Jump to content

Recommended Posts

Hello, everyone. Recently, I disabled my fire wall for just a day so I could connect to the SW:TOR beta servers (they were being faulty, so it was advised to temporarily disable firewalls) and then later on, I got a virus from a website immediately. It kept spamming my permission for it to make changes to my hard drive, and I wasn't able to click 'no,' so I clicked 'yes.' Since then (yesterday), I've been trying to fix my computer. I've run avira scans, avast! scans, malwarebytes scans, Spybot scans, EVERYTHING, even in safemode.

I've also tried recovering 3-4 times, but the recovery is never successful due to a file being missing from the restore point.

This virus makes opera and other internet browsers occasionally crash, it has made Catalyst Control Center (AMD) crash as soon as I log into my account, and it has made Intel Control Panel crash as soon as I log in.

BY THE WAY, I'M USING WINDOWS 7 64-BIT!

Before the virus, I had 4-5 icons on my task bar at the bottom of my screen. These were World of Warcraft, League of Legends, Starcraft 2, Microsoft Word, Microsoft Excel. After the virus, those disappeared. Shortcuts on the desktop are still there, though.

When I click the "Start" button at the bottom left of my desktop, click "My Programs," and then click on any given program folder, it says empty.

At this point, I am completely unproductive, and can not do anything at all...I have tried recovering the system by booting up on a CD with AVG recover. The scan I did that way found a few items, which I then deleted, but it still made no difference. The problem is still there.

I think most of the virus has been fixed, but my files, etc, are still hidden/gone. Also, if they were actually deleted, where did they go? My Computer still says I am using the same amount of space as I was before the virus infected my system. This makes me optimistic.

Thanks for the help in advance!

Here's the DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24

Run by Saad at 1:50:05 on 2011-12-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3063.1238 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Broadcom\BPowMon\BPowMon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\AlienRespawn\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbengine.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe

C:\Windows\System32\vds.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Program Files\Alienware\Command Center\ThermalController.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Alienware\Command Center\RemotingServiceController.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

C:\Program Files\Alienware\Command Center\DoorController.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Trojan Remover\Trjscan.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe

C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Opera\opera.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\AVAST Software\Avast\defs\11120200\Sf.bin

.

============== Pseudo HJT Report ===============

.

mURLSearchHooks: PhotoJoy US Toolbar: {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPhot.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: PhotoJoy US Toolbar: {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPhot.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: PhotoJoy US Toolbar: {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPhot.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{A61921B1-FB37-4F5F-9BCE-12D4C93B220D} : DhcpNameServer = 192.168.1.254 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: PhotoJoy US Toolbar: {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPhot.dll

BHO-X64: PhotoJoy US - No File

TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB-X64: PhotoJoy US Toolbar: {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPhot.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRunOnce-x64: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Saad\AppData\Roaming\Mozilla\Firefox\Profiles\ndu3q53a.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

FF - component: C:\Users\Saad\AppData\Roaming\Mozilla\Firefox\Profiles\ndu3q53a.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Saad\AppData\Roaming\Mozilla\Firefox\Profiles\ndu3q53a.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - component: C:\Users\Saad\AppData\Roaming\Mozilla\Firefox\Profiles\ndu3q53a.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Saad\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Users\Saad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Saad\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-1 44768]

R2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-10-27 117608]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-26 13336]

R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2009-7-9 27096]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-8 1153368]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2010-7-26 689472]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 AWOPFilterDriver;AWOPFilterDriver;\??\C:\Windows\system32\drivers\AWOPFilterDriver.sys --> C:\Windows\system32\drivers\AWOPFilterDriver.sys [?]

R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-4 14648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-11-16 25832]

S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== Created Last 30 ================

.

2011-12-02 08:23:21 388096 ----a-r- C:\Users\Saad\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-02 08:23:21 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-12-02 08:16:27 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{72803866-C4C8-4B1C-8859-75F672DBFF3F}\mpengine.dll

2011-12-02 08:13:15 8822856 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2011-12-02 03:57:28 -------- d-----w- C:\Program Files\CCleaner

2011-12-02 02:39:37 -------- d-----w- C:\Program Files (x86)\Belarc

2011-12-02 02:21:39 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-12-02 02:21:38 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-12-02 02:21:29 41184 ----a-w- C:\Windows\avastSS.scr

2011-12-02 02:21:24 -------- d-----w- C:\ProgramData\AVAST Software

2011-12-02 02:21:24 -------- d-----w- C:\Program Files\AVAST Software

2011-12-02 02:04:08 77312 ----a-w- C:\Windows\SysWow64\ztvunace26.dll

2011-12-02 02:04:08 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll

2011-12-02 02:04:08 69632 ----a-w- C:\Windows\SysWow64\ztvcabinet.dll

2011-12-02 02:04:08 162304 ----a-w- C:\Windows\SysWow64\ztvunrar36.dll

2011-12-02 02:04:08 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll

2011-12-02 02:04:07 -------- d-----w- C:\Users\Saad\AppData\Roaming\Simply Super Software

2011-12-02 02:04:07 -------- d-----w- C:\ProgramData\Simply Super Software

2011-12-02 02:04:07 -------- d-----w- C:\Program Files (x86)\Trojan Remover

2011-12-02 00:35:11 -------- d-----w- C:\Users\Saad\AppData\Roaming\Malwarebytes

2011-12-02 00:35:00 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-02 00:34:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-01 00:29:38 -------- d--h--w- C:\ProgramData\Common Files

2011-12-01 00:26:13 -------- d-----w- C:\ProgramData\MFAData

2011-11-25 20:57:28 -------- d-----w- C:\Users\Saad\AppData\Local\SWTOR

2011-11-16 03:18:47 -------- d-----w- C:\Users\Saad\AppData\Local\Unity

2011-11-16 01:33:05 -------- d-----w- C:\Program Files\Speccy

2011-11-14 23:28:49 -------- d-----w- C:\Program Files (x86)\Lavalys

2011-11-14 23:27:43 -------- d-----w- C:\Program Files (x86)\Chrome

2011-11-10 01:24:03 -------- d-----w- C:\Users\Saad\AppData\Local\PackageAware

2011-11-06 19:13:02 6656 ----a-w- C:\Windows\System32\drivers\hidkmdf.sys

2011-11-06 19:13:02 13312 ----a-w- C:\Windows\System32\drivers\VKbms.sys

2011-11-06 19:13:01 12032 ----a-w- C:\Windows\System32\drivers\danew.sys

2011-11-04 01:49:20 -------- d-----w- C:\Users\Saad\AppData\Roaming\Razer

2011-11-04 01:46:01 85504 ----a-w- C:\Windows\SysWow64\DeathAdder64.cpl

.

==================== Find3M ====================

.

2011-10-13 23:34:29 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-09-30 04:07:20 1316224 ----a-w- C:\Windows\SysWow64\PhotoJoy Screensaver.scr

.

============= FINISH: 2:00:23.95 ===============

Attach.txt

ANY HELP WOULD BE APPRECIATED! THANKS FOR HELPING! I REALLY APPRECIATE IT! :)

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.