Jump to content

Malwarebytes

Couldn’t hibernate? Malware related? Avg search?

- - - - -
Started by ineedhelp11, Jun 08 2012 08:52 AM


7 replies to this topic

#1
ineedhelp11
Posted 08 June 2012 - 08:52 AM

    New Member

  • Members
  • Pip
  • 36 posts
I started having problems with not being able to hibernate with the hibernate button. It was around same time I was trying to get search engines that creeped onto my system like avg search and so on. I tried registry fix apps, Microsoft Security Essentials, Malwarebytes. They didn’t help. Can somebody help me?

#2
screen317
Posted 14 June 2012 - 06:43 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3
ineedhelp11
Posted 16 June 2012 - 10:35 PM

    New Member

  • Members
  • Pip
  • 36 posts
hi.

just an update on my situation, i needed to gain access to my os for use before so i used combofix and tdsskiller. and i was able to access safe mode with domain controller and i was able to do a lot of what i can do in normal 7 os mode. just wanted this to be noted.

#4
ineedhelp11
Posted 16 June 2012 - 10:41 PM

    New Member

  • Members
  • Pip
  • 36 posts
in addition, the problem have escalated to where i couldn't access my normal win 7 os but i have been able to access safe mode with domain controller.

#5
ineedhelp11
Posted 16 June 2012 - 10:42 PM

    New Member

  • Members
  • Pip
  • 36 posts
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 DSREPAIR
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by founder7231 at 23:38:35 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2113 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\program files (x86)\real\realplayer\update\realsched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\wuauclt.exe
c:\program files (x86)\real\realplayer\RealPlay.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: InfoAtoms Client: {103089da-0f31-4a8b-843f-7d24a7fe8345} - C:\Program Files (x86)\InfoAtoms\IE32\bho32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [VueMinder] "C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe" 1
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun: [InCD] C:\Program Files (x86)\Ahead\InCD\InCD.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [iTurbo] C:\Program Files (x86)\iNTERNET Turbo\ITTray.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
StartupFolder: C:\Users\FOUNDE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{DBA49E91-4F47-4D6F-A324-9758D022C244} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: klartew - C:\Windows\system32\config\systemprofile\AppData\Local\klartew.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: InfoAtoms Client: {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\bho32.dll
BHO-X64: InfoAtoms Client - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO-X64: Wajam IE BHO - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Updater For Simppull Toolbar: {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO-X64: Updater For Simppull Toolbar - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun-x64: [InCD] C:\Program Files (x86)\Ahead\InCD\InCD.exe
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [iTurbo] C:\Program Files (x86)\iNTERNET Turbo\ITTray.exe
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\founder7231\AppData\Roaming\Mozilla\Firefox\Profiles\qaf8rdjb.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109221&tt=060612_6_&babsrc=KW_ss&mntrId=b4cfeb9f0000000000004487fc753e85&q=
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Downloader\npdd.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\founder7231\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\founder7231\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\founder7231\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109221&tt=060612_6_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b4cfeb9f0000000000004487fc753e85
FF - user.js: extensions.BabylonToolbar_i.hardId - b4cfeb9f0000000000004487fc753e85
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15502
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:28:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - 540656fd-eeb9-4579-8f2e-0981410530ae
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2004-9-23 26720]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100518.002\IDSviA64.sys [2010-5-24 463408]
R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-5-29 401920]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-6 44768]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-5-24 117640]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe [2012-6-5 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2012-6-5 126392]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-11 3027840]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-3-9 109064]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-11 135664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-7-2 1431888]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-11 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS --> C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-17 02:10:39 -------- d-----w- C:\Users\founder7231\AppData\Local\{60AF3DD9-51FE-46C8-8021-710445403009}
2012-06-16 20:42:39 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{835B9749-BA47-4BF9-B9B8-77DC303A2ED6}\mpengine.dll
2012-06-16 13:21:18 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-15 19:10:56 -------- d-----w- C:\Users\founder7231\AppData\Local\{C7F7A1FC-C083-4107-88CA-EE01AFA32C2D}
2012-06-15 17:49:32 -------- d-----w- C:\ProgramData\YTD YouTube Downloader & Converter
2012-06-15 13:26:05 -------- d-----w- C:\$RECYCLE.BIN
2012-06-14 03:49:40 -------- d-----w- C:\Users\founder7231\AppData\Local\{AC87CD30-8C6D-4551-97DF-BFB699D8DB4E}
2012-06-13 17:06:27 -------- d-----w- C:\Users\founder7231\AppData\Local\{7E32244F-103F-42C6-BC8E-FC8650E4C88B}
2012-06-13 17:06:17 -------- d-----w- C:\Users\founder7231\AppData\Local\{0A4DB3CD-6957-4809-A1CE-14DD44548E0B}
2012-06-12 23:46:02 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-12 23:46:02 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 23:46:01 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-12 23:37:31 -------- d-----w- C:\Users\founder7231\AppData\Local\{984ED677-C2C1-4EED-A5E3-2BA1886D6767}
2012-06-12 23:37:20 -------- d-----w- C:\Users\founder7231\AppData\Local\{A5840FFB-F918-4BDF-BF36-5E4244F7F121}
2012-06-12 03:32:34 -------- d-----w- C:\Users\founder7231\AppData\Local\{6BD8812A-DAFD-4C43-82BD-6D62BF38E58F}
2012-06-12 03:32:23 -------- d-----w- C:\Users\founder7231\AppData\Local\{72AAF5E9-7743-4E6F-A479-2F4901057D5C}
2012-06-11 18:29:20 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-06-11 18:29:19 -------- d-----w- C:\ProgramData\Tarma Installer
2012-06-11 18:29:05 -------- d-----w- C:\Users\founder7231\AppData\Roaming\BabylonToolbar
2012-06-11 18:28:55 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
2012-06-11 18:25:11 -------- d-----w- C:\Program Files (x86)\1ClickDownload
2012-06-11 18:01:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-11 01:15:25 -------- d-----w- C:\Users\founder7231\AppData\Local\Innovative Solutions
2012-06-11 01:15:22 -------- d-----w- C:\Program Files (x86)\Innovative Solutions
2012-06-11 01:15:18 -------- d-----w- C:\Users\founder7231\AppData\Local\AVG Secure Search
2012-06-11 01:15:14 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-06-11 01:15:03 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-06-11 01:15:03 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-06-11 00:37:44 -------- d-----w- C:\Windows\pss
2012-06-10 23:51:42 -------- d-----w- C:\Users\founder7231\AppData\Local\{91D1F959-7B99-4B86-A898-F974EBEF0617}
2012-06-10 23:18:26 -------- d-----w- C:\Users\founder7231\AppData\Local\{8DA04061-DFEB-4286-AB90-5DC4FC9542D6}
2012-06-10 22:33:44 -------- d-----w- C:\Users\founder7231\AppData\Local\{25EBDDF9-E72B-4B9E-9463-F3EBE20AD9C1}
2012-06-10 21:55:02 -------- d-----w- C:\Users\founder7231\AppData\Local\Symantec
2012-06-10 13:30:19 -------- d-----w- C:\windows 7
2012-06-10 07:10:06 -------- d-----w- C:\Users\founder7231\AppData\Local\{8DD55F99-E637-4D7A-B3F2-B4E5A9B9ECEC}
2012-06-10 07:09:53 -------- d-----w- C:\Users\founder7231\AppData\Local\{6143E9F0-FA06-419D-99E6-C987052E03E7}
2012-06-10 06:27:20 -------- d-----w- C:\Users\founder7231\AppData\Local\{C9A39B76-D6E1-4205-B588-A358CC82558B}
2012-06-10 06:27:10 -------- d-----w- C:\Users\founder7231\AppData\Local\{B6CBAC8E-93CE-4E81-A27F-677EF0E55B5F}
2012-06-10 06:21:50 -------- d-----w- C:\Users\founder7231\AppData\Local\{4BB96227-FCC0-4E21-88B1-E9F049951D25}
2012-06-10 06:21:39 -------- d-----w- C:\Users\founder7231\AppData\Local\{0DFA2AA3-D0C7-4EBD-A77D-397144069CE1}
2012-06-09 21:05:05 -------- d-----w- C:\Users\founder7231\AppData\Local\{44983D61-5A9D-4090-B99B-60B7B89106B1}
2012-06-09 21:04:55 -------- d-----w- C:\Users\founder7231\AppData\Local\{C8ED6084-56D7-4121-B1D6-9FB2F49CD40B}
2012-06-08 13:34:53 -------- d-----w- C:\Users\founder7231\AppData\Local\{329FD66F-68D5-493B-AFAE-4030119544BD}
2012-06-08 13:34:37 -------- d-----w- C:\Users\founder7231\AppData\Local\{97AD1485-42CF-489B-9657-A483CCD0419E}
2012-06-08 13:23:04 -------- d-----w- C:\Users\founder7231\AppData\Local\{26F234E3-E96A-4B85-94E4-330145994FF4}
2012-06-08 13:05:42 -------- d-----w- C:\Users\founder7231\AppData\Local\{B1C7A80F-C1A6-4ED0-B217-1340AC8ACA39}
2012-06-08 13:05:30 -------- d-----w- C:\Users\founder7231\AppData\Local\{FEC53763-721A-42FB-9671-D3E5C263E5E0}
2012-06-08 13:01:50 -------- d-----w- C:\ProgramData\blekko toolbars
2012-06-08 13:01:30 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair
2012-06-08 13:01:24 -------- d-----w- C:\Program Files (x86)\blekkotb_031
2012-06-08 13:01:22 -------- d-----w- C:\Users\founder7231\AppData\Local\blekkotb_031
2012-06-08 13:01:21 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2012-06-08 11:48:50 -------- d-----w- C:\Users\founder7231\AppData\Local\{DE183D1B-2DC0-4A97-9E0C-7C872638D1B7}
2012-06-08 09:02:56 -------- d-----w- C:\Users\founder7231\AppData\Local\{0657BD4E-4259-46D2-BFD0-4A8D19607CAD}
2012-06-08 07:27:51 -------- d-----w- C:\Users\founder7231\AppData\Local\{1C029960-6F85-466C-B75E-DA8F03A3624D}
2012-06-08 07:27:40 -------- d-----w- C:\Users\founder7231\AppData\Local\{FB8CA88F-D8D5-409F-8A93-99359A95E55A}
2012-06-08 06:21:40 -------- d-----w- C:\Users\founder7231\AppData\Local\{ADEF19A7-A60D-4A3B-9862-E927B486B0A0}
2012-06-08 05:36:13 -------- d-----w- C:\Users\founder7231\AppData\Local\{7C252ED4-FF33-4EB5-A678-0E0FA3FAD26F}
2012-06-08 05:36:02 -------- d-----w- C:\Users\founder7231\AppData\Local\{6BE30523-3A98-4258-B200-72EA03D50276}
2012-06-08 04:48:22 -------- d-----w- C:\Users\founder7231\AppData\Local\{406B1EAD-6EB8-4305-A663-516E6F001CE6}
2012-06-08 04:48:10 -------- d-----w- C:\Users\founder7231\AppData\Local\{AF327736-FF7B-4559-B426-ABAD9D4D17DB}
2012-06-07 15:38:34 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-07 15:38:30 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-07 14:52:13 -------- d-----w- C:\Users\founder7231\AppData\Local\{77D6439F-ECD3-4A42-A5A7-CE56F019F4CA}
2012-06-07 14:48:11 -------- d-----w- C:\Users\founder7231\AppData\Local\{8BBC3AF3-EF3A-48E8-8CDE-E1EED39F64C1}
2012-06-07 14:05:31 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-07 14:05:30 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 14:01:22 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\89DE.tmp
2012-06-07 14:01:22 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\89AF.tmp
2012-06-07 00:23:36 -------- d-----w- C:\Users\founder7231\AppData\Local\{22E18367-DB7A-4B2B-B864-5390AE748959}
2012-06-07 00:23:26 -------- d-----w- C:\Users\founder7231\AppData\Local\{F46EEA0B-F07B-4904-9120-15976B2620B5}
2012-06-06 23:34:02 -------- d-----w- C:\Users\founder7231\AppData\Local\{A4A4E492-7AA3-4402-97C2-262129CED3FA}
2012-06-06 23:33:51 -------- d-----w- C:\Users\founder7231\AppData\Local\{098EEF58-74E4-4A71-AE15-2C642D89489B}
2012-06-06 21:43:49 -------- d-----w- C:\Users\founder7231\AppData\Local\{78A27BA1-8FE7-426E-8898-58675D1FFB59}
2012-06-06 21:43:39 -------- d-----w- C:\Users\founder7231\AppData\Local\{7B876689-5137-4865-A2EF-5F6AF306FA5C}
2012-06-06 17:55:20 -------- d-----w- C:\Users\founder7231\AppData\Local\{515AE45E-F21D-4E97-A706-C037B21761CA}
2012-06-06 17:55:05 -------- d-----w- C:\Users\founder7231\AppData\Local\{54822CB3-E9A2-40E4-834D-8667A97DBE7D}
2012-06-05 23:49:09 -------- d-----w- C:\Users\founder7231\AppData\Local\{0D55D294-00CA-4D27-AB1B-B17EB6D9F4B8}
2012-06-05 22:49:28 -------- d-----w- C:\Program Files\ATI Technologies
2012-06-05 22:49:24 -------- d-----w- C:\Program Files\ATI
2012-06-05 22:48:33 -------- d-----w- C:\ATI Radeon 9250
2012-06-05 22:11:59 -------- d-----w- C:\ATI
2012-06-05 22:03:48 -------- d-----w- C:\Users\founder7231\AppData\Local\{BB4DAB14-F780-4E81-9448-F4D3058F4D70}
2012-06-05 22:03:31 -------- d-----w- C:\Users\founder7231\AppData\Local\{8706B56D-1C78-4149-AC17-5FE0892B531F}
2012-06-05 21:40:28 -------- d-----w- C:\ATI Radeon 9250 6.14.10.6505
2012-06-05 20:51:48 -------- d-----w- C:\Users\founder7231\AppData\Local\SlimWare Utilities Inc
2012-06-05 20:51:44 -------- d--h--w- C:\ProgramData\Common Files
2012-06-05 17:40:39 81920 ----a-w- C:\Windows\eSellerateControl350.dll
2012-06-05 17:40:39 356352 ----a-w- C:\Windows\eSellerateEngine.dll
2012-06-05 17:40:36 -------- d-----w- C:\Program Files (x86)\Babylon Toolbar Removal Tool
2012-06-05 15:43:23 -------- d-----w- C:\Program Files\Speccy
2012-06-05 12:06:08 -------- d-----w- C:\Users\founder7231\AppData\Local\{8F1D488A-512B-4E5E-9355-F3F1D5BE10FB}
2012-06-05 11:26:59 -------- d-----w- C:\Program Files (x86)\Steam
2012-06-05 11:25:14 -------- d-----w- C:\Users\founder7231\AppData\Local\{1E59A6E5-BF77-441A-805F-5C0EC9E2A6F9}
2012-06-05 10:34:50 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64\0200110.014
2012-06-05 10:34:50 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64
2012-06-05 10:34:49 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup
2012-06-05 08:35:06 1737536 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-06-05 08:35:06 1466176 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-06-05 06:59:35 -------- d-----w- C:\Users\founder7231\AppData\Local\{E0D1CF38-3DF4-4072-85BE-8D01CA40A68F}
2012-06-05 06:25:53 -------- d-----w- C:\ProgramData\RELOADED
2012-06-05 06:15:42 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-06-05 06:07:49 -------- d-----w- C:\confrotnation 2012
2012-06-05 05:36:32 -------- d-----w- C:\Users\founder7231\AppData\Local\{126F098F-B71E-4B8C-BF5E-3DA999834202}
2012-06-05 05:36:22 -------- d-----w- C:\Users\founder7231\AppData\Local\{2620A51D-105D-4E2C-BCBA-98A875941094}
2012-06-05 05:36:00 -------- d-----w- C:\Users\founder7231\AppData\Local\{CF329E0E-DAB0-47C4-B1EA-E820B12B2DEB}
2012-06-05 05:35:49 -------- d-----w- C:\Users\founder7231\AppData\Local\{A7DF3120-E15A-40DB-AFF2-7BEA6AA51439}
2012-06-03 12:28:04 -------- d-----w- C:\Users\founder7231\AppData\Local\{B8204BB8-D008-4264-B650-29AD9E7637D9}
2012-06-03 12:27:53 -------- d-----w- C:\Users\founder7231\AppData\Local\{E5F9B06D-F1E7-4E28-AF65-59D2620C5568}
2012-06-02 14:34:25 -------- d-----w- C:\Users\founder7231\AppData\Local\{CB985D57-A86B-42EC-BC17-CD7F75F5697F}
2012-06-02 13:47:55 -------- d-----w- C:\Users\founder7231\AppData\Local\{10AFA12F-C711-4E2D-9FFD-D098CFD00008}
2012-06-02 13:42:58 212992 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2012-06-02 13:42:05 -------- d-----w- C:\Users\founder7231\AppData\Local\{A4E7DCF8-7293-4BF7-817C-56D120E2C464}
2012-06-02 12:08:26 -------- d-----w- C:\Users\founder7231\AppData\Roaming\runic games
2012-06-02 12:07:19 -------- d-----w- C:\torchlight
2012-06-02 11:37:43 -------- d-----w- C:\Users\founder7231\AppData\Local\{B10A4543-1EA6-4804-BB32-7EC8678974B5}
2012-06-02 11:13:45 -------- d-----w- C:\Users\founder7231\AppData\Local\{B853F10A-1AB6-4C8E-BA70-24D1357FDECB}
2012-06-02 11:13:35 -------- d-----w- C:\Users\founder7231\AppData\Local\{9EE73860-6A6A-4DEF-B755-0D02C275E628}
2012-06-02 09:16:25 -------- d-----w- C:\Windows\SysWow64\xlive
2012-06-02 09:16:10 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-06-02 09:03:18 -------- d-----w- C:\Program Files (x86)\InfoAtoms
2012-06-02 09:03:15 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-06-02 09:03:10 -------- d-----w- C:\Users\founder7231\AppData\Roaming\DAEMON Tools Lite
2012-06-02 09:02:57 -------- d-----w- C:\Users\founder7231\AppData\Roaming\OpenCandy
2012-06-02 09:02:56 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-06-02 09:02:10 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-06-01 13:04:39 -------- d-----w- C:\Users\founder7231\AppData\Local\{665017FD-09BF-4C0D-AA93-31AFDE355C73}
2012-06-01 12:33:01 -------- d-----w- C:\Users\founder7231\AppData\Local\{10DCAA9B-5B8F-45E9-AADB-5CF5E308CB15}
2012-06-01 12:32:49 -------- d-----w- C:\Users\founder7231\AppData\Local\{1A0C612A-F35C-4CB2-A525-3463DA74FACA}
2012-05-31 07:21:04 -------- d-----w- C:\rtk11 trainer
2012-05-31 00:11:38 -------- d-----w- C:\Users\founder7231\AppData\Local\{2F61CF33-296A-4D5E-A604-B77AC4362519}
2012-05-30 04:54:42 -------- d-----w- C:\Users\founder7231\AppData\Local\{34065A50-0AED-4731-BE2B-135DB9853862}
2012-05-30 04:54:32 -------- d-----w- C:\Users\founder7231\AppData\Local\{ED151F5B-8EB7-47A5-A71C-8C8CFB54A8ED}
2012-05-30 04:05:41 -------- d-----w- C:\Users\founder7231\AppData\Local\{DD947C50-58F1-4FEB-A203-84F724AE2E1D}
2012-05-30 04:05:29 -------- d-----w- C:\Users\founder7231\AppData\Local\{6064FD16-B492-4AE0-A137-DC38BE54A0CC}
2012-05-29 13:11:43 -------- d-----w- C:\reorc st
2012-05-29 10:06:30 -------- d-----w- C:\reorc
2012-05-29 03:10:36 -------- d-----w- C:\Users\founder7231\AppData\Local\{6436F2CE-3F85-48CD-A7A9-0BD0AFC0B928}
2012-05-27 09:51:16 -------- d-----w- C:\Users\founder7231\AppData\Local\{22C3475D-A40A-4001-BBFE-1CDD0A11602B}
2012-05-27 09:51:05 -------- d-----w- C:\Users\founder7231\AppData\Local\{5A86E98B-7EDB-4F4F-9D2F-10765B4F48BD}
2012-05-27 09:45:45 65536 ----a-r- C:\Users\founder7231\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\NewShortcut7_64893225ADBA469EB114F3B2C1FBBA77.exe
2012-05-27 09:45:45 65536 ----a-r- C:\Users\founder7231\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\NewShortcut4_64893225ADBA469EB114F3B2C1FBBA77.exe
2012-05-27 09:45:45 65536 ----a-r- C:\Users\founder7231\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\Manual_UK_64893225ADBA469EB114F3B2C1FBBA77.exe
2012-05-27 09:45:45 65536 ----a-r- C:\Users\founder7231\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\Manual_FR_64893225ADBA469EB114F3B2C1FBBA77.exe
2012-05-27 09:45:45 65536 ----a-r- C:\Users\founder7231\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\Manual_DE_64893225ADBA469EB114F3B2C1FBBA77.exe
2012-05-27 09:45:45 45056 ----a-r- C:\Users\founder7231\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\S11Launcher.exeE_64893225ADBA469EB114F3B2C1FBBA77.exe
2012-05-27 09:45:45 45056 ----a-r- C:\Users\founder7231\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\S11Launcher.exe_64893225ADBA469EB114F3B2C1FBBA77.exe
2012-05-27 09:27:57 -------- d-----w- C:\Program Files (x86)\Koei
2012-05-27 09:17:28 -------- d-----w- C:\ROT 3KDS XI BY CHAOWCHAI
2012-05-26 05:04:15 -------- d-----w- C:\Users\founder7231\AppData\Local\{211BCF65-7535-49D4-B89D-08421CBE1275}
2012-05-26 05:04:04 -------- d-----w- C:\Users\founder7231\AppData\Local\{E023A9C5-2444-43C2-A13D-BA431D47D0AF}
2012-05-24 13:06:47 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-05-24 13:06:30 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-05-24 13:06:23 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-05-24 13:06:14 129144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-05-24 13:06:06 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-24 13:06:06 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-24 09:06:34 -------- d-----w- C:\Users\founder7231\AppData\Local\{B4E8F15A-064C-4284-BC3C-204B98037A4C}
2012-05-22 17:24:49 -------- d-----w- C:\Users\founder7231\AppData\Local\{B47AC28E-C3E9-4F70-8F9E-722FDD136B20}
2012-05-21 20:09:07 -------- d-----w- C:\Users\founder7231\AppData\Local\{2DA2F9F5-B46D-41D2-A808-C990E90C9F8B}
2012-05-21 06:36:28 -------- d-----w- C:\Program Files (x86)\1C Company
2012-05-21 01:33:00 -------- d-----w- C:\Users\founder7231\AppData\Local\{05E387D7-FDAC-4D9F-B4A3-7397CC52A9EB}
2012-05-20 23:33:51 -------- d-----w- C:\Users\founder7231\AppData\Local\{9011CBBB-06A6-44E7-8905-5BC106CD0FA4}
2012-05-20 23:33:40 -------- d-----w- C:\Users\founder7231\AppData\Local\{4A93F6F0-C359-4EBF-ACB6-434C6107D24B}
2012-05-20 23:16:40 -------- d-----w- C:\Users\founder7231\AppData\Local\{EF3FEEDC-3462-4AD0-A1ED-B3002C090887}
2012-05-20 23:16:30 -------- d-----w- C:\Users\founder7231\AppData\Local\{32C92B71-2987-478F-B1BA-C34F4751EE26}
2012-05-19 22:14:52 -------- d-----w- C:\Users\founder7231\AppData\Local\{9263A2D9-6971-47A9-AD0C-4F19E46D574F}
2012-05-19 22:14:42 -------- d-----w- C:\Users\founder7231\AppData\Local\{FF7EBCBA-7377-424A-8A2B-27527988AFA6}
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-17 09:17:00 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-05-17 09:17:00 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-05-17 09:16:59 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-05-17 09:16:59 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-13 06:48:29 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2006-05-03 15:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 16:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 18:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 23:39:53.16 ===============

#6
screen317
Posted 19 June 2012 - 01:38 AM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Hi,

I notice that you are using more than one antivirus program (avast, Norton, and Microsoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

With that said, with all of this corruption, it may be better to just start over with a fresh install of Windows after formatting your hard drive. Is that something you could potentially do after backing up your data?
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7
screen317
Posted 24 June 2012 - 05:01 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Are you still with us? This topic will be closed in a few days if we do not hear back from you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8
screen317
Posted 28 June 2012 - 06:23 PM

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,465 posts
  • Gender:Male
  • Location:New Haven, CT
Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us