Jump to content

Win32/Fynloski.A keeps getting detected by MSE


Recommended Posts

Hello Koenvil and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Your information is most likely compromised. I suggest you to read what the consequences from this infection: Backdoor:Win32/Fynloski.A . When we finish is very important to change all of your passwords.

Step 1

Please uninstall µTorrent, because of our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

Thanks for the quick reply to my question,

I believe that I have uninstalled uTorrent now, except when i search it there are still a few image files, hopefully the program is gone now.

I am running both MSE and Comodo Internet Security in Tandem with Malware-bytes supplimenting, I was wondering if there are any reprecussions in using both of these together?

I have run the quick scan on Malware-bytes and used the DDS. Logs are attached.

Thanks

Attach.txt

DDSnew.txt

mbam-log-2012-04-16 (19-03-03).txt

Link to post
Share on other sites

I am running both MSE and Comodo Internet Security in Tandem with Malware-bytes supplimenting, I was wondering if there are any reprecussions in using both of these together?

No, just make sure MSE and MBAM have unlimited access in Comodo rules.

Please follow my instructions strictly:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Copy&Paste the entire report in your next reply.
In your next reply, post the following log files:
Link to post
Share on other sites

Here you go,

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Kevin at 19:36:55 on 2012-04-16

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3798 [GMT -4:00]

.

AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE

C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe

C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\PROGRA~2\teksavvy.com\TEKSAV~1\app\pppoeservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe

C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Dexpot\dexpot.exe

C:\Program Files (x86)\Razer\Lycosa\razerhid.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Dexpot\Dexpot64.exe

C:\Program Files (x86)\Razer\Lycosa\razertra.exe

C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe

C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

C:\Program Files (x86)\Dexpot\plugins\SevenDex.exe

C:\Program Files (x86)\Dexpot\plugins\MouseEvents.exe

C:\Program Files (x86)\Dexpot\plugins\Dexgrid.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\Temp\Catalyst.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [MobiLink Lite] C:\Program Files (x86)\Novatel Wireless\MobiLink\Lite.exe

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Facebook Update] "C:\Users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe

uRun: [CCC] C:\Users\Kevin\AppData\Local\Temp\ATI .exe

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe

mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

mRun: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

StartupFolder: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI .exe

StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{ED0B1BB2-2788-4298-9308-218E5B313ECA} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA} : DhcpNameServer = 10.1.250.48 10.1.250.1

TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\14162746 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\6516C6B697279656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\8497075625 : DhcpNameServer = 10.10.10.71 10.10.10.72 10.10.10.15

TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\B4566796E602C4F62E08993702960586F6E656 : DhcpNameServer = 207.164.79.254 204.101.237.136

TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\C696E6B6379737D276 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe

mRun-x64: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

mRun-x64: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\w3178hbo.default\

FF - prefs.js: browser.startup.homepage - hxxp://myfav.es/

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\w3178hbo.default\extensions\npretoxstable@stable.heroesandgenerals.com\plugins\npretoxstable.dll

FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?]

R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?]

R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]

R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112]

R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2010-2-9 235560]

R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-6-12 24635]

R2 PPPoEService;PPPoE Service;C:\PROGRA~2\teksavvy.com\TEKSAV~1\app\pppoeservice.exe [2010-9-22 49152]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]

R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VKbms;Razer Gaming Device;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]

S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-4-24 131912]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]

S3 LVUVC64;QuickCam for Notebooks Pro(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?]

S3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-15 22:52:25 8669240 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AED25CB7-468B-4070-9ADD-81581C92845F}\mpengine.dll

2012-04-12 04:36:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-12 04:36:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-04-12 04:36:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2012-04-12 04:36:00 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-04-12 04:36:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll

2012-04-12 04:36:00 174392 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2012-04-12 04:36:00 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2012-04-12 04:32:37 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 04:32:37 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 04:32:37 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 04:32:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 04:32:37 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-12 04:32:37 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-12 04:32:37 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-08 16:59:37 41200 ----a-w- C:\Windows\System32\cmdcsr.dll

2012-04-08 09:46:46 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-04-08 09:46:30 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-04-08 09:46:14 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-04-08 09:46:11 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-04-07 22:22:05 -------- d-----w- C:\Users\Kevin\.towns

2012-04-07 21:09:09 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes

2012-04-07 21:09:02 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-07 21:09:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-07 21:09:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-02 17:10:20 -------- d-----w- C:\Users\Kevin\AppData\Roaming\DYA_WTOBNMDJRGHNVPABI

2012-04-02 17:10:20 -------- d-----w- C:\ProgramData\DYA_WTOBNMDJRGHNVPABI

2012-04-02 17:10:17 -------- d-----w- C:\programs

2012-03-30 00:19:30 -------- d-----w- C:\Program Files (x86)\SpeedFan

2012-03-25 23:06:15 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-25 23:06:15 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-25 00:11:53 -------- d-----w- C:\folder1

2012-03-24 22:06:56 -------- d-----w- C:\ProgramData\AMD

2012-03-24 22:06:55 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-03-24 22:06:51 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-03-24 21:49:08 95248 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

2012-03-24 21:49:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

.

==================== Find3M ====================

.

2012-04-01 18:48:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-24 21:49:07 58880 ----a-w- C:\Windows\System32\coinst.dll

2012-03-11 21:13:41 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2012-03-11 21:13:40 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2012-03-11 21:13:38 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2012-03-11 21:13:18 301224 ----a-w- C:\Windows\SysWow64\guard32.dll

2012-03-11 21:13:17 389840 ----a-w- C:\Windows\System32\guard64.dll

2012-03-08 02:55:29 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-03-08 02:55:29 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-03-08 02:55:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-16 23:42:56 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll

2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll

2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe

2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll

2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll

2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-02-15 02:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-02-15 02:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-02-15 02:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-02-15 02:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-02-15 02:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll

2012-02-15 02:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-02-15 02:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll

2012-02-15 02:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-31 10:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-01-31 10:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-01-23 02:14:54 5120 ----a-w- C:\Windows\SysWow64\NSIS.Library.RegTool.v3.{718F2CD8-CD24-4B12-8C3E-597F38B43206}.exe

2010-11-05 01:58:15 1169224 --sh--w- C:\Windows\Temp\Catalyst.exe

.

============= FINISH: 19:38:47.05 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 9/3/2010 10:25:26 AM

System Uptime: 4/16/2012 7:30:51 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | SABERTOOTH X58

Processor: Intel® Core i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 199.326 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (HFSXJ) - 465 GiB total, 229.379 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP365: 4/11/2012 10:30:47 PM - Windows Update

RP366: 4/12/2012 12:31:30 AM - Windows Update

RP367: 4/15/2012 6:51:31 PM - Windows Update

RP368: 4/15/2012 11:58:30 PM - Removed Razer DeathAdder Mouse

RP369: 4/15/2012 11:59:31 PM - Installed Razer DeathAdder Mouse

RP370: 4/16/2012 12:00:54 AM - Device Driver Package Install: Razer Razer Device

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Age of Empires Online

Apple Application Support

Apple Software Update

ARMA 2

ASUS Ai Charger

ATI Catalyst Registration

Batman: Arkham Asylum GOTY Edition

Battlefield 3ô

Battlelog Web Plugins

BattlEye Uninstall

Borderlands

Brytenwalda version 1.35

Call of Pripyat Complete v1.0.2

Canon IJ Network Scan Utility

Canon IJ Network Tool

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Command and Conquer: Red Alert 3

Command and Conquer: Red Alert 3 - Uprising

Company of Heroes: Opposing Fronts

Crysis 2 Demo

Crysis Warhead

Crysis Wars

Crysis Wars® Mod SDK Source Code 1.0

Crysis Wars® Mod SDK Tools 1.1

D3DX10

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Desura

Deus Ex: Human Revolution

Dexpot

Diablo III Beta

DiRT 2

Dragon Age II

Dragon Age: Origins

Dropbox

Empire: Total War

ESN Sonar

EVE Online (remove only)

Facebook Video Calling 1.2.0.159

Fallout 3 - Game of the Year Edition

Fallout Mod Manager 0.13.21

Fallout: New Vegas

Far Cry 2

Fences

Foxit Reader

Freemake Video Converter version 2.0.0

GameSpy Comrade

Garry's Mod

Geeks3D.com FurMark 1.9.1

GeoGebra

Global Agenda

Google Chrome

Google Talk Plugin

Java Auto Updater

Java 6 Update 29

Just Cause 2

Killing Floor

Kingdoms of Amalur: Reckoning - Demo

League of Legends

Left 4 Dead 2

Malwarebytes Anti-Malware version 1.61.0.1400

Marvell MRU V4

Mass Effect

Men of War: Assault Squad

Mesh Runtime

Metro 2033

Microsoft .NET Framework 1.1

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

Mobilink Lite

Monday Night Combat

Mount & Blade: With Fire and Sword

Mount and Blade: Warband

Mozilla Firefox 11.0 (x86 en-US)

MSI Afterburner 2.1.0

MSI Kombustor 2.0.0

MSVCRT

NEC Electronics USB 3.0 Host Controller Driver

Nexon Game Manager

NVIDIA PhysX

Oblivion mod manager 1.1.12

OpenAL

Operation Flashpoint: Dragon Rising

Origin

Pando Media Booster

Portal 2

PunkBuster Services

QuickTime

Rapture3D 2.3.26 Game

Razer DeathAdder Mouse

Razer Lycosa

Realtek High Definition Audio Driver

Rogers Connection Manager

S.T.A.L.K.E.R.: Call of Pripyat

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Sid Meier's Civilization V

Sins of a Solar Empire

Skype Click to Call

Skypeô 5.8

SpeedFan (remove only)

StarCraft II

Steam

Super Meat Boy

Supreme Commander 2

Team Fortress 2

TekSavvy Access Manager

Terraria

The Elder Scrolls IV: Oblivion

The Elder Scrolls V: Skyrim

The Settlers 7: Paths to a Kingdom

The Witcher 2

The Witcher: Enhanced Edition

Total War: SHOGUN 2

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Vampire: The Masquerade - Bloodlines

Vindictus

VirtualFem

VLC media player 2.0.0

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Wings of Prey

World of Tanks v.0.6.5

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

4/9/2012 7:09:08 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bisar!rts&threatid=2147625172 Name: Backdoor:Win32/Bisar!rts ID: 2147625172 Severity: High Category: Backdoor Path: containerfile:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip;file:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip->LazyNewbPack[0.31.25][V9.1]/LNP/Utilities/C-Hacks/DFhack 0.5.12/dfattachtest.exe;file:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip->LazyNewbPack[0.31.25][V9.1]/LNP/Utilities/C-Hacks/DFhack 0.5.12/dfexpbench.exe;file:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip->LazyNewbPack[0.31.25][V9.1]/LNP/Utilities/C-Hacks/DFhack 0.5.12/dflair.exe;file:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip->LazyNewbPack[0.31.25][V9.1]/LNP/Utilities/C-Hacks/DFhack 0.5.12/dfpause.exe;file:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip->LazyNewbPack[0.31.25][V9.1]/LNP/Utilities/C-Hacks/DFhack 0.5.12/dfposition.exe;file:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip->LazyNewbPack[0.31.25][V9.1]/LNP/Utilities/C-Hacks/DFhack 0.5.12/dfsuspend.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.123.1329.0, AS: 1.123.1329.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8202.0, NIS: 2.0.8001.0

4/9/2012 12:05:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/16/2012 7:32:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/16/2012 7:07:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.123.1899.0).

4/16/2012 7:07:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1823.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070643 Error description: Fatal error during installation.

4/16/2012 6:55:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/16/2012 12:07:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/15/2012 9:48:16 PM, Error: Disk [11] - The driver detected a controller error on \...\DR4.

4/15/2012 5:06:26 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer READYSHARE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ED0B1BB2-2788-4298-9308-218E5B313ECA}. The master browser is stopping or an election is being forced.

4/15/2012 11:46:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/15/2012 11:05:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR17.

4/15/2012 10:01:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR13.

4/11/2012 10:17:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

MBAM Log

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.16.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kevin :: KEVIN-PC [administrator]

4/16/2012 7:03:03 PM

mbam-log-2012-04-16 (19-03-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 245523

Time elapsed: 14 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Users\Kevin\AppData\Local\Temp\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 7

C:\Users\Kevin\AppData\Local\Temp\archivezz.exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully.

C:\Users\Kevin\Local Settings\Temporary Internet Files\Content.IE5\13PBNSSP\archivezz[1].exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully.

C:\Users\Kevin\AppData\Local\Temp\dclogs\2012-04-09-2.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\Kevin\AppData\Local\Temp\dclogs\2012-04-11-4.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\Kevin\AppData\Local\Temp\dclogs\2012-04-13-6.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\Kevin\AppData\Local\Temp\dclogs\2012-04-15-1.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\Kevin\AppData\Local\Temp\dclogs\2012-04-16-2.dc (Stolen.Data) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Do you uninstalled Comodo and Security Essentials? I couldn't see them in installed programs list. In fact, they will have problems. The work of two antivirus programs (Security Essentials and Comodo Antivirus module), a prerequisite for a system crash and problems with detection of malware. If you need Comodo protection, should uninstall both of them. First to install Security Essentials, next Comodo Internet Security, but to choose to install only firewall. Finally, send me a new fresh DDS log file.

Also:

  1. Please download the Suspicious File Packer (by Safer Networking Limited) and unzip to your desktop.
  2. Run sfp.exe
  3. Copy the following part of code box into the SFP window:
    C:\Windows\Temp\Catalyst.exe


  4. Allow SFP to pack the file and then will be generate a CAB archive on your desktop.
  5. Upload it in www.4shared.com (for example)
  6. Send me the download link via PM

Link to post
Share on other sites

DDS reports

DDS Log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Kevin at 18:14:23 on 2012-04-17

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3914 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE

C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe

C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\PROGRA~2\teksavvy.com\TEKSAV~1\app\pppoeservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Dexpot\dexpot.exe

C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Razer\Lycosa\razerhid.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Razer\Lycosa\razertra.exe

C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

C:\Program Files (x86)\Dexpot\Dexpot64.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files (x86)\Dexpot\plugins\SevenDex.exe

C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

C:\Program Files (x86)\Dexpot\plugins\MouseEvents.exe

C:\Program Files (x86)\Dexpot\plugins\Dexgrid.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Kevin\Desktop\sfp.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\msiexec.exe

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [MobiLink Lite] C:\Program Files (x86)\Novatel Wireless\MobiLink\Lite.exe

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Facebook Update] "C:\Users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe

uRun: [CCC] C:\Users\Kevin\AppData\Local\Temp\ATI .exe

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe

mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

mRun: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe

mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe

StartupFolder: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI .exe

StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7DFBEAA4-04A8-421F-841C-D35BF8D45DBB} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{ED0B1BB2-2788-4298-9308-218E5B313ECA} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{ED0B1BB2-2788-4298-9308-218E5B313ECA} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA} : DhcpNameServer = 10.1.250.48 10.1.250.1

TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\14162746 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\6516C6B697279656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\8497075625 : DhcpNameServer = 10.10.10.71 10.10.10.72 10.10.10.15

TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\B4566796E602C4F62E08993702960586F6E656 : DhcpNameServer = 207.164.79.254 204.101.237.136

TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\C696E6B6379737D276 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe

mRun-x64: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

mRun-x64: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe

mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\w3178hbo.default\

FF - prefs.js: browser.startup.homepage - hxxp://myfav.es/

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\w3178hbo.default\extensions\npretoxstable@stable.heroesandgenerals.com\plugins\npretoxstable.dll

FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?]

R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?]

R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-4-13 409232]

R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312]

R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112]

R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2010-2-9 235560]

R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-6-12 24635]

R2 PPPoEService;PPPoE Service;C:\PROGRA~2\teksavvy.com\TEKSAV~1\app\pppoeservice.exe [2010-9-22 49152]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]

R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VKbms;Razer Gaming Device;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]

S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-4-24 131912]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]

S3 LVUVC64;QuickCam for Notebooks Pro(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?]

S3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-17 22:09:21 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF28DB3C-0FFF-4A3A-8FCA-6008FE2AA52F}\offreg.dll

2012-04-17 22:06:39 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{72665318-BE66-44B6-AE45-46A9F612126A}\gapaengine.dll

2012-04-17 22:06:21 8669240 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF28DB3C-0FFF-4A3A-8FCA-6008FE2AA52F}\mpengine.dll

2012-04-17 22:05:49 50952 ----a-w- C:\Windows\System32\certsentry.dll

2012-04-17 22:05:49 42760 ----a-w- C:\Windows\SysWow64\certsentry.dll

2012-04-17 22:02:27 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-04-17 22:02:24 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-04-17 21:59:22 -------- d-----w- C:\ProgramData\CPA_VA

2012-04-17 21:57:31 -------- d-----w- C:\ProgramData\Comodo

2012-04-17 21:57:23 -------- d-----w- C:\Users\Kevin\AppData\Local\Comodo

2012-04-17 21:57:12 -------- d-----w- C:\Program Files (x86)\Comodo

2012-04-17 21:57:10 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-04-17 21:57:10 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2012-04-17 21:57:10 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2012-04-12 04:36:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-12 04:36:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-04-12 04:36:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2012-04-12 04:36:00 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-04-12 04:36:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll

2012-04-12 04:36:00 174392 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2012-04-12 04:36:00 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2012-04-12 04:32:37 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 04:32:37 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 04:32:37 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 04:32:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 04:32:37 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-12 04:32:37 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-12 04:32:37 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-08 16:59:37 41200 ----a-w- C:\Windows\System32\cmdcsr.dll

2012-04-08 09:46:46 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-04-08 09:46:30 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-04-08 09:46:14 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-04-08 09:46:11 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-04-07 22:22:05 -------- d-----w- C:\Users\Kevin\.towns

2012-04-07 21:09:09 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes

2012-04-07 21:09:02 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-07 21:09:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-07 21:09:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-02 17:10:20 -------- d-----w- C:\Users\Kevin\AppData\Roaming\DYA_WTOBNMDJRGHNVPABI

2012-04-02 17:10:20 -------- d-----w- C:\ProgramData\DYA_WTOBNMDJRGHNVPABI

2012-04-02 17:10:17 -------- d-----w- C:\programs

2012-03-30 00:19:30 -------- d-----w- C:\Program Files (x86)\SpeedFan

2012-03-25 23:06:15 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-25 23:06:15 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-25 00:11:53 -------- d-----w- C:\folder1

2012-03-24 22:06:56 -------- d-----w- C:\ProgramData\AMD

2012-03-24 22:06:55 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-03-24 22:06:51 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-03-24 21:49:08 95248 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

2012-03-24 21:49:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

.

==================== Find3M ====================

.

2012-04-01 18:48:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-24 21:49:07 58880 ----a-w- C:\Windows\System32\coinst.dll

2012-03-12 01:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2012-03-12 01:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2012-03-12 01:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2012-03-12 01:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll

2012-03-12 01:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll

2012-03-08 02:55:29 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-03-08 02:55:29 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-03-08 02:55:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-16 23:42:56 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll

2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll

2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe

2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll

2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll

2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-02-15 02:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-02-15 02:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-02-15 02:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-02-15 02:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-02-15 02:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll

2012-02-15 02:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-02-15 02:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll

2012-02-15 02:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 10:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-01-31 10:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2012-01-31 08:59:04 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-01-23 02:14:54 5120 ----a-w- C:\Windows\SysWow64\NSIS.Library.RegTool.v3.{718F2CD8-CD24-4B12-8C3E-597F38B43206}.exe

2010-11-05 01:58:15 1169224 --sh--w- C:\Windows\Temp\Catalyst.exe

.

============= FINISH: 18:14:55.49 ===============

Attach Log

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 9/3/2010 10:25:26 AM

System Uptime: 4/17/2012 5:40:44 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | SABERTOOTH X58

Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 206.327 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (HFSXJ) - 465 GiB total, 229.379 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP367: 4/15/2012 6:51:31 PM - Windows Update

RP368: 4/15/2012 11:58:30 PM - Removed Razer DeathAdder™ Mouse

RP369: 4/15/2012 11:59:31 PM - Installed Razer DeathAdder™ Mouse

RP370: 4/16/2012 12:00:54 AM - Device Driver Package Install: Razer Razer Device

RP371: 4/17/2012 5:37:50 PM - Removed COMODO Internet Security

RP372: 4/17/2012 6:07:23 PM - Device Driver Package Install: COMODO Network Service

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Age of Empires Online

Apple Application Support

Apple Software Update

ARMA 2

ASUS Ai Charger

ATI Catalyst Registration

Batman: Arkham Asylum GOTY Edition

Battlefield 3™

Battlelog Web Plugins

BattlEye Uninstall

Borderlands

Brytenwalda version 1.35

Call of Pripyat Complete v1.0.2

Canon IJ Network Scan Utility

Canon IJ Network Tool

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Command and Conquer: Red Alert 3

Command and Conquer: Red Alert 3 - Uprising

Comodo Dragon

COMODO GeekBuddy

Company of Heroes: Opposing Fronts

Crysis 2 Demo

Crysis Warhead

Crysis Wars

Crysis Wars® Mod SDK Source Code 1.0

Crysis Wars® Mod SDK Tools 1.1

D3DX10

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Desura

Deus Ex: Human Revolution

Dexpot

Diablo III Beta

DiRT 2

Dragon Age II

Dragon Age: Origins

Dropbox

Empire: Total War

ESN Sonar

EVE Online (remove only)

Facebook Video Calling 1.2.0.159

Fallout 3 - Game of the Year Edition

Fallout Mod Manager 0.13.21

Fallout: New Vegas

Far Cry 2

Fences

Foxit Reader

Freemake Video Converter version 2.0.0

GameSpy Comrade

Garry's Mod

Geeks3D.com FurMark 1.9.1

GeoGebra

Global Agenda

Google Chrome

Google Talk Plugin

Java Auto Updater

Java™ 6 Update 29

Just Cause 2

Killing Floor

Kingdoms of Amalur: Reckoning - Demo

League of Legends

Left 4 Dead 2

Malwarebytes Anti-Malware version 1.61.0.1400

Marvell MRU V4

Mass Effect

Men of War: Assault Squad

Mesh Runtime

Metro 2033

Microsoft .NET Framework 1.1

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

Mobilink Lite

Monday Night Combat

Mount & Blade: With Fire and Sword

Mount and Blade: Warband

Mozilla Firefox 11.0 (x86 en-US)

MSI Afterburner 2.1.0

MSI Kombustor 2.0.0

MSVCRT

NEC Electronics USB 3.0 Host Controller Driver

Nexon Game Manager

NVIDIA PhysX

Oblivion mod manager 1.1.12

OpenAL

Operation Flashpoint: Dragon Rising

Origin

Pando Media Booster

Portal 2

PunkBuster Services

QuickTime

Rapture3D 2.3.26 Game

Razer DeathAdder™ Mouse

Razer Lycosa

Realtek High Definition Audio Driver

Rogers Connection Manager

S.T.A.L.K.E.R.: Call of Pripyat

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Sid Meier's Civilization V

Sins of a Solar Empire

Skype Click to Call

Skype™ 5.8

SpeedFan (remove only)

StarCraft II

Steam

Super Meat Boy

Supreme Commander 2

Team Fortress 2

TekSavvy Access Manager

Terraria

The Elder Scrolls IV: Oblivion

The Elder Scrolls V: Skyrim

The Settlers 7: Paths to a Kingdom

The Witcher 2

The Witcher: Enhanced Edition

Total War: SHOGUN 2

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Vampire: The Masquerade - Bloodlines

Vindictus

VirtualFem

VLC media player 2.0.0

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Wings of Prey

World of Tanks v.0.6.5

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

4/17/2012 6:07:14 PM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

4/17/2012 4:40:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/16/2012 7:32:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/16/2012 7:07:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.123.1899.0).

4/16/2012 7:07:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1823.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070643 Error description: Fatal error during installation.

4/16/2012 6:55:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/16/2012 12:07:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/15/2012 9:48:16 PM, Error: Disk [11] - The driver detected a controller error on \...\DR4.

4/15/2012 5:06:26 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer READYSHARE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ED0B1BB2-2788-4298-9308-218E5B313ECA}. The master browser is stopping or an election is being forced.

4/15/2012 11:46:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/15/2012 11:05:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR17.

4/15/2012 10:01:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR13.

4/11/2012 10:17:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Here is the log that Combofix generated

ComboFix 12-04-18.02 - Kevin 04/18/2012 22:30:23.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3824 [GMT -4:00]

Running from: c:\users\Kevin\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\DYA_WTOBNMDJRGHNVPABI

c:\programdata\DYA_WTOBNMDJRGHNVPABI\1.0.0\Data\app.dat

c:\programdata\DYA_WTOBNMDJRGHNVPABI\1.0.0\Data\updates.dat

c:\users\Kevin\AppData\Roaming\DYA_WTOBNMDJRGHNVPABI

c:\users\Kevin\AppData\Roaming\DYA_WTOBNMDJRGHNVPABI\1.0.0\Data\dya.dat

c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI .exe

c:\windows\SysWow64\nsg4B69.tmp

c:\windows\SysWow64\NSIS.Library.RegTool.v3.{718F2CD8-CD24-4B12-8C3E-597F38B43206}.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))

.

.

2012-04-18 23:54 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-04-18 23:53 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{853552B2-40EA-4842-BEA5-2B0E09C3BA90}\mpengine.dll

2012-04-17 22:06 . 2012-02-09 17:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72665318-BE66-44B6-AE45-46A9F612126A}\gapaengine.dll

2012-04-17 22:05 . 2012-04-17 22:05 50952 ----a-w- c:\windows\system32\certsentry.dll

2012-04-17 22:05 . 2012-04-17 22:05 42760 ----a-w- c:\windows\SysWow64\certsentry.dll

2012-04-17 22:02 . 2012-04-17 22:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-04-17 22:02 . 2012-04-17 22:02 -------- d-----w- c:\program files\Microsoft Security Client

2012-04-17 21:59 . 2012-04-19 02:02 -------- d-----w- c:\programdata\CPA_VA

2012-04-17 21:57 . 2012-04-17 22:07 -------- d-----w- c:\programdata\Comodo

2012-04-17 21:57 . 2012-04-17 21:57 -------- d-----w- c:\users\Kevin\AppData\Local\Comodo

2012-04-17 21:57 . 2012-04-17 22:05 -------- d-----w- c:\program files (x86)\Comodo

2012-04-17 21:57 . 2012-04-17 21:57 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-04-17 21:57 . 2012-04-17 21:57 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-04-17 21:57 . 2012-04-17 21:57 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2012-04-14 22:57 . 2012-04-14 22:57 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-04-12 04:36 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-12 04:36 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-04-12 04:36 . 2012-02-28 07:37 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-04-12 04:36 . 2012-02-28 06:56 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-04-12 04:36 . 2012-02-28 06:47 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-04-12 04:36 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2012-04-12 04:36 . 2012-02-28 01:08 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll

2012-04-12 04:32 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 04:32 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 04:32 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 04:32 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 04:32 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 04:32 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 04:32 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-08 16:59 . 2012-03-11 21:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll

2012-04-08 09:46 . 2012-04-08 09:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-04-08 09:46 . 2012-04-08 09:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-04-08 09:46 . 2012-04-08 09:46 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-04-08 09:46 . 2012-04-08 09:46 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-04-07 22:22 . 2012-04-07 22:22 -------- d-----w- c:\users\Kevin\.towns

2012-04-07 21:09 . 2012-04-07 21:09 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes

2012-04-07 21:09 . 2012-04-07 21:09 -------- d-----w- c:\programdata\Malwarebytes

2012-04-07 21:09 . 2012-04-12 02:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-07 21:09 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-02 17:10 . 2012-04-09 18:51 -------- d-----w- C:\programs

2012-03-30 00:19 . 2012-04-05 14:51 -------- d-----w- c:\program files (x86)\SpeedFan

2012-03-25 23:06 . 2012-03-25 23:06 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-25 23:06 . 2012-03-25 23:06 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-25 23:01 . 2012-03-25 23:01 -------- d-----w- c:\windows\system32\Macromed

2012-03-25 00:11 . 2012-03-25 00:11 -------- d-----w- C:\folder1

2012-03-24 22:12 . 2012-03-24 22:12 -------- d-----w- c:\programdata\ATI

2012-03-24 22:06 . 2012-03-24 22:06 -------- d-----w- c:\programdata\AMD

2012-03-24 22:06 . 2012-03-24 22:06 -------- d-----w- c:\program files (x86)\AMD AVT

2012-03-24 22:06 . 2012-03-24 22:06 -------- d-----w- c:\program files (x86)\AMD APP

2012-03-24 21:49 . 2012-03-24 21:49 95248 ----a-w- c:\windows\system32\drivers\AtihdW76.sys

2012-03-24 21:49 . 2012-03-24 21:49 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-01 18:48 . 2011-07-22 18:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-24 21:49 . 2010-08-04 01:23 58880 ----a-w- c:\windows\system32\coinst.dll

2012-03-12 01:13 . 2012-03-12 01:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2012-03-12 01:13 . 2012-03-12 01:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-03-12 01:13 . 2012-03-12 01:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-03-12 01:13 . 2012-03-12 01:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll

2012-03-12 01:13 . 2012-03-12 01:13 389840 ----a-w- c:\windows\system32\guard64.dll

2012-03-08 02:55 . 2011-10-04 00:35 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-03-08 02:55 . 2010-10-06 21:40 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-03-08 02:55 . 2010-10-06 21:40 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-03-07 06:05 . 2012-03-07 06:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-07 06:05 . 2012-03-07 06:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-07 06:05 . 2012-03-07 06:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-03-07 06:05 . 2012-03-07 06:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-03-07 06:05 . 2012-03-07 06:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-03-07 06:05 . 2012-03-07 06:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-03-07 06:05 . 2012-03-07 06:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-03-07 06:05 . 2012-03-07 06:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-03-07 06:05 . 2012-03-07 06:05 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-03-07 06:05 . 2012-03-07 06:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-03-07 06:05 . 2012-03-07 06:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-03-07 06:05 . 2012-03-07 06:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-03-07 06:05 . 2012-03-07 06:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-03-07 06:05 . 2012-03-07 06:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-03-07 06:05 . 2012-03-07 06:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-03-07 06:05 . 2012-03-07 06:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-03-07 06:05 . 2012-03-07 06:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-03-07 06:05 . 2012-03-07 06:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-07 06:05 . 2012-03-07 06:05 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-03-07 06:05 . 2012-03-07 06:05 222208 ----a-w- c:\windows\system32\msls31.dll

2012-03-07 06:05 . 2012-03-07 06:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-07 06:05 . 2012-03-07 06:05 12288 ----a-w- c:\windows\system32\mshta.exe

2012-03-07 06:05 . 2012-03-07 06:05 114176 ----a-w- c:\windows\system32\admparse.dll

2012-03-07 06:05 . 2012-03-07 06:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-07 06:05 . 2012-03-07 06:05 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-03-07 06:05 . 2012-03-07 06:05 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-03-07 06:05 . 2012-03-07 06:05 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-03-07 06:05 . 2012-03-07 06:05 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-07 06:05 . 2012-03-07 06:05 448512 ----a-w- c:\windows\system32\html.iec

2012-03-07 06:05 . 2012-03-07 06:05 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-07 06:05 . 2012-03-07 06:05 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-03-07 06:05 . 2012-03-07 06:05 160256 ----a-w- c:\windows\system32\wextract.exe

2012-03-07 06:05 . 2012-03-07 06:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-07 06:05 . 2012-03-07 06:05 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-03-03 19:35 . 2012-03-03 19:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-03-03 19:35 . 2012-03-03 19:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-03-03 19:34 . 2012-03-03 19:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-03-03 19:34 . 2012-03-03 19:34 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-02-17 06:38 . 2012-03-14 02:16 1112064 ----a-w- c:\windows\system32\rdpcorets.dll

2012-02-17 06:38 . 2012-03-14 02:16 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 02:16 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 02:16 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 02:16 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-16 23:42 . 2010-10-06 21:40 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll

2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-02-15 03:18 . 2011-01-05 03:02 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-02-15 03:17 . 2010-08-04 01:54 957952 ----a-w- c:\windows\system32\aticfx64.dll

2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-02-15 03:07 . 2011-04-20 05:59 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-02-15 02:52 . 2010-08-04 01:37 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll

2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll

2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-02-15 02:12 . 2010-11-26 02:16 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-02-15 02:12 . 2011-04-20 05:21 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-02-15 02:12 . 2010-11-26 02:15 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-02-15 02:05 . 2012-02-15 02:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-02-15 02:05 . 2012-02-15 02:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-02-15 02:05 . 2012-02-15 02:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-21 15:38 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-21 15:38 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-21 15:38 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-21 15:38 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-28 3077528]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Facebook Update"="c:\users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-11 137536]

"Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-01-23 1425408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

"Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"MRUTray"="c:\program files (x86)\Marvell\raid\tray\MarvellTray.exe" [2010-02-09 731176]

"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]

"autodetect"="c:\windows\SysWOW64\SupportAppXL\AutoDect.exe" [2008-10-08 91648]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-19 124256]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]

"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]

"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]

"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]

.

c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 ALSysIO;ALSysIO;c:\users\Kevin\AppData\Local\Temp\ALSysIO64.sys [x]

R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]

R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-10-24 131912]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]

R3 LVUVC64;QuickCam for Notebooks Pro(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]

R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 X6va005;X6va005;c:\users\Kevin\AppData\Local\Temp\00546D5.tmp [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 MDFSYSNT;MacDrive file system driver; [x]

S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x]

S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-04-13 409232]

S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]

S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 218112]

S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [2010-02-09 235560]

S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-06-12 24635]

S2 PPPoEService;PPPoE Service;c:\progra~2\teksavvy.com\TEKSAV~1\app\pppoeservice.exe [2000-07-11 49152]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]

S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1834101746-3958539341-1467693513-1000Core.job

- c:\users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-11 06:33]

.

2012-04-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1834101746-3958539341-1467693513-1000UA.job

- c:\users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-11 06:33]

.

2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1834101746-3958539341-1467693513-1000Core.job

- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 15:30]

.

2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1834101746-3958539341-1467693513-1000UA.job

- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 15:30]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-21 15:38 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-21 15:38 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-21 15:38 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-21 15:38 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-04-21 378880]

"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-04-21 195072]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]

"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-02-04 345688]

"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 151040]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 9569096]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7DFBEAA4-04A8-421F-841C-D35BF8D45DBB}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{ED0B1BB2-2788-4298-9308-218E5B313ECA}: NameServer = 8.26.56.26,156.154.70.22

FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\w3178hbo.default\

FF - prefs.js: browser.startup.homepage - hxxp://myfav.es/

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-MobiLink Lite - c:\program files (x86)\Novatel Wireless\MobiLink\Lite.exe

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)

AddRemove-Desura - c:\program files (x86)\Desura\Desura_Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\00546D5.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1834101746-3958539341-1467693513-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1834101746-3958539341-1467693513-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-1834101746-3958539341-1467693513-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:63,a5,6c,d7,ba,17,cb,0e,66,eb,d9,a7,43,66,22,53,d9,ef,34,29,b4,65,e2,

5a,57,7b,34,db,9e,b8,de,33,81,36,08,25,0b,3c,7b,2c,ab,d0,2a,cb,1f,5f,51,9e,\

"??"=hex:84,d0,a1,c2,92,bf,d1,7e,ba,68,ab,b0,25,6a,23,0c

.

[HKEY_USERS\S-1-5-21-1834101746-3958539341-1467693513-1000\Software\SecuROM\License information*]

"datasecu"=hex:b7,d5,da,a8,cb,0f,c5,65,db,d2,b5,47,c9,f0,29,de,e5,a4,75,24,6d,

27,49,45,1b,ce,10,f5,05,bf,f7,0f,88,99,fb,a3,32,7a,3e,55,d0,6f,e1,39,5f,4b,\

"rkeysecu"=hex:db,a4,aa,e9,e9,a2,77,68,fa,0a,b6,8a,35,b1,f4,77

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Dexpot\plugins\SevenDex.exe

c:\program files (x86)\Dexpot\plugins\MouseEvents.exe

c:\program files (x86)\Dexpot\plugins\Dexgrid.exe

c:\program files (x86)\Razer\Lycosa\razertra.exe

c:\program files (x86)\Razer\DeathAdder\razerofa.exe

c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe

.

**************************************************************************

.

Completion time: 2012-04-18 22:46:08 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-19 02:46

.

Pre-Run: 222,951,002,112 bytes free

Post-Run: 226,438,750,208 bytes free

.

- - End Of File - - 1C0450487972E8460BBA3BEA84B05D0F

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Here you go

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=780b5b1375c1c947ab333b7366678c40

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-20 11:51:29

# local_time=2012-04-20 07:51:29 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3073 16777213 80 71 98639 10467087 0 0

# compatibility_mode=5893 16776574 100 94 28782128 86428923 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=584526

# found=2

# cleaned=2

# scan_time=37215

C:\Users\Kevin\Downloads\cnet_Setup_FreeConverter_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Of course is not a problem. :)

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS and Suspicious File Packer. Then uninstall ESET Online Scanner.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.