Jump to content

bitcoin mining has hijacked my computer and is pushing my gpu to its limit


Recommended Posts

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply
 
 
 
Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

here is the dss file  

 

(Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Simon at 8:50:56 on 2013-09-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8150.5794 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Simon\Desktop\PCMeter\PCMeterV0.3.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SABnzbd.lnk - C:\Program Files (x86)\SABnzbd\SABnzbd.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2318368B-242D-4141-8497-CE16964EF515} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{62D52C98-F85F-46C6-A8FB-499B51CF1181} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C129924C-5DBB-4E49-AC63-EC33125C7861} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{CB70A6B5-C5B3-4825-9BA6-27B0C5EE4999} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CB70A6B5-C5B3-4825-9BA6-27B0C5EE4999}\3596D6F6E6723702960586F6E656 : DHCPNameServer = 88.82.13.60 88.82.13.60
TCP: Interfaces\{CB70A6B5-C5B3-4825-9BA6-27B0C5EE4999}\6796277696E6D65646961613539303138393 : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-3 19224]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2012-11-8 26624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-15 239616]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-3 13592]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
R2 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-8-24 10752]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-11-3 27760]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2012-11-8 167936]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-1-6 59392]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2012-1-6 84608]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-3 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-3 789272]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-11-15 110744]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-11-3 2196592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-11-8 1924096]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe --> C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2012-11-8 954368]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2011-10-5 729152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-3 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-3 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-3 1255736]
.
=============== Created Last 30 ================
.
2013-09-04 17:51:00 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-04 16:59:28 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0EAAAC2-CAC6-479C-B6E7-D4DDA2E6FB1A}\mpengine.dll
2013-09-04 11:04:42 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-04 00:33:36 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-09-04 00:30:37 -------- d-----w- C:\ProgramData\Package Cache
2013-08-30 12:33:19 -------- d-----w- C:\ProgramData\Orbit
2013-08-24 18:35:09 569680 ----a-w- C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll
2013-08-24 18:35:09 49664 ----a-w- C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe
2013-08-24 18:35:09 43008 ----a-w- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
2013-08-24 18:35:09 24064 ----a-w- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
2013-08-24 18:35:09 2303488 ----a-w- C:\ProgramData\Microsoft\Windows\Time\python27.dll
2013-08-24 18:35:09 10752 ----a-w- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
2013-08-24 18:35:08 219648 ----a-w- C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-08-23 17:59:28 -------- d-----w- C:\Program Files\iTunes
2013-08-23 17:59:28 -------- d-----w- C:\Program Files\iPod
2013-08-23 17:59:28 -------- d-----w- C:\Program Files (x86)\iTunes
2013-08-23 10:16:01 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D50E84E5-D696-43FF-B393-5A827FF4661A}\gapaengine.dll
2013-08-15 13:11:26 157736 ----a-w- C:\Windows\System32\amdhcp64.dll
2013-08-15 13:11:26 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2013-08-15 13:11:24 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-08-15 13:11:24 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-08-15 13:11:24 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-08-15 13:11:24 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-08-15 13:11:16 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-08-15 13:11:14 1266552 ----a-w- C:\Windows\System32\aticfx64.dll
2013-08-15 13:11:08 9067808 ----a-w- C:\Windows\System32\atidxx64.dll
2013-08-15 13:11:06 7919328 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-08-15 13:10:52 7128240 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-08-15 13:10:48 7625784 ----a-w- C:\Windows\System32\atiumd64.dll
2013-08-15 13:09:02 12652544 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-08-15 12:55:20 229888 ----a-w- C:\Windows\System32\clinfo.exe
2013-08-15 12:55:02 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-08-15 12:54:52 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-08-15 12:54:46 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-08-15 12:54:40 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-08-15 12:54:20 28445184 ----a-w- C:\Windows\System32\amdocl64.dll
2013-08-15 12:49:16 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-08-15 12:45:58 129536 ----a-w- C:\Windows\System32\coinst_13.20.11.dll
2013-08-15 12:33:58 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-08-15 12:33:48 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-08-15 12:33:46 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-08-15 12:33:38 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-08-15 12:33:36 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-08-15 12:33:20 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-08-15 12:33:14 25611264 ----a-w- C:\Windows\System32\atio6axx.dll
2013-08-15 12:29:48 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-08-15 12:15:14 21624832 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-08-15 12:12:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-08-15 12:12:06 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-08-15 12:12:00 574976 ----a-w- C:\Windows\System32\atieclxx.exe
2013-08-15 12:11:02 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-08-15 12:09:26 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-08-15 11:40:32 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-08-15 11:40:28 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-08-15 11:40:28 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-08-15 11:40:22 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-08-15 11:40:02 617984 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-08-15 11:38:00 95744 ----a-w- C:\Windows\System32\amdave64.dll
2013-08-15 11:37:54 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2013-08-15 11:37:44 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2013-08-15 11:37:40 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2013-08-15 11:36:10 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-08-15 08:06:06 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-08-15 08:01:18 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-08-13 23:00:06 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-13 22:59:47 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-13 22:59:47 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-13 22:59:46 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-13 22:59:46 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2013-08-15 13:11:18 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-08-15 13:11:18 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-08-15 13:11:16 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-08-15 13:11:12 1052264 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-08-15 13:11:00 6502024 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-08-15 13:10:56 6549928 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-08-15 12:51:26 23989248 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-08-15 12:49:10 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-08-15 11:41:02 1097728 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-08-15 11:40:48 828416 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-08-15 11:40:12 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-05 08:40:38 96256 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-07-05 08:40:26 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
2013-06-25 14:55:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 14:55:52 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-25 14:55:52 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-18 20:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 20:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
Link to post
Share on other sites

here is the attach file

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 03/11/2012 18:13:43

System Uptime: 05/09/2013 08:17:51 (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. |  | Z77-D3H

Processor: Intel® Core i5-3570K CPU @ 3.40GHz | Intel® Core i5-3570K CPU @ 3.40GHz | 3801/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 119 GiB total, 17.335 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 571.916 GiB free.

E: is CDROM (CDFS)

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP237: 04/09/2013 17:25:16 - Malwarebytes Anti-Rootkit Restore Point

RP238: 04/09/2013 18:58:42 - Windows Update

RP239: 04/09/2013 19:26:37 - Installed Application Profiles

RP240: 04/09/2013 19:35:45 - Windows Update

.

==== Installed Programs ======================

.

Adobe Reader XI (11.0.03)

Alan Wake

Alan Wake's American Nightmare

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Control Center

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

AMD Wireless Display v3.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Profiles

Assassin's Creed Revelations

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

µTorrent

Bastion

Bonjour

Borderlands

Borderlands 2: Premiere Club

Bully: Scholarship Edition

calibre 64bit

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Championship Manager 01-02

CM3 Series SaveGame Editor 4.0 Build 4000

ComicRack v0.9.159

Deadlight

Deus Ex: Human Revolution

Devil May Cry 3: Special Edition

Devil May Cry 4

Dragon Age: Origins

Dropbox

Etron USB3.0 Host Controller

F.E.A.R.

F.E.A.R.: Extraction Point

F.E.A.R.: Perseus Mandate

Fallout: New Vegas

GOG.com Downloader version 3.5.2

Google Chrome

Google Drive

Google Earth

Google Update Helper

GRID

HIS iTurbo

Hitman: Absolution

iCloud

Intel® Control Center

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

iTunes

Java 7 Update 25

Java Auto Updater

Malwarebytes Anti-Malware version 1.75.0.1300

Marvel Heroes

Microsoft .NET Framework 4.5

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Mouse and Keyboard Center

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office File Validation Add-In

Microsoft Office Office 64-bit Components 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Microsoft XNA Framework Redistributable 3.1

NETGEAR WNDA3200 wireless adapter Setup

NVIDIA PhysX

OpenAL

Pando Media Booster

Platform

PowerISO

PunkBuster Services

QuickPar 0.9

Rapture3D 2.5.1 Game

SABnzbd 0.7.5

SafeSaver 1.74

Security Update for Microsoft .NET Framework 4.5 (KB2737083)

Security Update for Microsoft .NET Framework 4.5 (KB2742613)

Security Update for Microsoft .NET Framework 4.5 (KB2789648)

Security Update for Microsoft .NET Framework 4.5 (KB2804582)

Security Update for Microsoft .NET Framework 4.5 (KB2833957)

Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 

Sid Meier's Civilization V

Skype™ 6.6

Sleeping Dogs™

SopCast 3.5.0

Star Wars: Knights of the Old Republic II

Steam

Stellarium 0.11.4

SUPERAntiSpyware

The Incredible Adventures of Van Helsing

The Witcher 2 Enhanced Edition version 3.0

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4.5 (KB2750147)

Update for Microsoft .NET Framework 4.5 (KB2805221)

Update for Microsoft .NET Framework 4.5 (KB2805226)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Uplay

VIA Platform Device Manager

VLC media player 2.0.4

Windows Live ID Sign-in Assistant

WinRAR 4.20 (64-bit)

XCOM: Enemy Unknown

.

==== Event Viewer Messages From Past Week ========

.

05/09/2013 08:18:09, Error: Service Control Manager [7000]  - The WinRing0_1_2_0 service failed to start due to the following error:  The system cannot find the file specified.

04/09/2013 18:48:11, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

04/09/2013 18:45:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

04/09/2013 18:31:29, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

04/09/2013 18:31:29, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

04/09/2013 18:31:28, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

04/09/2013 18:31:23, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

04/09/2013 18:31:21, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6

04/09/2013 18:31:21, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

04/09/2013 18:28:18, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

04/09/2013 18:19:42, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

04/09/2013 18:19:42, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

04/09/2013 18:19:35, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache JSWPSLWF MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

04/09/2013 18:19:35, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

04/09/2013 18:19:35, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

04/09/2013 18:19:35, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.

04/09/2013 18:19:35, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

04/09/2013 18:19:35, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

04/09/2013 18:19:35, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.

04/09/2013 18:19:35, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

04/09/2013 18:19:35, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

04/09/2013 18:19:35, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

04/09/2013 18:19:35, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

04/09/2013 18:19:35, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

04/09/2013 17:54:06, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

04/09/2013 17:49:33, Error: Service Control Manager [7034]  - The Time service terminated unexpectedly.  It has done this 1 time(s).

04/09/2013 17:47:55, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

04/09/2013 17:47:55, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

04/09/2013 17:25:58, Error: mbamchameleon [61440]  - 

04/09/2013 01:33:09, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.

04/09/2013 01:33:09, Error: Service Control Manager [7000]  - The AMD External Events Utility service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

03/09/2013 22:32:16, Error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.   Signatures Attempted: Current   Error Code: 0x80070002   Error description: The system cannot find the file specified.   Signature version: 0.0.0.0;0.0.0.0   Engine version: 0.0.0.0

.

==== End Of File ===========================

Link to post
Share on other sites

aswMBR file:

MBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-05 08:59:31
-----------------------------
08:59:31.950    OS Version: Windows x64 6.1.7601 Service Pack 1
08:59:31.950    Number of processors: 4 586 0x3A09
08:59:31.950    ComputerName: SIMON-PC  UserName: Simon
08:59:32.121    Initialize success
09:39:23.234    AVAST engine defs: 13090401
09:41:13.760    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:41:13.760    Disk 0 Vendor: SAMSUNG_ CXM0 Size: 122104MB BusType: 3
09:41:13.760    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
09:41:13.760    Disk 1 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
09:41:13.776    Disk 0 MBR read successfully
09:41:13.776    Disk 0 MBR scan
09:41:13.823    Disk 0 Windows 7 default MBR code
09:41:13.823    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
09:41:13.838    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
09:41:13.885    Disk 0 scanning C:\Windows\system32\drivers
09:41:17.941    Service scanning
09:41:26.989    Modules scanning
09:41:26.989    Disk 0 trace - called modules:
09:41:27.005    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
09:41:27.005    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f3c060]
09:41:27.005    3 CLASSPNP.SYS[fffff88001ccd43f] -> nt!IofCallDriver -> [0xfffffa8006c3ce40]
09:41:27.020    5 ACPI.sys[fffff88000ee37a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006c3f050]
09:41:27.176    AVAST engine scan C:\Windows
09:41:27.754    AVAST engine scan C:\Windows\system32
09:43:07.968    AVAST engine scan C:\Windows\system32\drivers
09:43:14.208    AVAST engine scan C:\Users\Simon
09:44:24.814    File: C:\Users\Simon\Documents\Downloads\Adobe-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:24.845    File: C:\Users\Simon\Documents\Downloads\AMD APP-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:24.861    File: C:\Users\Simon\Documents\Downloads\AMD AVT-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:24.876    File: C:\Users\Simon\Documents\Downloads\Apple Software Update-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:24.908    File: C:\Users\Simon\Documents\Downloads\AppName-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:24.923    File: C:\Users\Simon\Documents\Downloads\ATI Technologies-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:24.939    File: C:\Users\Simon\Documents\Downloads\Bonjour-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:24.954    File: C:\Users\Simon\Documents\Downloads\BRS-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:24.986    File: C:\Users\Simon\Documents\Downloads\Championship Manager 01-02-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.001    File: C:\Users\Simon\Documents\Downloads\CM3 Series SaveGame Editor-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.032    File: C:\Users\Simon\Documents\Downloads\dumps-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.048    File: C:\Users\Simon\Documents\Downloads\Etron Technology-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.064    File: C:\Users\Simon\Documents\Downloads\GOG.com-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.095    File: C:\Users\Simon\Documents\Downloads\Google-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.110    File: C:\Users\Simon\Documents\Downloads\HIS iTurbo-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.126    File: C:\Users\Simon\Documents\Downloads\InstallShield Installation Information-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.157    File: C:\Users\Simon\Documents\Downloads\Intel-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.173    File: C:\Users\Simon\Documents\Downloads\iTunes-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.204    File: C:\Users\Simon\Documents\Downloads\Java-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.220    File: C:\Users\Simon\Documents\Downloads\Kalypso Media-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.251    File: C:\Users\Simon\Documents\Downloads\Metro Last Light-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.266    File: C:\Users\Simon\Documents\Downloads\Microsoft DirectX SDK (June 2010)-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.282    File: C:\Users\Simon\Documents\Downloads\Microsoft Games for Windows - LIVE-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.313    File: C:\Users\Simon\Documents\Downloads\Microsoft Office-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.329    File: C:\Users\Simon\Documents\Downloads\Microsoft Security Client-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.360    File: C:\Users\Simon\Documents\Downloads\Microsoft Silverlight-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.376    File: C:\Users\Simon\Documents\Downloads\Microsoft Works-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.407    File: C:\Users\Simon\Documents\Downloads\Microsoft XNA-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.422    File: C:\Users\Simon\Documents\Downloads\Microsoft-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.438    File: C:\Users\Simon\Documents\Downloads\Mozilla Firefox-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.469    File: C:\Users\Simon\Documents\Downloads\MSI Afterburner-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.485    File: C:\Users\Simon\Documents\Downloads\MSI Kombustor 2.5-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.516    File: C:\Users\Simon\Documents\Downloads\NETGEAR-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.532    File: C:\Users\Simon\Documents\Downloads\NVIDIA Corporation-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.547    File: C:\Users\Simon\Documents\Downloads\OpenAL-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.578    File: C:\Users\Simon\Documents\Downloads\Pando Networks-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.594    File: C:\Users\Simon\Documents\Downloads\PowerISO-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.610    File: C:\Users\Simon\Documents\Downloads\QuickPar-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.641    File: C:\Users\Simon\Documents\Downloads\SABnzbd-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.672    File: C:\Users\Simon\Documents\Downloads\SafeSaver-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.703    File: C:\Users\Simon\Documents\Downloads\Skype-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.719    File: C:\Users\Simon\Documents\Downloads\SopCast-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.734    File: C:\Users\Simon\Documents\Downloads\Soul's Software-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.766    File: C:\Users\Simon\Documents\Downloads\Steam-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.797    File: C:\Users\Simon\Documents\Downloads\Ubisoft-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.812    File: C:\Users\Simon\Documents\Downloads\uTorrent-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.844    File: C:\Users\Simon\Documents\Downloads\VIA-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.875    File: C:\Users\Simon\Documents\Downloads\Windows Defender-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.890    File: C:\Users\Simon\Documents\Downloads\Windows Mail-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.922    File: C:\Users\Simon\Documents\Downloads\Windows Photo Viewer-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.937    File: C:\Users\Simon\Documents\Downloads\Windows Portable Devices-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:25.968    File: C:\Users\Simon\Documents\Downloads\Windows Sidebar-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]
09:44:48.604    AVAST engine scan C:\ProgramData
09:44:53.565    Scan finished successfully
09:46:09.439    Disk 0 MBR has been saved successfully to "C:\Users\Simon\Desktop\MBR.dat"
09:46:09.470    The log file has been saved successfully to "C:\Users\Simon\Desktop\aswMBR.txt"
Link to post
Share on other sites

dss log file:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Simon at 8:50:56 on 2013-09-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8150.5794 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Simon\Desktop\PCMeter\PCMeterV0.3.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SABnzbd.lnk - C:\Program Files (x86)\SABnzbd\SABnzbd.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2318368B-242D-4141-8497-CE16964EF515} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{62D52C98-F85F-46C6-A8FB-499B51CF1181} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C129924C-5DBB-4E49-AC63-EC33125C7861} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{CB70A6B5-C5B3-4825-9BA6-27B0C5EE4999} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CB70A6B5-C5B3-4825-9BA6-27B0C5EE4999}\3596D6F6E6723702960586F6E656 : DHCPNameServer = 88.82.13.60 88.82.13.60
TCP: Interfaces\{CB70A6B5-C5B3-4825-9BA6-27B0C5EE4999}\6796277696E6D65646961613539303138393 : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-3 19224]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2012-11-8 26624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-15 239616]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-3 13592]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
R2 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-8-24 10752]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-11-3 27760]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2012-11-8 167936]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-1-6 59392]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2012-1-6 84608]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-3 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-3 789272]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-11-15 110744]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-11-3 2196592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-11-8 1924096]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe --> C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2012-11-8 954368]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2011-10-5 729152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-3 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-3 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-3 1255736]
.
=============== Created Last 30 ================
.
2013-09-04 17:51:00 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-04 16:59:28 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0EAAAC2-CAC6-479C-B6E7-D4DDA2E6FB1A}\mpengine.dll
2013-09-04 11:04:42 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-04 00:33:36 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-09-04 00:30:37 -------- d-----w- C:\ProgramData\Package Cache
2013-08-30 12:33:19 -------- d-----w- C:\ProgramData\Orbit
2013-08-24 18:35:09 569680 ----a-w- C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll
2013-08-24 18:35:09 49664 ----a-w- C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe
2013-08-24 18:35:09 43008 ----a-w- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
2013-08-24 18:35:09 24064 ----a-w- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
2013-08-24 18:35:09 2303488 ----a-w- C:\ProgramData\Microsoft\Windows\Time\python27.dll
2013-08-24 18:35:09 10752 ----a-w- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
2013-08-24 18:35:08 219648 ----a-w- C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-08-23 17:59:28 -------- d-----w- C:\Program Files\iTunes
2013-08-23 17:59:28 -------- d-----w- C:\Program Files\iPod
2013-08-23 17:59:28 -------- d-----w- C:\Program Files (x86)\iTunes
2013-08-23 10:16:01 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D50E84E5-D696-43FF-B393-5A827FF4661A}\gapaengine.dll
2013-08-15 13:11:26 157736 ----a-w- C:\Windows\System32\amdhcp64.dll
2013-08-15 13:11:26 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2013-08-15 13:11:24 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-08-15 13:11:24 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-08-15 13:11:24 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-08-15 13:11:24 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-08-15 13:11:16 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-08-15 13:11:14 1266552 ----a-w- C:\Windows\System32\aticfx64.dll
2013-08-15 13:11:08 9067808 ----a-w- C:\Windows\System32\atidxx64.dll
2013-08-15 13:11:06 7919328 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-08-15 13:10:52 7128240 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-08-15 13:10:48 7625784 ----a-w- C:\Windows\System32\atiumd64.dll
2013-08-15 13:09:02 12652544 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-08-15 12:55:20 229888 ----a-w- C:\Windows\System32\clinfo.exe
2013-08-15 12:55:02 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-08-15 12:54:52 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-08-15 12:54:46 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-08-15 12:54:40 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-08-15 12:54:20 28445184 ----a-w- C:\Windows\System32\amdocl64.dll
2013-08-15 12:49:16 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-08-15 12:45:58 129536 ----a-w- C:\Windows\System32\coinst_13.20.11.dll
2013-08-15 12:33:58 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-08-15 12:33:48 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-08-15 12:33:46 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-08-15 12:33:38 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-08-15 12:33:36 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-08-15 12:33:20 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-08-15 12:33:14 25611264 ----a-w- C:\Windows\System32\atio6axx.dll
2013-08-15 12:29:48 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-08-15 12:15:14 21624832 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-08-15 12:12:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-08-15 12:12:06 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-08-15 12:12:00 574976 ----a-w- C:\Windows\System32\atieclxx.exe
2013-08-15 12:11:02 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-08-15 12:09:26 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-08-15 11:40:32 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-08-15 11:40:28 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-08-15 11:40:28 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-08-15 11:40:22 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-08-15 11:40:02 617984 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-08-15 11:38:00 95744 ----a-w- C:\Windows\System32\amdave64.dll
2013-08-15 11:37:54 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2013-08-15 11:37:44 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2013-08-15 11:37:40 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2013-08-15 11:36:10 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-08-15 08:06:06 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-08-15 08:01:18 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-08-13 23:00:06 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-13 22:59:47 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-13 22:59:47 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-13 22:59:46 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-13 22:59:46 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M  ====================
.
2013-08-15 13:11:18 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-08-15 13:11:18 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-08-15 13:11:16 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-08-15 13:11:12 1052264 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-08-15 13:11:00 6502024 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-08-15 13:10:56 6549928 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-08-15 12:51:26 23989248 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-08-15 12:49:10 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-08-15 11:41:02 1097728 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-08-15 11:40:48 828416 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-08-15 11:40:12 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-05 08:40:38 96256 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-07-05 08:40:26 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
2013-06-25 14:55:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 14:55:52 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-25 14:55:52 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-18 20:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 20:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH:  8:51:04.48 ===============
Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

ComboFix 13-09-04.04 - Simon 05/09/2013   9:58.3.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8150.5585 [GMT 1:00]

Running from: c:\users\Simon\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Simon\AppData\Local\Temp\_MEI25242\_ctypes.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\_elementtree.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\_hashlib.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\_multiprocessing.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\_socket.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\_ssl.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\msvcp100.dll

c:\users\Simon\AppData\Local\Temp\_MEI25242\msvcr100.dll

c:\users\Simon\AppData\Local\Temp\_MEI25242\pyexpat.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\pysqlite2._sqlite.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\python27.dll

c:\users\Simon\AppData\Local\Temp\_MEI25242\pythoncom27.dll

c:\users\Simon\AppData\Local\Temp\_MEI25242\PyWinTypes27.dll

c:\users\Simon\AppData\Local\Temp\_MEI25242\select.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\unicodedata.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\win32api.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\win32com.shell.shell.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\win32crypt.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\win32event.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\win32file.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\win32inet.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\win32pdh.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\win32process.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\win32profile.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\win32security.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\win32ts.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\windows._cacheinvalidation.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\wx._controls_.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\wx._core_.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\wx._gdi_.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\wx._html2.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\wx._misc_.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\wx._windows_.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\wx._wizard.pyd

c:\users\Simon\AppData\Local\Temp\_MEI25242\wxbase294u_net_vc90.dll

c:\users\Simon\AppData\Local\Temp\_MEI25242\wxbase294u_vc90.dll

c:\users\Simon\AppData\Local\Temp\_MEI25242\wxmsw294u_adv_vc90.dll

c:\users\Simon\AppData\Local\Temp\_MEI25242\wxmsw294u_core_vc90.dll

c:\users\Simon\AppData\Local\Temp\_MEI25242\wxmsw294u_html_vc90.dll

c:\users\Simon\AppData\Local\Temp\_MEI25242\wxmsw294u_webview_vc90.dll

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-05 to 2013-09-05  )))))))))))))))))))))))))))))))

.

.

2013-09-05 09:00 . 2013-09-05 09:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-04 16:59 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0EAAAC2-CAC6-479C-B6E7-D4DDA2E6FB1A}\mpengine.dll

2013-09-04 11:04 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-09-04 00:34 . 2013-09-04 00:34 -------- d-----w- c:\programdata\ATI

2013-09-04 00:33 . 2013-09-04 00:33 -------- d-----w- c:\program files (x86)\AMD AVT

2013-09-04 00:30 . 2013-09-04 00:32 -------- d-----w- c:\programdata\Package Cache

2013-08-30 12:33 . 2013-08-30 12:33 -------- d-----w- c:\programdata\Orbit

2013-08-24 18:35 . 2013-08-27 17:30 569680 ----a-w- c:\programdata\Microsoft\Windows\Time\msvcp90.dll

2013-08-24 18:35 . 2013-08-27 17:30 49664 ----a-w- c:\programdata\Microsoft\Windows\Time\w9xpopen.exe

2013-08-24 18:35 . 2013-08-27 17:30 43008 ----a-w- c:\programdata\Microsoft\Windows\Time\WindowsTime.exe

2013-08-24 18:35 . 2013-08-27 17:30 24064 ----a-w- c:\programdata\Microsoft\Windows\Time\TimeServer.exe

2013-08-24 18:35 . 2013-08-27 17:30 2303488 ----a-w- c:\programdata\Microsoft\Windows\Time\python27.dll

2013-08-24 18:35 . 2013-08-27 17:30 10752 ----a-w- c:\programdata\Microsoft\Windows\Time\Time-svc.exe

2013-08-24 18:35 . 2013-08-27 17:30 219648 ----a-w- c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll

2013-08-23 17:59 . 2013-08-23 17:59 -------- d-----w- c:\program files\iTunes

2013-08-23 17:59 . 2013-08-23 17:59 -------- d-----w- c:\program files (x86)\iTunes

2013-08-23 17:59 . 2013-08-23 17:59 -------- d-----w- c:\program files\iPod

2013-08-23 10:16 . 2013-08-23 10:15 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D50E84E5-D696-43FF-B393-5A827FF4661A}\gapaengine.dll

2013-08-15 13:11 . 2013-08-15 13:11 157736 ----a-w- c:\windows\system32\amdhcp64.dll

2013-08-15 13:11 . 2013-08-15 13:11 142304 ----a-w- c:\windows\SysWow64\amdhcp32.dll

2013-08-15 13:11 . 2013-08-15 13:11 78432 ----a-w- c:\windows\system32\atimpc64.dll

2013-08-15 13:11 . 2013-08-15 13:11 78432 ----a-w- c:\windows\system32\amdpcom64.dll

2013-08-15 13:11 . 2013-08-15 13:11 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll

2013-08-15 13:11 . 2013-08-15 13:11 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2013-08-15 13:11 . 2013-08-15 13:11 115512 ----a-w- c:\windows\system32\atiu9p64.dll

2013-08-15 13:11 . 2013-08-15 13:11 1266552 ----a-w- c:\windows\system32\aticfx64.dll

2013-08-15 13:11 . 2013-08-15 13:11 9067808 ----a-w- c:\windows\system32\atidxx64.dll

2013-08-15 13:11 . 2013-08-15 13:11 7919328 ----a-w- c:\windows\SysWow64\atidxx32.dll

2013-08-15 13:10 . 2013-08-15 13:10 7128240 ----a-w- c:\windows\system32\atiumd6a.dll

2013-08-15 13:10 . 2013-08-15 13:10 7625784 ----a-w- c:\windows\system32\atiumd64.dll

2013-08-15 13:09 . 2013-08-15 13:09 12652544 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2013-08-15 12:55 . 2013-08-15 12:55 229888 ----a-w- c:\windows\system32\clinfo.exe

2013-08-15 12:55 . 2013-08-15 12:55 98816 ----a-w- c:\windows\system32\OpenVideo64.dll

2013-08-15 12:54 . 2013-08-15 12:54 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2013-08-15 12:54 . 2013-08-15 12:54 86528 ----a-w- c:\windows\system32\OVDecode64.dll

2013-08-15 12:54 . 2013-08-15 12:54 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll

2013-08-15 12:54 . 2013-08-15 12:54 28445184 ----a-w- c:\windows\system32\amdocl64.dll

2013-08-15 12:49 . 2013-08-15 12:49 63488 ----a-w- c:\windows\system32\OpenCL.dll

2013-08-15 12:45 . 2013-08-15 12:45 129536 ----a-w- c:\windows\system32\coinst_13.20.11.dll

2013-08-15 12:33 . 2013-08-15 12:33 368640 ----a-w- c:\windows\system32\atiapfxx.exe

2013-08-15 12:33 . 2013-08-15 12:33 62464 ----a-w- c:\windows\system32\aticalrt64.dll

2013-08-15 12:33 . 2013-08-15 12:33 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll

2013-08-15 12:33 . 2013-08-15 12:33 55808 ----a-w- c:\windows\system32\aticalcl64.dll

2013-08-15 12:33 . 2013-08-15 12:33 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll

2013-08-15 12:33 . 2013-08-15 12:33 15716352 ----a-w- c:\windows\system32\aticaldd64.dll

2013-08-15 12:33 . 2013-08-15 12:33 25611264 ----a-w- c:\windows\system32\atio6axx.dll

2013-08-15 12:29 . 2013-08-15 12:29 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll

2013-08-15 12:15 . 2013-08-15 12:15 21624832 ----a-w- c:\windows\SysWow64\atioglxx.dll

2013-08-15 12:12 . 2013-08-15 12:12 442368 ----a-w- c:\windows\system32\atidemgy.dll

2013-08-15 12:12 . 2013-08-15 12:12 26112 ----a-w- c:\windows\system32\atimuixx.dll

2013-08-15 12:12 . 2013-08-15 12:12 574976 ----a-w- c:\windows\system32\atieclxx.exe

2013-08-15 12:11 . 2013-08-15 12:11 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2013-08-15 12:09 . 2013-08-15 12:09 190976 ----a-w- c:\windows\system32\atitmm64.dll

2013-08-15 11:40 . 2013-08-15 11:40 75264 ----a-w- c:\windows\system32\atig6pxx.dll

2013-08-15 11:40 . 2013-08-15 11:40 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2013-08-15 11:40 . 2013-08-15 11:40 69632 ----a-w- c:\windows\system32\atiglpxx.dll

2013-08-15 11:40 . 2013-08-15 11:40 100352 ----a-w- c:\windows\system32\atig6txx.dll

2013-08-15 11:40 . 2013-08-15 11:40 617984 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2013-08-15 11:38 . 2013-08-15 11:38 95744 ----a-w- c:\windows\system32\amdave64.dll

2013-08-15 11:37 . 2013-08-15 11:37 90112 ----a-w- c:\windows\SysWow64\amdave32.dll

2013-08-15 11:37 . 2013-08-15 11:37 89088 ----a-w- c:\windows\system32\atisamu64.dll

2013-08-15 11:37 . 2013-08-15 11:37 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll

2013-08-15 11:36 . 2013-08-15 11:36 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2013-08-15 08:06 . 2013-08-15 08:06 51200 ----a-w- c:\windows\system32\kdbsdk64.dll

2013-08-15 08:01 . 2013-08-15 08:01 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2013-08-13 23:00 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll

2013-08-13 22:59 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-13 22:59 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-08-13 22:59 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-13 22:59 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-15 13:11 . 2013-04-16 14:54 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2013-08-15 13:11 . 2012-06-11 16:25 143304 ----a-w- c:\windows\system32\atiuxp64.dll

2013-08-15 13:11 . 2012-09-28 01:10 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2013-08-15 13:11 . 2013-04-16 14:53 1052264 ----a-w- c:\windows\SysWow64\aticfx32.dll

2013-08-15 13:11 . 2013-04-16 14:53 6502024 ----a-w- c:\windows\SysWow64\atiumdva.dll

2013-08-15 13:10 . 2013-04-16 14:53 6549928 ----a-w- c:\windows\SysWow64\atiumdag.dll

2013-08-15 12:51 . 2013-04-16 14:34 23989248 ----a-w- c:\windows\SysWow64\amdocl.dll

2013-08-15 12:49 . 2013-04-16 14:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll

2013-08-15 11:41 . 2012-09-28 01:13 1097728 ----a-w- c:\windows\system32\atiadlxx.dll

2013-08-15 11:40 . 2013-03-14 19:56 828416 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2013-08-15 11:40 . 2013-03-14 19:56 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2013-08-13 23:02 . 2012-11-03 19:16 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-07-17 21:20 . 2012-11-28 08:37 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-07-09 04:45 . 2013-08-13 23:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-05 08:40 . 2013-07-05 08:40 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys

2013-07-05 08:40 . 2013-07-05 08:40 110080 ----a-w- c:\windows\system32\DelayAPO.dll

2013-06-25 14:55 . 2013-06-25 14:55 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-25 14:55 . 2013-05-10 19:22 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-06-25 14:55 . 2013-05-10 19:22 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-18 20:50 . 2013-06-18 20:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-18 20:50 . 2012-08-30 22:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-26 1807272]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-11 5119600]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-15 766208]

.

c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe -b0 [2012-11-4 103424]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-11-8 565248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [x]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 Time;Time;c:\programdata\Microsoft\Windows\Time\Time-svc.exe;c:\programdata\Microsoft\Windows\Time\Time-svc.exe [x]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]

S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Simon\AppData\Local\Temp\tmp7A2E.tmp;c:\users\Simon\AppData\Local\Temp\tmp7A2E.tmp [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WINRING0_1_2_0

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 18:46]

.

2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 18:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]

"MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-The Witcher 2 Enhanced Edition_is1 - d:\the witcher 2\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]

"ImagePath"="\??\c:\users\Simon\AppData\Local\Temp\tmp7A2E.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-117645214-1118744934-1122574308-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12]

"GameDir"="c:\\Users\\Simon\\Documents\\Sports Interactive\\Football Manager 2012\\games"

"ShortlistDir"="c:\\Users\\Simon\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists"

"FMPath"=""

"ScreenshotsDir"="c:\\Users\\Simon\\Documents\\Sports Interactive\\Football Manager 2012"

"SaveDir"="c:\\Users\\Simon\\Documents\\Sports Interactive\\Football Manager 2012\\"

"HistoryDir"="d:\\FM Genie Scout 12\\History Points"

"LangDB"="d:\\FM Genie Scout 12\\lang_db.dat"

"LastSaveGame"=""

"Language"="English"

"LoadLangDB"=dword:00000001

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000050

"GraphStep"=dword:00000000

"SkinName"="Steklo Black"

"LastUpdateCheck"=dword:0000a13e

"VersionOf201"=dword:0000007b

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"ShowGuidNotification"=dword:00000000

"ShowDonateNotification"=dword:00000000

"Version"=dword:000000cf

"UniqueID"="57-A0B0-EFDF"

"Currency"=dword:00000056

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

"PlayerSearchFeatureNum"=dword:00000007

"StaffSearchFeatureNum"=dword:00000001

"ClubSearchFeatureNum"=dword:00000001

"FilterByClubFeatureNum"=dword:00000001

"CompareFeatureNum"=dword:00000000

"ShortlistFeatureNum"=dword:00000000

"ExportFeatureNum"=dword:00000000

"HistoryFeatureNum"=dword:00000000

"LanguageDBFeatureNum"=dword:00000007

"HintsFeatureNum"=dword:00000000

"GenieReportFeatureNum"=dword:00000003

"TopFormationFeatureNum"=dword:00000000

"ScreenshotFeatureNum"=dword:00000000

"AdClicksNum"=dword:00000004

"AdImpressionsNum"=dword:00000033

"GameLoadedCounter"=dword:00000007

.

[HKEY_USERS\S-1-5-21-117645214-1118744934-1122574308-1000\Software\G*e*n*i*e*"!\FM Genie Scout 13]

"GameDir"="c:\\FM Genie Scout 13\\games"

"ShortlistDir"="c:\\FM Genie Scout 13\\shortlists"

"FMPath"=""

"ScreenshotsDir"="c:\\FM Genie Scout 13"

"SaveDir"="c:\\FM Genie Scout 13\\"

"HistoryDir"="c:\\FM Genie Scout 13\\History Points"

"LangDB"="c:\\FM Genie Scout 13\\lang_db.dat"

"LastSaveGame"=""

"Language"="English"

"LoadLangDB"=dword:00000001

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000050

"GraphStep"=dword:00000000

"SkinName"="Steklo Black"

"LastUpdateCheck"=dword:0000a151

"VersionOf201"=dword:0000007b

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"ShowGuidNotification2"=dword:00000000

"ShowQuickGuideNotification"=dword:00000000

"ShowDonateNotification"=dword:00000000

"Version"=dword:00000152

"UniqueID"="57-A0B0-EFDF"

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

"PlayerSearchFeatureNum"=dword:0000000b

"StaffSearchFeatureNum"=dword:00000000

"ClubSearchFeatureNum"=dword:00000001

"FilterByClubFeatureNum"=dword:00000001

"CompareFeatureNum"=dword:00000000

"ShortlistFeatureNum"=dword:00000000

"ExportFeatureNum"=dword:00000000

"HistoryFeatureNum"=dword:00000000

"LanguageDBFeatureNum"=dword:00000000

"HintsFeatureNum"=dword:00000000

"GenieReportFeatureNum"=dword:00000000

"TopFormationFeatureNum"=dword:00000000

"ScreenshotFeatureNum"=dword:00000000

"AdClicksNum"=dword:00000000

"AdImpressionsNum"=dword:00000017

"GameLoadedCounter"=dword:00000000

"Currency"=dword:00000056

.

[HKEY_USERS\S-1-5-21-117645214-1118744934-1122574308-1000\Software\SecuROM\License information*]

"datasecu"=hex:63,d8,d9,32,b4,2e,3b,a5,1c,57,be,9d,e5,74,06,2f,46,1d,d4,8c,fe,

   fd,e1,39,5c,ac,3e,18,9a,4d,05,f4,66,94,90,46,fb,8d,86,a5,d9,b6,ab,58,f5,bf,\

"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95

.

[HKEY_USERS\S-1-5-21-117645214-1118744934-1122574308-1000_Classes\CLSID\{BDBE366C-AB21-E546-9AA0-5ABE3384BB10}]

@Denied: (A 4) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\programdata\Microsoft\Windows\Time\WindowsTime.exe

.

**************************************************************************

.

Completion time: 2013-09-05  10:02:10 - machine was rebooted

ComboFix-quarantined-files.txt  2013-09-05 09:02

ComboFix2.txt  2013-09-04 17:49

.

Pre-Run: 18,290,221,056 bytes free

Post-Run: 18,145,046,528 bytes free

.

- - End Of File - - 612540B95C530FB520237B927383444D

Link to post
Share on other sites

Hm...let´s try something.

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Users\Simon\Documents\Downloads\*crack.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Link to post
Share on other sites

ComboFix 13-09-04.04 - Simon 05/09/2013  10:44:35.4.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8150.6157 [GMT 1:00]

Running from: c:\users\Simon\Downloads\ComboFix.exe

Command switches used :: c:\users\Simon\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Simon\AppData\Local\Temp\_MEI26082\_ctypes.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\_elementtree.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\_hashlib.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\_multiprocessing.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\_socket.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\_ssl.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\msvcp100.dll

c:\users\Simon\AppData\Local\Temp\_MEI26082\msvcr100.dll

c:\users\Simon\AppData\Local\Temp\_MEI26082\pyexpat.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\pysqlite2._sqlite.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\python27.dll

c:\users\Simon\AppData\Local\Temp\_MEI26082\pythoncom27.dll

c:\users\Simon\AppData\Local\Temp\_MEI26082\PyWinTypes27.dll

c:\users\Simon\AppData\Local\Temp\_MEI26082\select.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\unicodedata.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\win32api.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\win32com.shell.shell.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\win32crypt.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\win32event.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\win32file.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\win32inet.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\win32pdh.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\win32process.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\win32profile.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\win32security.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\win32ts.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\windows._cacheinvalidation.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\wx._controls_.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\wx._core_.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\wx._gdi_.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\wx._html2.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\wx._misc_.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\wx._windows_.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\wx._wizard.pyd

c:\users\Simon\AppData\Local\Temp\_MEI26082\wxbase294u_net_vc90.dll

c:\users\Simon\AppData\Local\Temp\_MEI26082\wxbase294u_vc90.dll

c:\users\Simon\AppData\Local\Temp\_MEI26082\wxmsw294u_adv_vc90.dll

c:\users\Simon\AppData\Local\Temp\_MEI26082\wxmsw294u_core_vc90.dll

c:\users\Simon\AppData\Local\Temp\_MEI26082\wxmsw294u_html_vc90.dll

c:\users\Simon\AppData\Local\Temp\_MEI26082\wxmsw294u_webview_vc90.dll

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-05 to 2013-09-05  )))))))))))))))))))))))))))))))

.

.

2013-09-05 09:08 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D245C371-E4CB-49BD-AAB9-AFBCE685EC38}\mpengine.dll

2013-09-04 11:04 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-09-04 00:34 . 2013-09-04 00:34 -------- d-----w- c:\programdata\ATI

2013-09-04 00:33 . 2013-09-04 00:33 -------- d-----w- c:\program files (x86)\AMD AVT

2013-09-04 00:30 . 2013-09-04 00:32 -------- d-----w- c:\programdata\Package Cache

2013-08-30 12:33 . 2013-08-30 12:33 -------- d-----w- c:\programdata\Orbit

2013-08-24 18:35 . 2013-08-27 17:30 569680 ----a-w- c:\programdata\Microsoft\Windows\Time\msvcp90.dll

2013-08-24 18:35 . 2013-08-27 17:30 49664 ----a-w- c:\programdata\Microsoft\Windows\Time\w9xpopen.exe

2013-08-24 18:35 . 2013-08-27 17:30 43008 ----a-w- c:\programdata\Microsoft\Windows\Time\WindowsTime.exe

2013-08-24 18:35 . 2013-08-27 17:30 24064 ----a-w- c:\programdata\Microsoft\Windows\Time\TimeServer.exe

2013-08-24 18:35 . 2013-08-27 17:30 2303488 ----a-w- c:\programdata\Microsoft\Windows\Time\python27.dll

2013-08-24 18:35 . 2013-08-27 17:30 10752 ----a-w- c:\programdata\Microsoft\Windows\Time\Time-svc.exe

2013-08-24 18:35 . 2013-08-27 17:30 219648 ----a-w- c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll

2013-08-23 17:59 . 2013-08-23 17:59 -------- d-----w- c:\program files\iTunes

2013-08-23 17:59 . 2013-08-23 17:59 -------- d-----w- c:\program files (x86)\iTunes

2013-08-23 17:59 . 2013-08-23 17:59 -------- d-----w- c:\program files\iPod

2013-08-23 10:16 . 2013-08-23 10:15 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D50E84E5-D696-43FF-B393-5A827FF4661A}\gapaengine.dll

2013-08-15 13:11 . 2013-08-15 13:11 157736 ----a-w- c:\windows\system32\amdhcp64.dll

2013-08-15 13:11 . 2013-08-15 13:11 142304 ----a-w- c:\windows\SysWow64\amdhcp32.dll

2013-08-15 13:11 . 2013-08-15 13:11 78432 ----a-w- c:\windows\system32\atimpc64.dll

2013-08-15 13:11 . 2013-08-15 13:11 78432 ----a-w- c:\windows\system32\amdpcom64.dll

2013-08-15 13:11 . 2013-08-15 13:11 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll

2013-08-15 13:11 . 2013-08-15 13:11 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2013-08-15 13:11 . 2013-08-15 13:11 115512 ----a-w- c:\windows\system32\atiu9p64.dll

2013-08-15 13:11 . 2013-08-15 13:11 1266552 ----a-w- c:\windows\system32\aticfx64.dll

2013-08-15 13:11 . 2013-08-15 13:11 9067808 ----a-w- c:\windows\system32\atidxx64.dll

2013-08-15 13:11 . 2013-08-15 13:11 7919328 ----a-w- c:\windows\SysWow64\atidxx32.dll

2013-08-15 13:10 . 2013-08-15 13:10 7128240 ----a-w- c:\windows\system32\atiumd6a.dll

2013-08-15 13:10 . 2013-08-15 13:10 7625784 ----a-w- c:\windows\system32\atiumd64.dll

2013-08-15 13:09 . 2013-08-15 13:09 12652544 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2013-08-15 12:55 . 2013-08-15 12:55 229888 ----a-w- c:\windows\system32\clinfo.exe

2013-08-15 12:55 . 2013-08-15 12:55 98816 ----a-w- c:\windows\system32\OpenVideo64.dll

2013-08-15 12:54 . 2013-08-15 12:54 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2013-08-15 12:54 . 2013-08-15 12:54 86528 ----a-w- c:\windows\system32\OVDecode64.dll

2013-08-15 12:54 . 2013-08-15 12:54 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll

2013-08-15 12:54 . 2013-08-15 12:54 28445184 ----a-w- c:\windows\system32\amdocl64.dll

2013-08-15 12:49 . 2013-08-15 12:49 63488 ----a-w- c:\windows\system32\OpenCL.dll

2013-08-15 12:45 . 2013-08-15 12:45 129536 ----a-w- c:\windows\system32\coinst_13.20.11.dll

2013-08-15 12:33 . 2013-08-15 12:33 368640 ----a-w- c:\windows\system32\atiapfxx.exe

2013-08-15 12:33 . 2013-08-15 12:33 62464 ----a-w- c:\windows\system32\aticalrt64.dll

2013-08-15 12:33 . 2013-08-15 12:33 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll

2013-08-15 12:33 . 2013-08-15 12:33 55808 ----a-w- c:\windows\system32\aticalcl64.dll

2013-08-15 12:33 . 2013-08-15 12:33 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll

2013-08-15 12:33 . 2013-08-15 12:33 15716352 ----a-w- c:\windows\system32\aticaldd64.dll

2013-08-15 12:33 . 2013-08-15 12:33 25611264 ----a-w- c:\windows\system32\atio6axx.dll

2013-08-15 12:29 . 2013-08-15 12:29 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll

2013-08-15 12:15 . 2013-08-15 12:15 21624832 ----a-w- c:\windows\SysWow64\atioglxx.dll

2013-08-15 12:12 . 2013-08-15 12:12 442368 ----a-w- c:\windows\system32\atidemgy.dll

2013-08-15 12:12 . 2013-08-15 12:12 26112 ----a-w- c:\windows\system32\atimuixx.dll

2013-08-15 12:12 . 2013-08-15 12:12 574976 ----a-w- c:\windows\system32\atieclxx.exe

2013-08-15 12:11 . 2013-08-15 12:11 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2013-08-15 12:09 . 2013-08-15 12:09 190976 ----a-w- c:\windows\system32\atitmm64.dll

2013-08-15 11:40 . 2013-08-15 11:40 75264 ----a-w- c:\windows\system32\atig6pxx.dll

2013-08-15 11:40 . 2013-08-15 11:40 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2013-08-15 11:40 . 2013-08-15 11:40 69632 ----a-w- c:\windows\system32\atiglpxx.dll

2013-08-15 11:40 . 2013-08-15 11:40 100352 ----a-w- c:\windows\system32\atig6txx.dll

2013-08-15 11:40 . 2013-08-15 11:40 617984 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2013-08-15 11:38 . 2013-08-15 11:38 95744 ----a-w- c:\windows\system32\amdave64.dll

2013-08-15 11:37 . 2013-08-15 11:37 90112 ----a-w- c:\windows\SysWow64\amdave32.dll

2013-08-15 11:37 . 2013-08-15 11:37 89088 ----a-w- c:\windows\system32\atisamu64.dll

2013-08-15 11:37 . 2013-08-15 11:37 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll

2013-08-15 11:36 . 2013-08-15 11:36 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2013-08-15 08:06 . 2013-08-15 08:06 51200 ----a-w- c:\windows\system32\kdbsdk64.dll

2013-08-15 08:01 . 2013-08-15 08:01 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2013-08-13 23:00 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll

2013-08-13 22:59 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-13 22:59 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-08-13 22:59 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-13 22:59 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-15 13:11 . 2013-04-16 14:54 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2013-08-15 13:11 . 2012-06-11 16:25 143304 ----a-w- c:\windows\system32\atiuxp64.dll

2013-08-15 13:11 . 2012-09-28 01:10 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2013-08-15 13:11 . 2013-04-16 14:53 1052264 ----a-w- c:\windows\SysWow64\aticfx32.dll

2013-08-15 13:11 . 2013-04-16 14:53 6502024 ----a-w- c:\windows\SysWow64\atiumdva.dll

2013-08-15 13:10 . 2013-04-16 14:53 6549928 ----a-w- c:\windows\SysWow64\atiumdag.dll

2013-08-15 12:51 . 2013-04-16 14:34 23989248 ----a-w- c:\windows\SysWow64\amdocl.dll

2013-08-15 12:49 . 2013-04-16 14:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll

2013-08-15 11:41 . 2012-09-28 01:13 1097728 ----a-w- c:\windows\system32\atiadlxx.dll

2013-08-15 11:40 . 2013-03-14 19:56 828416 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2013-08-15 11:40 . 2013-03-14 19:56 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2013-08-13 23:02 . 2012-11-03 19:16 78161360 ----a-w- c:\windows\system32\MRT.exe

2013-07-17 21:20 . 2012-11-28 08:37 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-07-09 04:45 . 2013-08-13 23:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-05 08:40 . 2013-07-05 08:40 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys

2013-07-05 08:40 . 2013-07-05 08:40 110080 ----a-w- c:\windows\system32\DelayAPO.dll

2013-06-25 14:55 . 2013-06-25 14:55 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-25 14:55 . 2013-05-10 19:22 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-06-25 14:55 . 2013-05-10 19:22 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-06-18 20:50 . 2013-06-18 20:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-18 20:50 . 2012-08-30 22:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-26 1807272]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-11 5119600]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-15 766208]

.

c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe -b0 [2012-11-4 103424]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-11-8 565248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [x]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 Time;Time;c:\programdata\Microsoft\Windows\Time\Time-svc.exe;c:\programdata\Microsoft\Windows\Time\Time-svc.exe [x]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]

S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Simon\AppData\Local\Temp\tmp7B85.tmp;c:\users\Simon\AppData\Local\Temp\tmp7B85.tmp [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WINRING0_1_2_0

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 18:46]

.

2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 18:46]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]

"MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-The Witcher 2 Enhanced Edition_is1 - d:\the witcher 2\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]

"ImagePath"="\??\c:\users\Simon\AppData\Local\Temp\tmp7B85.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-117645214-1118744934-1122574308-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12]

"GameDir"="c:\\Users\\Simon\\Documents\\Sports Interactive\\Football Manager 2012\\games"

"ShortlistDir"="c:\\Users\\Simon\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists"

"FMPath"=""

"ScreenshotsDir"="c:\\Users\\Simon\\Documents\\Sports Interactive\\Football Manager 2012"

"SaveDir"="c:\\Users\\Simon\\Documents\\Sports Interactive\\Football Manager 2012\\"

"HistoryDir"="d:\\FM Genie Scout 12\\History Points"

"LangDB"="d:\\FM Genie Scout 12\\lang_db.dat"

"LastSaveGame"=""

"Language"="English"

"LoadLangDB"=dword:00000001

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000050

"GraphStep"=dword:00000000

"SkinName"="Steklo Black"

"LastUpdateCheck"=dword:0000a13e

"VersionOf201"=dword:0000007b

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"ShowGuidNotification"=dword:00000000

"ShowDonateNotification"=dword:00000000

"Version"=dword:000000cf

"UniqueID"="57-A0B0-EFDF"

"Currency"=dword:00000056

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

"PlayerSearchFeatureNum"=dword:00000007

"StaffSearchFeatureNum"=dword:00000001

"ClubSearchFeatureNum"=dword:00000001

"FilterByClubFeatureNum"=dword:00000001

"CompareFeatureNum"=dword:00000000

"ShortlistFeatureNum"=dword:00000000

"ExportFeatureNum"=dword:00000000

"HistoryFeatureNum"=dword:00000000

"LanguageDBFeatureNum"=dword:00000007

"HintsFeatureNum"=dword:00000000

"GenieReportFeatureNum"=dword:00000003

"TopFormationFeatureNum"=dword:00000000

"ScreenshotFeatureNum"=dword:00000000

"AdClicksNum"=dword:00000004

"AdImpressionsNum"=dword:00000033

"GameLoadedCounter"=dword:00000007

.

[HKEY_USERS\S-1-5-21-117645214-1118744934-1122574308-1000\Software\G*e*n*i*e*"!\FM Genie Scout 13]

"GameDir"="c:\\FM Genie Scout 13\\games"

"ShortlistDir"="c:\\FM Genie Scout 13\\shortlists"

"FMPath"=""

"ScreenshotsDir"="c:\\FM Genie Scout 13"

"SaveDir"="c:\\FM Genie Scout 13\\"

"HistoryDir"="c:\\FM Genie Scout 13\\History Points"

"LangDB"="c:\\FM Genie Scout 13\\lang_db.dat"

"LastSaveGame"=""

"Language"="English"

"LoadLangDB"=dword:00000001

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000050

"GraphStep"=dword:00000000

"SkinName"="Steklo Black"

"LastUpdateCheck"=dword:0000a151

"VersionOf201"=dword:0000007b

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"ShowGuidNotification2"=dword:00000000

"ShowQuickGuideNotification"=dword:00000000

"ShowDonateNotification"=dword:00000000

"Version"=dword:00000152

"UniqueID"="57-A0B0-EFDF"

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

"PlayerSearchFeatureNum"=dword:0000000b

"StaffSearchFeatureNum"=dword:00000000

"ClubSearchFeatureNum"=dword:00000001

"FilterByClubFeatureNum"=dword:00000001

"CompareFeatureNum"=dword:00000000

"ShortlistFeatureNum"=dword:00000000

"ExportFeatureNum"=dword:00000000

"HistoryFeatureNum"=dword:00000000

"LanguageDBFeatureNum"=dword:00000000

"HintsFeatureNum"=dword:00000000

"GenieReportFeatureNum"=dword:00000000

"TopFormationFeatureNum"=dword:00000000

"ScreenshotFeatureNum"=dword:00000000

"AdClicksNum"=dword:00000000

"AdImpressionsNum"=dword:00000017

"GameLoadedCounter"=dword:00000000

"Currency"=dword:00000056

.

[HKEY_USERS\S-1-5-21-117645214-1118744934-1122574308-1000\Software\SecuROM\License information*]

"datasecu"=hex:63,d8,d9,32,b4,2e,3b,a5,1c,57,be,9d,e5,74,06,2f,46,1d,d4,8c,fe,

   fd,e1,39,5c,ac,3e,18,9a,4d,05,f4,66,94,90,46,fb,8d,86,a5,d9,b6,ab,58,f5,bf,\

"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95

.

[HKEY_USERS\S-1-5-21-117645214-1118744934-1122574308-1000_Classes\CLSID\{BDBE366C-AB21-E546-9AA0-5ABE3384BB10}]

@Denied: (A 4) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\programdata\Microsoft\Windows\Time\WindowsTime.exe

.

**************************************************************************

.

Completion time: 2013-09-05  10:48:39 - machine was rebooted

ComboFix-quarantined-files.txt  2013-09-05 09:48

ComboFix2.txt  2013-09-05 09:02

ComboFix3.txt  2013-09-04 17:49

.

Pre-Run: 18,175,111,168 bytes free

Post-Run: 18,121,949,184 bytes free

.

- - End Of File - - ACF871139305C0EEA912F5241153E83E

Link to post
Share on other sites

09:44:24.814    File: C:\Users\Simon\Documents\Downloads\Adobe-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:24.845    File: C:\Users\Simon\Documents\Downloads\AMD APP-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:24.861    File: C:\Users\Simon\Documents\Downloads\AMD AVT-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:24.876    File: C:\Users\Simon\Documents\Downloads\Apple Software Update-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:24.908    File: C:\Users\Simon\Documents\Downloads\AppName-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:24.923    File: C:\Users\Simon\Documents\Downloads\ATI Technologies-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:24.939    File: C:\Users\Simon\Documents\Downloads\Bonjour-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:24.954    File: C:\Users\Simon\Documents\Downloads\BRS-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:24.986    File: C:\Users\Simon\Documents\Downloads\Championship Manager 01-02-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.001    File: C:\Users\Simon\Documents\Downloads\CM3 Series SaveGame Editor-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.032    File: C:\Users\Simon\Documents\Downloads\dumps-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.048    File: C:\Users\Simon\Documents\Downloads\Etron Technology-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.064    File: C:\Users\Simon\Documents\Downloads\GOG.com-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.095    File: C:\Users\Simon\Documents\Downloads\Google-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.110    File: C:\Users\Simon\Documents\Downloads\HIS iTurbo-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.126    File: C:\Users\Simon\Documents\Downloads\InstallShield Installation Information-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.157    File: C:\Users\Simon\Documents\Downloads\Intel-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.173    File: C:\Users\Simon\Documents\Downloads\iTunes-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.204    File: C:\Users\Simon\Documents\Downloads\Java-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.220    File: C:\Users\Simon\Documents\Downloads\Kalypso Media-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.251    File: C:\Users\Simon\Documents\Downloads\Metro Last Light-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.266    File: C:\Users\Simon\Documents\Downloads\Microsoft DirectX SDK (June 2010)-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.282    File: C:\Users\Simon\Documents\Downloads\Microsoft Games for Windows - LIVE-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.313    File: C:\Users\Simon\Documents\Downloads\Microsoft Office-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.329    File: C:\Users\Simon\Documents\Downloads\Microsoft Security Client-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.360    File: C:\Users\Simon\Documents\Downloads\Microsoft Silverlight-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.376    File: C:\Users\Simon\Documents\Downloads\Microsoft Works-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.407    File: C:\Users\Simon\Documents\Downloads\Microsoft XNA-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.422    File: C:\Users\Simon\Documents\Downloads\Microsoft-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.438    File: C:\Users\Simon\Documents\Downloads\Mozilla Firefox-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.469    File: C:\Users\Simon\Documents\Downloads\MSI Afterburner-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.485    File: C:\Users\Simon\Documents\Downloads\MSI Kombustor 2.5-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.516    File: C:\Users\Simon\Documents\Downloads\NETGEAR-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.532    File: C:\Users\Simon\Documents\Downloads\NVIDIA Corporation-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.547    File: C:\Users\Simon\Documents\Downloads\OpenAL-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.578    File: C:\Users\Simon\Documents\Downloads\Pando Networks-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.594    File: C:\Users\Simon\Documents\Downloads\PowerISO-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.610    File: C:\Users\Simon\Documents\Downloads\QuickPar-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.641    File: C:\Users\Simon\Documents\Downloads\SABnzbd-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.672    File: C:\Users\Simon\Documents\Downloads\SafeSaver-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.703    File: C:\Users\Simon\Documents\Downloads\Skype-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.719    File: C:\Users\Simon\Documents\Downloads\SopCast-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.734    File: C:\Users\Simon\Documents\Downloads\Soul's Software-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.766    File: C:\Users\Simon\Documents\Downloads\Steam-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.797    File: C:\Users\Simon\Documents\Downloads\Ubisoft-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.812    File: C:\Users\Simon\Documents\Downloads\uTorrent-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.844    File: C:\Users\Simon\Documents\Downloads\VIA-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.875    File: C:\Users\Simon\Documents\Downloads\Windows Defender-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.890    File: C:\Users\Simon\Documents\Downloads\Windows Mail-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.922    File: C:\Users\Simon\Documents\Downloads\Windows Photo Viewer-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.937    File: C:\Users\Simon\Documents\Downloads\Windows Portable Devices-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]09:44:25.968    File: C:\Users\Simon\Documents\Downloads\Windows Sidebar-crack.exe  **INFECTED** Win32:Dropper-gen [Drp]

Where did you download all those cracks?

Link to post
Share on other sites

Delete the files I´ve listed. Then go on with the following:

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.05.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Simon :: SIMON-PC [administrator]

 

05/09/2013 11:35:12

mbam-log-2013-09-05 (11-35-12).txt

 

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 515854

Time elapsed: 29 minute(s), 58 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Link to post
Share on other sites

esat results:

C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YH2K9209\mplayer_Setup[1].exe a variant of Win32/Adware.iBryte.D application
C:\Users\Simon\Desktop\BorderLands2+18TrainerByAfterMan.EXE a variant of Win32/HackTool.CheatEngine.AF application
D:\Downloads\Spelunky.HD-3DM\Spelunky.HD-3DM\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan
D:\Downloads\witcher2trainer_320_RETAIL\witcher2trainer_320_RETAIL_desktop.exe a variant of Win32/HackTool.CheatEngine.AF application
D:\Downloads\witcher2trainer_320_RETAIL\witcher2trainer_320_RETAIL_laptop.exe a variant of Win32/HackTool.CheatEngine.AF application
Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CFScript.txt

Link to post
Share on other sites

combofix results:

ComboFix 13-09-04.04 - Simon 05/09/2013  14:30:46.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8150.6352 [GMT 1:00]
Running from: c:\users\Simon\Downloads\ComboFix.exe
Command switches used :: c:\users\Simon\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YH2K9209\mplayer_Setup[1].exe"
"d:\downloads\Spelunky.HD-3DM\Spelunky.HD-3DM\steam_api.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YH2K9209\mplayer_Setup[1].exe
c:\users\Simon\AppData\Local\Temp\_MEI21762\_ctypes.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\_elementtree.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\_hashlib.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\_multiprocessing.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\_socket.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\_ssl.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\msvcp100.dll
c:\users\Simon\AppData\Local\Temp\_MEI21762\msvcr100.dll
c:\users\Simon\AppData\Local\Temp\_MEI21762\pyexpat.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\pysqlite2._sqlite.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\python27.dll
c:\users\Simon\AppData\Local\Temp\_MEI21762\pythoncom27.dll
c:\users\Simon\AppData\Local\Temp\_MEI21762\PyWinTypes27.dll
c:\users\Simon\AppData\Local\Temp\_MEI21762\select.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\unicodedata.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\win32api.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\win32com.shell.shell.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\win32crypt.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\win32event.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\win32file.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\win32inet.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\win32pdh.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\win32process.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\win32profile.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\win32security.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\win32ts.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\windows._cacheinvalidation.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\wx._controls_.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\wx._core_.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\wx._gdi_.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\wx._html2.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\wx._misc_.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\wx._windows_.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\wx._wizard.pyd
c:\users\Simon\AppData\Local\Temp\_MEI21762\wxbase294u_net_vc90.dll
c:\users\Simon\AppData\Local\Temp\_MEI21762\wxbase294u_vc90.dll
c:\users\Simon\AppData\Local\Temp\_MEI21762\wxmsw294u_adv_vc90.dll
c:\users\Simon\AppData\Local\Temp\_MEI21762\wxmsw294u_core_vc90.dll
c:\users\Simon\AppData\Local\Temp\_MEI21762\wxmsw294u_html_vc90.dll
c:\users\Simon\AppData\Local\Temp\_MEI21762\wxmsw294u_webview_vc90.dll
d:\downloads\Spelunky.HD-3DM\Spelunky.HD-3DM\steam_api.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-05 to 2013-09-05  )))))))))))))))))))))))))))))))
.
.
2013-09-05 11:11 . 2013-09-05 11:11 -------- d-----w- c:\program files (x86)\ESET
2013-09-05 09:08 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D245C371-E4CB-49BD-AAB9-AFBCE685EC38}\mpengine.dll
2013-09-04 11:04 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-04 00:34 . 2013-09-04 00:34 -------- d-----w- c:\programdata\ATI
2013-09-04 00:33 . 2013-09-04 00:33 -------- d-----w- c:\program files (x86)\AMD AVT
2013-09-04 00:30 . 2013-09-04 00:32 -------- d-----w- c:\programdata\Package Cache
2013-08-30 12:33 . 2013-08-30 12:33 -------- d-----w- c:\programdata\Orbit
2013-08-24 18:35 . 2013-08-27 17:30 569680 ----a-w- c:\programdata\Microsoft\Windows\Time\msvcp90.dll
2013-08-24 18:35 . 2013-08-27 17:30 49664 ----a-w- c:\programdata\Microsoft\Windows\Time\w9xpopen.exe
2013-08-24 18:35 . 2013-08-27 17:30 43008 ----a-w- c:\programdata\Microsoft\Windows\Time\WindowsTime.exe
2013-08-24 18:35 . 2013-08-27 17:30 24064 ----a-w- c:\programdata\Microsoft\Windows\Time\TimeServer.exe
2013-08-24 18:35 . 2013-08-27 17:30 2303488 ----a-w- c:\programdata\Microsoft\Windows\Time\python27.dll
2013-08-24 18:35 . 2013-08-27 17:30 10752 ----a-w- c:\programdata\Microsoft\Windows\Time\Time-svc.exe
2013-08-24 18:35 . 2013-08-27 17:30 219648 ----a-w- c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-08-23 17:59 . 2013-08-23 17:59 -------- d-----w- c:\program files\iTunes
2013-08-23 17:59 . 2013-08-23 17:59 -------- d-----w- c:\program files (x86)\iTunes
2013-08-23 17:59 . 2013-08-23 17:59 -------- d-----w- c:\program files\iPod
2013-08-23 10:16 . 2013-08-23 10:15 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D50E84E5-D696-43FF-B393-5A827FF4661A}\gapaengine.dll
2013-08-15 13:11 . 2013-08-15 13:11 157736 ----a-w- c:\windows\system32\amdhcp64.dll
2013-08-15 13:11 . 2013-08-15 13:11 142304 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2013-08-15 13:11 . 2013-08-15 13:11 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-08-15 13:11 . 2013-08-15 13:11 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-08-15 13:11 . 2013-08-15 13:11 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-08-15 13:11 . 2013-08-15 13:11 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-08-15 13:11 . 2013-08-15 13:11 115512 ----a-w- c:\windows\system32\atiu9p64.dll
2013-08-15 13:11 . 2013-08-15 13:11 1266552 ----a-w- c:\windows\system32\aticfx64.dll
2013-08-15 13:11 . 2013-08-15 13:11 9067808 ----a-w- c:\windows\system32\atidxx64.dll
2013-08-15 13:11 . 2013-08-15 13:11 7919328 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-08-15 13:10 . 2013-08-15 13:10 7128240 ----a-w- c:\windows\system32\atiumd6a.dll
2013-08-15 13:10 . 2013-08-15 13:10 7625784 ----a-w- c:\windows\system32\atiumd64.dll
2013-08-15 13:09 . 2013-08-15 13:09 12652544 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-08-15 12:55 . 2013-08-15 12:55 229888 ----a-w- c:\windows\system32\clinfo.exe
2013-08-15 12:55 . 2013-08-15 12:55 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-08-15 12:54 . 2013-08-15 12:54 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-08-15 12:54 . 2013-08-15 12:54 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-08-15 12:54 . 2013-08-15 12:54 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-08-15 12:54 . 2013-08-15 12:54 28445184 ----a-w- c:\windows\system32\amdocl64.dll
2013-08-15 12:49 . 2013-08-15 12:49 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-08-15 12:45 . 2013-08-15 12:45 129536 ----a-w- c:\windows\system32\coinst_13.20.11.dll
2013-08-15 12:33 . 2013-08-15 12:33 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-08-15 12:33 . 2013-08-15 12:33 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-08-15 12:33 . 2013-08-15 12:33 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-08-15 12:33 . 2013-08-15 12:33 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-08-15 12:33 . 2013-08-15 12:33 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-08-15 12:33 . 2013-08-15 12:33 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-08-15 12:33 . 2013-08-15 12:33 25611264 ----a-w- c:\windows\system32\atio6axx.dll
2013-08-15 12:29 . 2013-08-15 12:29 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-08-15 12:15 . 2013-08-15 12:15 21624832 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-08-15 12:12 . 2013-08-15 12:12 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-08-15 12:12 . 2013-08-15 12:12 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-08-15 12:12 . 2013-08-15 12:12 574976 ----a-w- c:\windows\system32\atieclxx.exe
2013-08-15 12:11 . 2013-08-15 12:11 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-08-15 12:09 . 2013-08-15 12:09 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-08-15 11:40 . 2013-08-15 11:40 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2013-08-15 11:40 . 2013-08-15 11:40 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-08-15 11:40 . 2013-08-15 11:40 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-08-15 11:40 . 2013-08-15 11:40 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-08-15 11:40 . 2013-08-15 11:40 617984 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-08-15 11:38 . 2013-08-15 11:38 95744 ----a-w- c:\windows\system32\amdave64.dll
2013-08-15 11:37 . 2013-08-15 11:37 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2013-08-15 11:37 . 2013-08-15 11:37 89088 ----a-w- c:\windows\system32\atisamu64.dll
2013-08-15 11:37 . 2013-08-15 11:37 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2013-08-15 11:36 . 2013-08-15 11:36 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-08-15 08:06 . 2013-08-15 08:06 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-08-15 08:01 . 2013-08-15 08:01 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-08-13 23:00 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-13 22:59 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-13 22:59 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-13 22:59 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-13 22:59 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 13:11 . 2013-04-16 14:54 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-08-15 13:11 . 2012-06-11 16:25 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2013-08-15 13:11 . 2012-09-28 01:10 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-08-15 13:11 . 2013-04-16 14:53 1052264 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-08-15 13:11 . 2013-04-16 14:53 6502024 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-08-15 13:10 . 2013-04-16 14:53 6549928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-08-15 12:51 . 2013-04-16 14:34 23989248 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-08-15 12:49 . 2013-04-16 14:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-08-15 11:41 . 2012-09-28 01:13 1097728 ----a-w- c:\windows\system32\atiadlxx.dll
2013-08-15 11:40 . 2013-03-14 19:56 828416 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-08-15 11:40 . 2013-03-14 19:56 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-08-13 23:02 . 2012-11-03 19:16 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-17 21:20 . 2012-11-28 08:37 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-09 04:45 . 2013-08-13 23:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-05 08:40 . 2013-07-05 08:40 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2013-07-05 08:40 . 2013-07-05 08:40 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2013-06-25 14:55 . 2013-06-25 14:55 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 14:55 . 2013-05-10 19:22 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-25 14:55 . 2013-05-10 19:22 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-18 20:50 . 2013-06-18 20:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 20:50 . 2012-08-30 22:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-26 1807272]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-11 5119600]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-15 766208]
.
c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe -b0 [2012-11-4 103424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-11-8 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Time;Time;c:\programdata\Microsoft\Windows\Time\Time-svc.exe;c:\programdata\Microsoft\Windows\Time\Time-svc.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Simon\AppData\Local\Temp\tmp7B18.tmp;c:\users\Simon\AppData\Local\Temp\tmp7B18.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 18:46]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16 18:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 15:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-The Witcher 2 Enhanced Edition_is1 - d:\the witcher 2\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Simon\AppData\Local\Temp\tmp7B18.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-117645214-1118744934-1122574308-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12]
"GameDir"="c:\\Users\\Simon\\Documents\\Sports Interactive\\Football Manager 2012\\games"
"ShortlistDir"="c:\\Users\\Simon\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\Simon\\Documents\\Sports Interactive\\Football Manager 2012"
"SaveDir"="c:\\Users\\Simon\\Documents\\Sports Interactive\\Football Manager 2012\\"
"HistoryDir"="d:\\FM Genie Scout 12\\History Points"
"LangDB"="d:\\FM Genie Scout 12\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a13e
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:000000cf
"UniqueID"="57-A0B0-EFDF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000007
"StaffSearchFeatureNum"=dword:00000001
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000001
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000007
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000003
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000004
"AdImpressionsNum"=dword:00000033
"GameLoadedCounter"=dword:00000007
.
[HKEY_USERS\S-1-5-21-117645214-1118744934-1122574308-1000\Software\G*e*n*i*e*"!\FM Genie Scout 13]
"GameDir"="c:\\FM Genie Scout 13\\games"
"ShortlistDir"="c:\\FM Genie Scout 13\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\FM Genie Scout 13"
"SaveDir"="c:\\FM Genie Scout 13\\"
"HistoryDir"="c:\\FM Genie Scout 13\\History Points"
"LangDB"="c:\\FM Genie Scout 13\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a151
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification2"=dword:00000000
"ShowQuickGuideNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:00000152
"UniqueID"="57-A0B0-EFDF"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:0000000b
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000001
"FilterByClubFeatureNum"=dword:00000001
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000000
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:00000017
"GameLoadedCounter"=dword:00000000
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-117645214-1118744934-1122574308-1000\Software\SecuROM\License information*]
"datasecu"=hex:63,d8,d9,32,b4,2e,3b,a5,1c,57,be,9d,e5,74,06,2f,46,1d,d4,8c,fe,
   fd,e1,39,5c,ac,3e,18,9a,4d,05,f4,66,94,90,46,fb,8d,86,a5,d9,b6,ab,58,f5,bf,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_USERS\S-1-5-21-117645214-1118744934-1122574308-1000_Classes\CLSID\{BDBE366C-AB21-E546-9AA0-5ABE3384BB10}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\programdata\Microsoft\Windows\Time\WindowsTime.exe
.
**************************************************************************
.
Completion time: 2013-09-05  14:34:42 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-05 13:34
ComboFix2.txt  2013-09-05 09:48
ComboFix3.txt  2013-09-05 09:02
ComboFix4.txt  2013-09-04 17:49
.
Pre-Run: 19,246,268,416 bytes free
Post-Run: 19,193,987,072 bytes free
.
- - End Of File - - 2E5C4131B3663A396CFDC49DB32722D9
Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.