll

.

============= FINISH: 17:58:10.62 ===============

Link to post
Share on other sites

  • 1 month later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.