Pup.optional.tarma.a remove and making sure system is clean

[Psychoblade1]

I ran Malwarebytes and it detected the Pup.optional.tarma.a unwanted program. I deleted that manually in the app data folder and cleaned it with the Malwarebytes. I then started up in safe mode and ran the windows malicious software removal tool, Microsoft security essential software, adwcleaner, and Malwarebytes again. I wanted to make sure I got rid of it and that my system is clean or as clean as I can get it. Also was not able to complete Microsoft essential since it had an error in safe mode, which I was running with minimal tasks.

 

Here are the logs for all the stuff I ran and the dds, attach files. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16635

Run by EdgarCayenne at 8:20:18 on 2013-08-08

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8105.5906 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Broadcom\BPowMon\BPowMon.exe

C:\Program Files\ASRock\XFast LAN\spd.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\EdgarCayenne\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\EdgarCayenne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EdgarCayenne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EdgarCayenne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EdgarCayenne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EdgarCayenne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EdgarCayenne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\EdgarCayenne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EdgarCayenne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\EdgarCayenne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uProxyOverride = <local>

mWinlogon: Userinit = userinit.exe,

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

uRun: [Google Update] "C:\Users\EdgarCayenne\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\EDGARC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\EdgarCayenne\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 172.16.12.1

TCP: Interfaces\{274CC5CB-0AF5-4A6F-A4F7-2167FA3E6FB1} : DHCPNameServer = 172.16.12.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: x64-HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-1-15 210016]

R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2013-1-15 141920]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-6-4 241152]

R2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2011-1-31 118120]

R2 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2013-3-26 20608]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-10 1153368]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-9 2656280]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-4-24 96768]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-7 39936]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2012-1-1 64512]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-12-9 32344]

R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-6-6 31232]

R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-6-6 126464]

R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-4-29 75552]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]

S3 CYUSB;Cypress Generic USB Driver;C:\Windows\System32\drivers\CYUSB.sys [2011-12-10 47104]

S3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2011-12-10 12032]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-10 130976]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 139616]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-21 19456]

S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2013-5-17 40696]

S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2012-7-31 38992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-21 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-21 30208]

S3 ViaUsbEtsDriver;Nokia 1508 USB Device Driver;C:\Windows\System32\drivers\ViaUsbEts.sys [2008-5-29 21760]

S3 VKbms;Razer Gaming Device;C:\Windows\System32\drivers\VKbms.sys [2011-12-10 13312]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-10 1255736]

.

=============== File Associations ===============

.

FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-08-08 15:17:56 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-08 15:17:55 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-08 15:17:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-08 14:35:16 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2013-08-07 18:09:56 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A2FB2CC-C0C4-48A9-9F2A-FE9FF2824FE2}\mpengine.dll

2013-08-06 04:16:08 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-25 00:40:34 -------- d-----w- C:\Users\EdgarCayenne\AppData\Local\PAYDAY 2

2013-07-25 00:40:30 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2013-07-23 18:30:53 -------- d-----w- C:\Users\EdgarCayenne\AppData\Roaming\Ubisoft

2013-07-20 04:53:19 -------- d-----w- C:\Windows\System32\MRT

2013-07-17 02:47:08 -------- d-----w- C:\Users\EdgarCayenne\AppData\Local\Robot Entertainment

2013-07-17 02:10:00 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98F85B12-1C40-4610-A0EF-4AB7E6762CD2}\gapaengine.dll

2013-07-14 20:37:37 -------- d-----w- C:\Users\EdgarCayenne\AppData\Local\techland

2013-07-13 05:18:18 -------- d-----w- C:\Users\EdgarCayenne\AppData\Roaming\gd.sos.McPixel

2013-07-11 07:17:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-11 07:17:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll

2013-07-11 07:17:58 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-11 07:17:58 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-11 07:17:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-11 01:35:09 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll

2013-07-11 01:35:09 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll

2013-07-11 01:35:09 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll

2013-07-11 01:35:09 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll

2013-07-11 01:35:09 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll

2013-07-11 01:35:09 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll

2013-07-11 01:35:09 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll

2013-07-11 01:35:08 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-07-11 01:35:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-07-11 01:34:59 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-07-11 01:34:56 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2013-07-11 01:34:56 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-11 01:34:55 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-07-11 01:34:55 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2013-07-11 01:34:55 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2013-07-11 01:34:41 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-07-11 01:34:41 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

.

==================== Find3M  ====================

.

2013-07-23 18:31:02 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-07-23 18:31:02 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-07-23 17:28:39 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-07-23 17:28:38 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-07-23 15:03:00 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2013-07-12 05:43:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-12 05:43:59 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-24 11:20:22 768000 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll

2013-06-19 22:54:02 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-06-19 22:54:02 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-19 04:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-06-19 04:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-06-17 06:43:32 56832 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll

2013-06-17 06:43:32 154112 ----a-w- C:\Windows\SysWow64\rztouchdll.dll

2013-06-17 06:43:28 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll

2013-06-17 06:43:26 296448 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll

2013-06-12 06:05:06 9089416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-07 03:29:52 126464 ----a-w- C:\Windows\System32\drivers\rzudd.sys

2013-06-07 03:29:50 31232 ----a-w- C:\Windows\System32\drivers\rzendpt.sys

2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-06-04 23:12:08 78432 ----a-w- C:\Windows\System32\atimpc64.dll

2013-06-04 23:12:08 78432 ----a-w- C:\Windows\System32\amdpcom64.dll

2013-06-04 23:12:06 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2013-06-04 23:12:06 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2013-06-04 23:12:02 139696 ----a-w- C:\Windows\System32\atiuxp64.dll

2013-06-04 23:12:02 123216 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2013-06-04 23:12:00 97448 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2013-06-04 23:12:00 113464 ----a-w- C:\Windows\System32\atiu9p64.dll

2013-06-04 23:11:58 1182056 ----a-w- C:\Windows\System32\aticfx64.dll

2013-06-04 23:11:56 990976 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2013-06-04 23:11:52 8431232 ----a-w- C:\Windows\System32\atidxx64.dll

2013-06-04 23:11:50 7378560 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2013-06-04 23:11:46 4415256 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2013-06-04 23:11:42 5963328 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2013-06-04 23:11:38 4957536 ----a-w- C:\Windows\System32\atiumd6a.dll

2013-06-04 23:11:34 6984088 ----a-w- C:\Windows\System32\atiumd64.dll

2013-06-04 23:09:44 11833856 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2013-06-04 22:51:20 229376 ----a-w- C:\Windows\System32\clinfo.exe

2013-06-04 22:51:04 98304 ----a-w- C:\Windows\System32\OpenVideo64.dll

2013-06-04 22:50:58 82944 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2013-06-04 22:50:52 86016 ----a-w- C:\Windows\System32\OVDecode64.dll

2013-06-04 22:50:48 72704 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2013-06-04 22:50:32 27800576 ----a-w- C:\Windows\System32\amdocl64.dll

2013-06-04 22:48:22 23421440 ----a-w- C:\Windows\SysWow64\amdocl.dll

2013-06-04 22:46:30 63488 ----a-w- C:\Windows\System32\OpenCL.dll

2013-06-04 22:46:26 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2013-06-04 22:43:52 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2013-06-04 22:43:52 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2013-06-04 22:43:52 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2013-06-04 22:43:52 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2013-06-04 22:33:48 24250880 ----a-w- C:\Windows\System32\atio6axx.dll

2013-06-04 22:27:48 368640 ----a-w- C:\Windows\System32\atiapfxx.exe

2013-06-04 22:25:14 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2013-06-04 22:25:12 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2013-06-04 22:25:06 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2013-06-04 22:25:04 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2013-06-04 22:25:00 118784 ----a-w- C:\Windows\System32\coinst_13.101.dll

2013-06-04 22:24:52 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll

2013-06-04 22:20:26 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2013-06-04 22:13:12 19906560 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2013-06-04 22:03:30 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2013-06-04 22:03:18 26112 ----a-w- C:\Windows\System32\atimuixx.dll

2013-06-04 22:03:14 562688 ----a-w- C:\Windows\System32\atieclxx.exe

2013-06-04 22:02:24 241152 ----a-w- C:\Windows\System32\atiesrxx.exe

2013-06-04 22:00:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2013-06-04 22:00:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2013-06-04 22:00:22 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2013-06-04 21:35:54 594944 ----a-w- C:\Windows\System32\atiadlxx.dll

2013-06-04 21:35:44 419840 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2013-06-04 21:35:32 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2013-06-04 21:35:28 15872 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2013-06-04 21:35:28 15872 ----a-w- C:\Windows\System32\atiglpxx.dll

2013-06-04 21:35:24 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2013-06-04 21:35:14 36352 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2013-06-04 21:35:04 608768 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2013-06-04 21:31:40 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2013-05-17 15:27:56 40696 ----a-w- C:\Windows\System32\drivers\RzMaelstromVAD.sys

2013-05-17 15:25:52 245248 ----a-w- C:\Windows\System32\DriverInstallCACMD.exe

2013-05-17 15:25:50 69120 ----a-w- C:\Windows\System32\DriverInstallCA.dll

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

.

============= FINISH:  8:20:35.47 ===============

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 12/9/2011 10:20:11 PM

System Uptime: 8/8/2013 8:08:15 AM (0 hours ago)

.

Motherboard: ASRock |  | Z68 Extreme4 Gen3

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | CPUSocket | 2673/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 423.107 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.

F: is FIXED (NTFS) - 466 GiB total, 465.56 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP499: 8/3/2013 9:59:24 PM - Scheduled Checkpoint

RP500: 8/4/2013 8:16:22 PM - Windows Update

RP501: 8/8/2013 8:05:26 AM - Revo Uninstaller's restore point - Adobe Reader X (10.1.7)

.

==== Installed Programs ======================

.

.

==== End Of File ===========================

 

Malwarebytes before safe mode 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.07.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

EdgarCayenne :: EDGARCAYENNE-PC [administrator]

 

8/7/2013 12:45:43 PM

mbam-log-2013-08-07 (12-45-43).txt

 

Scan type: Full scan (C:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 613335

Time elapsed: 1 hour(s), 51 minute(s), 37 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 3

C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

 

Files Detected: 5

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

 

(end)

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.07.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

EdgarCayenne :: EDGARCAYENNE-PC [administrator]

 

8/7/2013 12:45:43 PM

mbam-log-2013-08-07 (12-45-43).txt

 

Scan type: Full scan (C:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 613335

Time elapsed: 1 hour(s), 51 minute(s), 37 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 3

C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

 

Files Detected: 5

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

 

(end)

 

 

adwcleaner  

 

# AdwCleaner v2.306 - Logfile created 08/08/2013 at 05:41:51

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : EdgarCayenne - EDGARCAYENNE-PC

# Boot Mode : Normal

# Running from : C:\Users\EdgarCayenne\Desktop\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16635

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v [unable to get version]

 

File : C:\Users\EdgarCayenne\AppData\Roaming\Mozilla\Firefox\Profiles\txs0qg0g.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\EdgarCayenne\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [1326 octets] - [08/08/2013 05:31:56]

AdwCleaner[R2].txt - [1445 octets] - [08/08/2013 05:32:43]

AdwCleaner[R3].txt - [1223 octets] - [08/08/2013 05:41:17]

AdwCleaner[s1].txt - [342 octets] - [08/08/2013 05:32:05]

AdwCleaner[s2].txt - [1513 octets] - [08/08/2013 05:32:58]

AdwCleaner[s3].txt - [1155 octets] - [08/08/2013 05:41:51]

 

########## EOF - C:\AdwCleaner[s3].txt - [1215 octets] ##########

 

 

Everything after this was in safe mode 

 

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.16, January 2013

Started On Thu Jan 10 03:07:59 2013

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 10 03:09:43 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.17, February 2013

Started On Wed Feb 13 01:19:52 2013

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 01:21:10 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.18, March 2013

Started On Wed Mar 13 02:41:59 2013

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 13 02:43:10 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.19, April 2013

Started On Wed Apr 10 01:08:20 2013

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 10 01:09:35 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.20, May 2013

Started On Thu May 16 00:08:25 2013

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu May 16 00:09:35 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.21, June 2013

Started On Tue Jun 11 23:25:39 2013

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Tue Jun 11 23:26:57 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

 

Microsoft Windows Malicious Software Removal Tool v4.22, July 2013

Started On Thu Jul 11 00:20:02 2013

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 11 00:21:13 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)

Started On Fri Jul 19 21:53:19 2013

 

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 19 21:55:10 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)

Started On Wed Aug 07 16:41:31 2013

 

Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 07 16:41:35 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)

Started On Wed Aug 07 16:57:40 2013

 

 

# AdwCleaner v2.306 - Logfile created 08/08/2013 at 05:32:43

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : EdgarCayenne - EDGARCAYENNE-PC

# Boot Mode : Safe mode

# Running from : C:\Users\EdgarCayenne\Desktop\AdwCleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Users\EdgarCayenne\AppData\Local\TempDir

 

***** [Registry] *****

 

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Found : HKLM\SOFTWARE\Tarma Installer

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16635

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v [unable to get version]

 

File : C:\Users\EdgarCayenne\AppData\Roaming\Mozilla\Firefox\Profiles\txs0qg0g.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\EdgarCayenne\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [1326 octets] - [08/08/2013 05:31:56]

AdwCleaner[R2].txt - [1259 octets] - [08/08/2013 05:32:43]

AdwCleaner[s1].txt - [342 octets] - [08/08/2013 05:32:05]

 

########## EOF - C:\AdwCleaner[R2].txt - [1378 octets] ##########

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.07.08

 

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)

Internet Explorer 10.0.9200.16635

EdgarCayenne :: EDGARCAYENNE-PC [administrator]

 

8/8/2013 5:47:17 AM

mbam-log-2013-08-08 (05-47-17).txt

 

Scan type: Full scan (C:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 612119

Time elapsed: 1 hour(s), 18 minute(s), 54 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

Not sure if you guys needed all that but I wanted to provide them in case. I also tried to run Junkware Removal tool to have the log but it did not want to work even when running in admin mode. 

 

[Psychoblade1]

Also just ran Rouge killer did nothing in the program other than grab the report.

RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy

mail : tigzyRKgmailcom

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

[Psychoblade1]

Sorry about that I thought I got the report last post.

RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy

mail : tigzyRKgmailcom

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

[Psychoblade1]

Did not know you could not copy and paste log I attached it.

[Psychoblade1]

Ok I also ran ComboFix and actually attached the Rouge killer logs.... sorry still new to this forum.

 

ComboFix 13-08-07.01 - EdgarCayenne 08/08/2013   8:42.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8105.6243 [GMT -7:00]

Running from: c:\users\EdgarCayenne\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\EdgarCayenne\AppData\Roaming\Love

c:\users\EdgarCayenne\AppData\Roaming\Love\mari0\options.txt

c:\windows\SysWow64\frapsvid.dll

.

.

(((((((((((((((((((((((((   Files Created from 2013-07-08 to 2013-08-08  )))))))))))))))))))))))))))))))

.

.

2013-08-08 15:48 . 2013-08-08 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-08 15:33 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B6CB853-62C8-41AD-A4B5-6676A0D3DC30}\mpengine.dll

2013-08-08 15:17 . 2013-08-08 15:17 -------- d-----w- c:\programdata\Malwarebytes

2013-08-08 15:17 . 2013-08-08 15:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-08 15:17 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-08 14:35 . 2013-08-08 14:35 -------- d-----w- c:\program files (x86)\VS Revo Group

2013-08-06 04:16 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-25 00:40 . 2013-07-25 00:40 -------- d-----w- c:\users\EdgarCayenne\AppData\Local\PAYDAY 2

2013-07-25 00:40 . 2013-07-25 00:40 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2013-07-25 00:40 . 2013-07-25 00:40 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2013-07-23 18:30 . 2013-07-23 18:30 -------- d-----w- c:\users\EdgarCayenne\AppData\Roaming\Ubisoft

2013-07-20 04:53 . 2013-07-20 04:55 -------- d-----w- c:\windows\system32\MRT

2013-07-17 02:47 . 2013-07-17 02:47 -------- d-----w- c:\users\EdgarCayenne\AppData\Local\Robot Entertainment

2013-07-17 02:10 . 2013-07-17 02:09 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98F85B12-1C40-4610-A0EF-4AB7E6762CD2}\gapaengine.dll

2013-07-14 20:37 . 2013-07-14 20:37 -------- d-----w- c:\users\EdgarCayenne\AppData\Local\techland

2013-07-13 05:18 . 2013-07-13 05:18 -------- d-----w- c:\users\EdgarCayenne\AppData\Roaming\gd.sos.McPixel

2013-07-11 07:17 . 2013-06-11 23:43 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-11 07:17 . 2013-06-11 23:43 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll

2013-07-11 07:17 . 2013-06-11 23:26 1365504 ----a-w- c:\windows\system32\urlmon.dll

2013-07-11 07:17 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\SysWow64\wininet.dll

2013-07-11 07:17 . 2013-06-11 23:26 2241024 ----a-w- c:\windows\system32\wininet.dll

2013-07-11 07:17 . 2013-06-11 23:26 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-11 07:17 . 2013-06-11 23:25 53248 ----a-w- c:\windows\system32\jsproxy.dll

2013-07-11 07:17 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll

2013-07-11 07:17 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll

2013-07-11 01:35 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-11 01:35 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-11 01:35 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll

2013-07-11 01:35 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll

2013-07-11 01:35 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll

2013-07-11 01:35 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll

2013-07-11 01:35 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll

2013-07-11 01:35 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll

2013-07-11 01:35 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2013-07-11 01:34 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-07-11 01:34 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-11 01:34 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-11 01:34 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-11 01:34 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-11 01:34 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-07-11 01:34 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-07-11 01:34 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-23 18:31 . 2013-01-02 01:43 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-07-23 18:31 . 2011-12-11 19:45 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-07-23 17:28 . 2011-12-11 19:43 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-07-23 17:28 . 2013-01-02 01:43 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-07-23 15:03 . 2012-01-15 08:12 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe

2013-07-12 05:43 . 2012-04-04 02:49 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-12 05:43 . 2011-12-10 08:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-24 11:20 . 2013-06-24 11:20 768000 ----a-w- c:\windows\SysWow64\rzdevicedll.dll

2013-06-24 07:57 . 2011-12-10 07:31 78277128 ----a-w- c:\windows\system32\MRT.exe

2013-06-21 04:01 . 2012-02-11 22:39 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-06-20 20:26 . 2013-06-20 20:26 98304 ----a-r- c:\users\EdgarCayenne\AppData\Roaming\Microsoft\Installer\{DBDD570E-0952-475F-9453-AB88F3DD565A}\python_icon.exe

2013-06-19 22:54 . 2012-06-28 08:22 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-06-19 22:54 . 2012-03-25 03:59 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-19 04:50 . 2013-06-19 04:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-19 04:50 . 2011-04-27 22:25 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-06-17 06:43 . 2013-06-17 06:43 56832 ----a-w- c:\windows\SysWow64\rzdevinfo.dll

2013-06-17 06:43 . 2013-06-17 06:43 154112 ----a-w- c:\windows\SysWow64\rztouchdll.dll

2013-06-17 06:43 . 2013-06-17 06:43 117248 ----a-w- c:\windows\SysWow64\rzdisplaydll.dll

2013-06-17 06:43 . 2013-06-17 06:43 296448 ----a-w- c:\windows\SysWow64\rzaudiodll.dll

2013-06-12 06:05 . 2013-06-12 06:05 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-06-07 03:29 . 2013-06-07 03:29 126464 ----a-w- c:\windows\system32\drivers\rzudd.sys

2013-06-07 03:29 . 2013-06-07 03:29 31232 ----a-w- c:\windows\system32\drivers\rzendpt.sys

2013-06-04 23:12 . 2013-06-04 23:12 78432 ----a-w- c:\windows\system32\atimpc64.dll

2013-06-04 23:12 . 2013-06-04 23:12 78432 ----a-w- c:\windows\system32\amdpcom64.dll

2013-06-04 23:12 . 2013-06-04 23:12 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll

2013-06-04 23:12 . 2013-06-04 23:12 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2013-06-04 23:12 . 2013-06-04 23:12 123216 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2013-06-04 23:12 . 2011-04-20 08:21 139696 ----a-w- c:\windows\system32\atiuxp64.dll

2013-06-04 23:12 . 2012-06-11 16:24 97448 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2013-06-04 23:12 . 2011-10-26 01:21 113464 ----a-w- c:\windows\system32\atiu9p64.dll

2013-06-04 23:11 . 2011-10-26 02:04 1182056 ----a-w- c:\windows\system32\aticfx64.dll

2013-06-04 23:11 . 2012-12-19 20:09 990976 ----a-w- c:\windows\SysWow64\aticfx32.dll

2013-06-04 23:11 . 2011-10-26 01:46 8431232 ----a-w- c:\windows\system32\atidxx64.dll

2013-06-04 23:11 . 2013-06-04 23:11 7378560 ----a-w- c:\windows\SysWow64\atidxx32.dll

2013-06-04 23:11 . 2012-12-19 19:44 4415256 ----a-w- c:\windows\SysWow64\atiumdva.dll

2013-06-04 23:11 . 2012-12-19 20:50 5963328 ----a-w- c:\windows\SysWow64\atiumdag.dll

2013-06-04 23:11 . 2011-10-26 01:43 4957536 ----a-w- c:\windows\system32\atiumd6a.dll

2013-06-04 23:11 . 2011-10-26 01:29 6984088 ----a-w- c:\windows\system32\atiumd64.dll

2013-06-04 23:09 . 2013-06-04 23:09 11833856 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2013-06-04 22:51 . 2013-06-04 22:51 229376 ----a-w- c:\windows\system32\clinfo.exe

2013-06-04 22:51 . 2013-06-04 22:51 98304 ----a-w- c:\windows\system32\OpenVideo64.dll

2013-06-04 22:50 . 2013-06-04 22:50 82944 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2013-06-04 22:50 . 2013-06-04 22:50 86016 ----a-w- c:\windows\system32\OVDecode64.dll

2013-06-04 22:50 . 2013-06-04 22:50 72704 ----a-w- c:\windows\SysWow64\OVDecode.dll

2013-06-04 22:50 . 2013-06-04 22:50 27800576 ----a-w- c:\windows\system32\amdocl64.dll

2013-06-04 22:48 . 2013-06-04 22:48 23421440 ----a-w- c:\windows\SysWow64\amdocl.dll

2013-06-04 22:46 . 2013-06-04 22:46 63488 ----a-w- c:\windows\system32\OpenCL.dll

2013-06-04 22:46 . 2013-06-04 22:46 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll

2013-06-04 22:43 . 2011-12-13 21:55 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2013-06-04 22:43 . 2011-12-13 21:55 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2013-06-04 22:43 . 2011-12-13 21:55 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2013-06-04 22:43 . 2011-12-13 21:55 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2013-06-04 22:33 . 2013-06-04 22:33 24250880 ----a-w- c:\windows\system32\atio6axx.dll

2013-06-04 22:27 . 2013-06-04 22:27 368640 ----a-w- c:\windows\system32\atiapfxx.exe

2013-06-04 22:25 . 2013-06-04 22:25 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2013-06-04 22:25 . 2013-06-04 22:25 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2013-06-04 22:25 . 2013-06-04 22:25 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2013-06-04 22:25 . 2013-06-04 22:25 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2013-06-04 22:25 . 2013-06-04 22:25 118784 ----a-w- c:\windows\system32\coinst_13.101.dll

2013-06-04 22:24 . 2013-06-04 22:24 16082944 ----a-w- c:\windows\system32\aticaldd64.dll

2013-06-04 22:20 . 2013-06-04 22:20 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2013-06-04 22:13 . 2013-06-04 22:13 19906560 ----a-w- c:\windows\SysWow64\atioglxx.dll

2013-06-04 22:03 . 2013-06-04 22:03 442368 ----a-w- c:\windows\system32\atidemgy.dll

2013-06-04 22:03 . 2013-06-04 22:03 26112 ----a-w- c:\windows\system32\atimuixx.dll

2013-06-04 22:03 . 2013-06-04 22:03 562688 ----a-w- c:\windows\system32\atieclxx.exe

2013-06-04 22:02 . 2013-06-04 22:02 241152 ----a-w- c:\windows\system32\atiesrxx.exe

2013-06-04 22:00 . 2013-06-04 22:00 120320 ----a-w- c:\windows\system32\atitmm64.dll

2013-06-04 22:00 . 2013-06-04 22:00 59392 ----a-w- c:\windows\system32\atiedu64.dll

2013-06-04 22:00 . 2013-06-04 22:00 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2013-06-04 21:35 . 2013-06-04 21:35 594944 ----a-w- c:\windows\system32\atiadlxx.dll

2013-06-04 21:35 . 2013-06-04 21:35 419840 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2013-06-04 21:35 . 2013-06-04 21:35 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2013-06-04 21:35 . 2013-06-04 21:35 15872 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2013-06-04 21:35 . 2013-06-04 21:35 15872 ----a-w- c:\windows\system32\atiglpxx.dll

2013-06-04 21:35 . 2013-06-04 21:35 41984 ----a-w- c:\windows\system32\atig6txx.dll

2013-06-04 21:35 . 2013-06-04 21:35 36352 ----a-w- c:\windows\SysWow64\atigktxx.dll

2013-06-04 21:35 . 2013-06-04 21:35 608768 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2013-06-04 21:31 . 2013-06-04 21:31 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2013-05-17 15:27 . 2013-05-17 15:27 40696 ----a-w- c:\windows\system32\drivers\RzMaelstromVAD.sys

2013-05-17 15:25 . 2013-05-17 15:25 245248 ----a-w- c:\windows\system32\DriverInstallCACMD.exe

2013-05-17 15:25 . 2013-05-17 15:25 69120 ----a-w- c:\windows\system32\DriverInstallCA.dll

2013-05-13 05:51 . 2013-06-11 21:15 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 05:51 . 2013-06-11 21:15 1464320 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 05:51 . 2013-06-11 21:15 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 05:50 . 2013-06-11 21:15 52224 ----a-w- c:\windows\system32\certenc.dll

2013-05-13 04:45 . 2013-06-11 21:15 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-05-13 04:45 . 2013-06-11 21:15 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-05-13 04:45 . 2013-06-11 21:15 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-05-13 03:43 . 2013-06-11 21:15 1192448 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-11 21:15 903168 ----a-w- c:\windows\SysWow64\certutil.exe

2013-05-13 03:08 . 2013-06-11 21:15 43008 ----a-w- c:\windows\SysWow64\certenc.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\EdgarCayenne\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\EdgarCayenne\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\EdgarCayenne\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-27 2637784]

"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-06-22 610152]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-06-05 676608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]

.

c:\users\EdgarCayenne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\EdgarCayenne\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys;c:\windows\SYSNATIVE\Drivers\CYUSB.sys [x]

R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys;c:\windows\SYSNATIVE\drivers\danew.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]

R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 ViaUsbEtsDriver;Nokia 1508 USB Device Driver;c:\windows\system32\drivers\ViaUsbEts.sys;c:\windows\SYSNATIVE\drivers\ViaUsbEts.sys [x]

R3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]

S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe;c:\program files\Broadcom\BPowMon\BPowMon.exe [x]

S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]

S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]

S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]

S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 05:44]

.

2013-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578771145-1968098512-1077083552-1000Core.job

- c:\users\EdgarCayenne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 06:15]

.

2013-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3578771145-1968098512-1077083552-1000UA.job

- c:\users\EdgarCayenne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 06:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\EdgarCayenne\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\EdgarCayenne\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\EdgarCayenne\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\EdgarCayenne\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-27 395384]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 172.16.12.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-PlanetSide 2 Beta - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 Beta\Uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3578771145-1968098512-1077083552-1000\Software\SecuROM\License information*]

"datasecu"=hex:1d,56,9d,73,78,94,bf,6a,d6,4f,ba,b7,58,ae,34,cb,2f,94,e6,9e,e5,

   a0,63,f4,c2,34,36,f0,67,0b,13,c9,5a,2b,2e,7f,6e,19,20,d4,cc,10,1f,6b,e5,7c,\

"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-08-08  08:49:51

ComboFix-quarantined-files.txt  2013-08-08 15:49

.

Pre-Run: 454,130,442,240 bytes free

Post-Run: 453,632,921,600 bytes free

.

- - End Of File - - DB82AD62516F864DC98F0924573E4195

A36C5E4F47E84449FF07ED3517B43A31

 

RKreport0_S_08082013_083253.txt

[AdvancedSetup]

Not sure why you ran these scans as no one asked you to run them but by running them it made your topic look like someone was already helping you. Now I see that no one has replied.

Do you still need help with this?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!