Infected by a varaint of Wimpixo

[Wuffus]

Full disclosure: I have run Malwarebytes several times prior to beginning the process here, as well as Microsoft Security Essentials, both of which have found (and removed) other malware. Microsoft Security Essentials continues to find Torjan:Win32/Wimpixo.E at boot, even after purportedly successfully cleaning it out.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5185

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/26/2010 10:21:36 AM

mbam-log-2010-11-26 (10-21-36).txt

Scan type: Quick scan

Objects scanned: 141763

Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-11-26.01) - NTFS_AMD64

Run by Ardic at 10:10:25.79 on Fri 11/26/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6134.4491 [GMT -6:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\amBX\System\amBX_Service.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files (x86)\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files (x86)\amBX\Control Panel\amBXDaemon.exe

C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\amBX\Effects\amBX Event Manager.exe

C:\Program Files (x86)\Belvedere\Belvedere.exe

C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Everything\Everything.exe

C:\Program Files (x86)\Logitech\G930\G930.exe

C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Ardic\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ardic\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ardic\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ardic\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ardic\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ardic\AppData\Local\Google\Chrome\Application\chrome.exe

E:\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Ardic\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup

mRun: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe

mRun: [iMON] C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe /startup

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

dRun: [uO8KTAT1GY] C:\Windows\TEMP\Nbe.exe

StartupFolder: C:\Users\Ardic\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\G930\eReg.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMBXEF~1.LNK - C:\Program Files (x86)\amBX\Effects\amBX Event Manager.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BELVED~1.LNK - C:\Program Files (x86)\Belvedere\Belvedere.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: {45749700-5CCD-4690-AB34-7BD2C76FC805} = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

mRun-x64: [amBX Daemon] "C:\Program Files (x86)\amBX\Control Panel\amBXDaemon.exe"

mRun-x64: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe

mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

============= SERVICES / DRIVERS ===============

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2010-11-24 1263200]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]

R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-11-24 3975088]

R2 amBX Service;amBX Service;C:\Program Files (x86)\amBX\System\amBX_Service.exe [2008-4-17 612864]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-26 203776]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-11-22 96896]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]

R2 Philips HAL Starter;Philips HAL Starter;C:\Program Files (x86)\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe [2008-6-9 74240]

R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-11-23 2011944]

R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-11-24 279136]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-26 8012288]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-26 287232]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-9-24 116752]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]

R3 Philips amBX USB HAL;Philips amBX USB HAL;C:\Program Files (x86)\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe [2008-6-9 540672]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 LADF_BakerCOnly;BakerC Filter Driver;C:\Windows\System32\drivers\ladfBakerCamd64.sys [2010-10-17 363224]

S3 LADF_BakerROnly;BakerR Filter Driver;C:\Windows\System32\drivers\ladfBakerRamd64.sys [2010-10-17 334552]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-7-27 339040]

S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-7-27 6465632]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-22 1255736]

=============== Created Last 30 ================

2010-11-26 15:48:57 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{E162B04A-5ACF-458F-915C-FF0B35807A67}\mpengine.dll

2010-11-25 03:25:40 -------- d-----w- C:\Users\Ardic\AppData\Roaming\Malwarebytes

2010-11-25 03:25:29 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2010-11-25 03:25:28 -------- d-----w- C:\PROGRA~3\Malwarebytes

2010-11-25 03:25:27 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-11-25 03:25:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-11-24 18:17:50 731000 ----a-w- C:\autoruns.exe

2010-11-24 08:28:48 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2010-11-24 08:12:12 279136 ----a-w- C:\Windows\System32\drivers\afcdp.sys

2010-11-24 08:12:07 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys

2010-11-24 08:12:05 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys

2010-11-24 08:12:02 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys

2010-11-24 07:36:28 -------- d-----w- C:\Users\Ardic\AppData\Roaming\PeaZip

2010-11-24 07:23:20 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-11-24 02:53:06 -------- d-----w- C:\Program Files (x86)\SOUNDGRAPH

2010-11-24 02:53:04 -------- d-----w- C:\Users\Ardic\AppData\Roaming\SOUNDGRAPH

2010-11-24 02:53:04 -------- d-----w- C:\PROGRA~3\SOUNDGRAPH

2010-11-24 02:52:24 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll

2010-11-24 02:52:24 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll

2010-11-24 02:52:24 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2010-11-24 02:52:24 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll

2010-11-24 02:52:24 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll

2010-11-24 02:52:23 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

2010-11-24 02:52:23 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

2010-11-24 02:33:03 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-11-24 02:33:03 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2010-11-24 01:54:39 -------- d-----w- C:\Program Files\amBX

2010-11-24 01:52:28 -------- d-----w- C:\Users\Ardic\AppData\Local\IsolatedStorage

2010-11-24 01:49:34 -------- d-----w- C:\Users\Ardic\AppData\Roaming\amBX_Events

2010-11-24 01:49:34 -------- d-----w- C:\PROGRA~3\amBX_Events

2010-11-24 01:49:01 -------- d-----w- C:\Program Files (x86)\amBX

2010-11-24 01:48:53 -------- d-----w- C:\Windows\Downloaded Installations

2010-11-24 01:26:46 -------- d-----w- C:\Program Files (x86)\NirSoft

2010-11-24 00:14:38 -------- d-----w- C:\Users\Ardic\AppData\Local\Downloaded Installations

2010-11-23 23:29:43 -------- d-----w- C:\Program Files (x86)\Ventrilo

2010-11-23 23:29:21 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2010-11-23 23:24:39 253440 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp02t.dll

2010-11-23 23:22:56 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2010-11-23 23:22:55 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2010-11-23 23:22:20 138752 ----a-w- C:\Windows\System32\hpf3l02t.dll

2010-11-23 23:22:14 -------- d-----w- C:\Program Files (x86)\HP

2010-11-23 23:08:57 644456 ----a-w- C:\Windows\System32\hpzids40.dll

2010-11-23 23:08:56 906240 ----a-w- C:\Windows\System32\hpwwiax5.dll

2010-11-23 23:08:56 1422848 ----a-w- C:\Windows\System32\hpwtiop4.dll

2010-11-23 23:08:55 553472 ----a-w- C:\Windows\System32\hppldcoi.dll

2010-11-23 23:08:55 488960 ----a-w- C:\Windows\System32\hpovst11.dll

2010-11-23 22:34:39 3734536 ----a-w- C:\Windows\SysWow64\d3dx9_36.dll

2010-11-23 22:34:39 3734536 ----a-w- C:\Windows\System32\d3dx9_36.dll

2010-11-23 22:12:24 -------- d-----w- C:\Program Files (x86)\SoundSpectrum

2010-11-23 20:54:09 -------- d-----w- C:\Program Files (x86)\LastPass

2010-11-23 19:36:35 -------- d-----w- C:\Program Files (x86)\Belvedere

2010-11-23 18:50:15 -------- d-----w- C:\Users\Ardic\AppData\Roaming\foobar2000

2010-11-23 08:19:40 -------- d-----r- C:\Program Files (x86)\Skype

2010-11-23 08:18:22 -------- d-----w- C:\Windows\System32\appmgmt

2010-11-23 07:59:19 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

2010-11-23 07:20:11 -------- d-----w- C:\Users\Ardic\AppData\Roaming\TeraCopy

2010-11-23 07:00:16 -------- d-----w- C:\Users\Ardic\AppData\Local\Evernote

2010-11-23 06:40:41 -------- d-----w- C:\Users\Ardic\AppData\Local\ElevatedDiagnostics

2010-11-23 06:14:59 -------- d-----w- C:\Users\Ardic\AppData\Roaming\uTorrent

2010-11-23 05:27:36 24576 ----a-w- C:\Windows\SysWow64\AsIO.dll

2010-11-23 05:27:36 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys

2010-11-23 05:27:33 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

2010-11-23 05:27:33 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

2010-11-23 05:27:32 -------- d-----w- C:\Program Files (x86)\ASUS

2010-11-23 05:27:22 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2010-11-23 05:27:22 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2010-11-23 05:27:22 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2010-11-23 05:27:22 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll

2010-11-23 05:27:22 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2010-11-22 23:21:03 -------- d-----w- C:\Windows\SysWow64\Wat

2010-11-22 23:21:03 -------- d-----w- C:\Windows\System32\Wat

2010-11-22 23:15:22 -------- d-----w- C:\Windows\SysWow64\logishrd

2010-11-22 23:15:22 -------- d-----w- C:\Windows\System32\logishrd

2010-11-22 23:15:17 -------- d-----w- C:\Program Files (x86)\Common Files\LWS

2010-11-22 23:11:18 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2010-11-22 23:11:18 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2010-11-22 23:07:23 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2010-11-22 23:07:23 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2010-11-22 23:07:23 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2010-11-22 23:07:23 444752 ----a-w- C:\Windows\System32\mscoree.dll

2010-11-22 23:07:23 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2010-11-22 23:07:23 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2010-11-22 23:07:23 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2010-11-22 23:07:23 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2010-11-22 23:07:23 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2010-11-22 23:07:23 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2010-11-22 23:02:59 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-11-22 23:01:47 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-11-22 23:00:46 220672 ----a-w- C:\Windows\System32\wintrust.dll

2010-11-22 23:00:46 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2010-11-22 23:00:44 139264 ----a-w- C:\Windows\System32\cabview.dll

2010-11-22 23:00:44 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2010-11-22 22:41:26 -------- d-----w- C:\Windows\Panther

2010-11-22 22:41:13 -------- d-sh--w- C:\Boot

2010-11-22 22:25:35 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2010-11-22 22:25:35 540672 ----a-w- C:\Windows\RtlExUpd.dll

2010-11-22 22:25:34 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2010-11-22 22:25:34 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2010-11-22 22:25:34 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2010-11-22 22:25:34 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2010-11-22 22:25:34 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2010-11-22 22:25:34 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2010-11-22 22:25:34 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2010-11-22 22:25:34 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2010-11-22 22:24:32 -------- d--h--w- C:\Program Files (x86)\Temp

2010-11-22 22:13:46 -------- d-----w- C:\Users\Ardic\AppData\Local\ATI

2010-11-22 22:13:20 0 ----a-w- C:\Windows\ativpsrm.bin

2010-11-22 22:12:22 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2010-11-22 22:12:22 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2010-11-22 22:12:00 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2010-11-22 22:11:47 -------- d-sh--w- C:\Windows\Installer

2010-11-22 22:11:47 -------- d-----w- C:\Program Files\ATI

2010-11-22 22:09:10 -------- d-----w- C:\Program Files\ATI Technologies

2010-11-22 21:53:31 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2010-11-22 21:52:36 -------- d-----w- C:\Intel

2010-11-22 21:17:59 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{872AE29A-6D37-4CA1-ABED-70119E5F0BE1}\mpengine.dll

2010-11-22 21:17:59 270720 ------w- C:\Windows\System32\MpSigStub.exe

==================== Find3M ====================

2010-11-23 06:14:47 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-10-27 04:00:14 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2010-10-27 03:25:36 21422592 ----a-w- C:\Windows\System32\atio6axx.dll

2010-10-27 03:08:16 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2010-10-27 02:55:30 143360 ----a-w- C:\Windows\System32\atiapfxx.exe

2010-10-27 02:55:22 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2010-10-27 02:54:22 645120 ----a-w- C:\Windows\System32\aticfx64.dll

2010-10-27 02:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2010-10-27 02:52:12 478208 ----a-w- C:\Windows\System32\atieclxx.exe

2010-10-27 02:51:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe

2010-10-27 02:50:28 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2010-10-27 02:50:14 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2010-10-27 02:50:08 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2010-10-27 02:49:56 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2010-10-27 02:49:52 16384 ----a-w- C:\Windows\System32\atimuixx.dll

2010-10-27 02:49:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2010-10-27 02:49:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2010-10-27 02:46:56 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2010-10-27 02:38:02 4744704 ----a-w- C:\Windows\System32\atidxx64.dll

2010-10-27 02:35:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2010-10-27 02:35:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2010-10-27 02:35:18 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2010-10-27 02:35:16 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2010-10-27 02:35:06 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll

2010-10-27 02:33:50 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2010-10-27 02:28:20 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2010-10-27 02:22:02 5218304 ----a-w- C:\Windows\System32\atiumd64.dll

2010-10-27 02:14:58 58880 ----a-w- C:\Windows\System32\coinst.dll

2010-10-27 02:14:56 349184 ----a-w- C:\Windows\System32\atiadlxx.dll

2010-10-27 02:14:50 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2010-10-27 02:14:42 14848 ----a-w- C:\Windows\System32\atig6pxx.dll

2010-10-27 02:14:40 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2010-10-27 02:14:40 12800 ----a-w- C:\Windows\System32\atiglpxx.dll

2010-10-27 02:14:36 31744 ----a-w- C:\Windows\System32\atig6txx.dll

2010-10-27 02:14:30 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2010-10-27 02:14:22 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2010-10-27 02:13:42 39936 ----a-w- C:\Windows\System32\atiuxp64.dll

2010-10-27 02:13:34 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2010-10-27 02:13:28 37888 ----a-w- C:\Windows\System32\atiu9p64.dll

2010-10-27 02:13:22 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2010-10-27 02:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2010-10-27 01:57:02 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll

2010-10-27 01:50:08 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\atimpc64.dll

2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\amdpcom64.dll

2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2010-10-18 01:22:08 79192 ----a-w- C:\Windows\System32\LADFBakerRCoinst_amd64.dll

2010-10-18 01:22:02 334552 ----a-w- C:\Windows\System32\drivers\ladfBakerRamd64.sys

2010-10-18 01:21:50 363224 ----a-w- C:\Windows\System32\drivers\ladfBakerCamd64.sys

2010-10-07 18:36:16 96544 ----a-w- C:\Windows\System32\dnssd.dll

2010-10-07 18:36:16 69408 ----a-w- C:\Windows\System32\jdns_sd.dll

2010-10-07 18:36:16 237856 ----a-w- C:\Windows\System32\dnssdX.dll

2010-10-07 18:36:16 119584 ----a-w- C:\Windows\System32\dns-sd.exe

2010-10-07 18:23:02 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll

2010-10-07 18:23:02 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2010-10-07 18:23:02 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2010-10-07 18:23:02 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2010-09-24 12:46:32 116752 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

2010-09-16 17:40:16 295824 ----a-w- C:\Windows\System32\G-Force.scr

2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2010-09-08 17:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2010-09-08 17:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

============= FINISH: 10:10:55.07 ===============

Attach.zip

[Gammo]

Hi,

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Check the box that says Scan All Users.
  
• Under the Custom Scan box paste this in
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
    

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!