Synetra
Members-
Posts
11 -
Joined
-
Last visited
Reputation
0 Neutral-
I have noticed something that has struck me as odd. Malware bytes settings seem to be being changed when I first turn my pc on. File system protection and Malicous website blocking. I do have Norton internet securtiy, could it be turning the features off?
-
Thank your for all your help, I appreciate it. If I can just ask one last thing. Is my PC now safe to use for things such as online banking and shopping etc?
-
Here is the new log: Result.txt You didn't say which devices (there where several options, so I selected "All" Thankyou for taking the time to help me out with this, could I ask what you think might be going on? I've not had the blue screen error today yet, well so far.
-
I should only have Norton installed, I was using AVAST. But before installing Norton I used the add remove programs to uninstall it. It seems its rather stubborn and some files haven't been removed. This is the Combofix log. Combofix.txt
-
Thank you again, here are the files. DDS.txt Attach.zip
-
I seem to be having blue screening now. I've taken photographs of the errors. Should I link those there?
-
Ok here are the new logs, thanks for all the help, so whats the diagnosis, can I lift the sign off my PC that says "unclean" ? It seems to be running just fine at the moment. Results of screen317's Security Check version 0.99.50 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 7 Update 7 Adobe Reader X (10.1.4) Google Chrome 21.0.1180.89 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8% ````````````````````End of Log`````````````````````` Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.12.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michelle :: MICHELLE-PC [administrator] Protection: Enabled 12/09/2012 20:22:46 mbam-log-2012-09-12 (20-22-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 198946 Time elapsed: 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
EDIT: I went back to ESET and after deleteing the file it detected as a worm from the quarantine (the file was Acer Live\Home media, I'm sure it was something like that). I ran the scan again and this time it created a more detailed log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=9792f5ca675bd14b85d61925aeb9c387 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-09-12 02:58:10 # local_time=2012-09-12 03:58:10 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=2057 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 56292 99921939 0 0 # compatibility_mode=8192 67108863 100 0 13333 13333 0 0 # scanned=363670 # found=0 # cleaned=0 # scan_time=5001
-
ok as requested, I did notice the ESET Onlinescanner did Quarantine a file. But I'm not sure the log has saved correctly because there isn't much in it. # AdwCleaner v2.001 - Logfile created 09/12/2012 at 10:45:39 # Updated 09/09/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Michelle - MICHELLE-PC # Boot Mode : Normal # Running from : C:\Users\Michelle\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Michelle\AppData\Local\Temp\Uninstall.exe Folder Deleted : C:\Program Files (x86)\CAssistLive Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Users\Michelle\AppData\Local\Conduit Folder Deleted : C:\Users\Michelle\AppData\Local\Temp\avg@toolbar Folder Deleted : C:\Users\Michelle\AppData\LocalLow\CAssistLive Folder Deleted : C:\Users\Michelle\AppData\LocalLow\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\CAssistLive Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D74BE77-E811-418C-9C7A-DD9E51A1F4A8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\Software\CAssistLive Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2306632 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8D74BE77-E811-418C-9C7A-DD9E51A1F4A8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8D74BE77-E811-418C-9C7A-DD9E51A1F4A8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A366883A-2D70-4116-9B44-E41E5A1FAB50} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5DC0EBC-DBB9-439F-AEF7-468DBEA4ED55} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CAssistLive Toolbar Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2306632 --> hxxp://www.google.com -\\ Google Chrome v21.0.1180.89 File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.11] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632", Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632", "hxxp://www.computer-assist.org.uk/" ] Deleted [l.44] : icon_url = "hxxps://isearch.avg.com/favicon.ico", Deleted [l.47] : keyword = "isearch.avg.com", Deleted [l.50] : search_url = "hxxps://isearch.avg.com/search?cid={37E7584F-7AE0-4C18-BBD1-17923B800E23}&mid=〈=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}", Deleted [l.1133] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632", Deleted [l.1359] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632", "hxxp://www.computer-assist.org.uk/" ] ************************* AdwCleaner[s1].txt - [5313 octets] - [12/09/2012 10:45:39] ########## EOF - C:\AdwCleaner[s1].txt - [5373 octets] ########## The Eset log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
-
Attach.zipThankyou for getting back to me, there are the requested logs. I did find that on right clicking DDS, there wasn't an option to run it as an administrator. I also found that the attach report didn't need unzipping, so I tried to send it to a zipped folder to attach. I hope I have done this right otherwise. Again thankyou. Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.12.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michelle :: MICHELLE-PC [administrator] Protection: Enabled 12/09/2012 09:31:51 mbam-log-2012-09-12 (09-31-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 198416 Time elapsed: 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Michelle at 9:44:38 on 2012-09-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16354.14044 [GMT 1:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Michelle\AppData\Local\Apps\2.0\70NZ94KL.RXG\MPJQ7C2X.GBV\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\CurseClient.exe C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1009&m=aspire_g7200 uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2306632 uURLSearchHooks: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll mURLSearchHooks: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Google Update] "C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui StartupFolder: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{A4FF57CD-E9F5-47B1-BFAC-91D70B364B20} : DhcpNameServer = 192.168.1.254 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File BHO-X64: AMD SteadyVideo BHO - No File BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll BHO-X64: CAssistLive - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-11 44808] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-31 250568] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-8-31 135584] S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-8-30 33592] S3 NTIOLib_1_0_1;NTIOLib_1_0_1;C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-8-30 13328] S3 NTIOLib_1_0_2;NTIOLib_1_0_2;C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-8-30 13328] S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-8-30 14136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-11 22:14:09 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-09-11 22:14:09 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-09-11 22:14:09 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-09-11 22:14:01 41224 ----a-w- C:\Windows\avastSS.scr 2012-09-11 22:04:03 -------- d-----w- C:\Users\Michelle\AppData\Local\Avg2013 2012-09-11 21:59:00 -------- d-----w- C:\Users\Michelle\AppData\Roaming\TuneUp Software 2012-09-11 19:47:12 -------- d--h--w- C:\ProgramData\Common Files 2012-09-11 19:47:12 -------- d-----w- C:\Users\Michelle\AppData\Local\MFAData 2012-09-11 19:47:12 -------- d-----w- C:\ProgramData\MFAData 2012-09-11 14:46:59 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{86C433E4-F65E-4A6F-A217-3B01CF5DE277}\mpengine.dll 2012-09-10 21:51:07 -------- d-----w- C:\Program Files (x86)\Microsoft WSE 2012-09-10 21:09:27 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Microsoft Games 2012-09-10 21:09:04 -------- d-----w- C:\ProgramData\Microsoft Games 2012-09-10 21:09:04 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games 2012-09-10 21:01:14 -------- d-----w- C:\Program Files (x86)\Microsoft Games 2012-09-06 18:51:58 -------- d-----w- C:\Users\Michelle\AppData\Local\ElevatedDiagnostics 2012-09-03 18:18:53 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-09-03 17:45:35 -------- d-----w- C:\Users\Michelle\AppData\Local\Microsoft Games 2012-09-03 17:35:54 -------- d-----w- C:\ProgramData\Battle.net 2012-09-03 17:31:02 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Malwarebytes 2012-09-03 17:31:00 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-03 17:30:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-03 17:30:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-03 14:17:45 -------- d-----r- C:\Program Files (x86)\Skype 2012-09-03 14:08:08 -------- d-----w- C:\ProgramData\AVAST Software 2012-09-03 14:08:08 -------- d-----w- C:\Program Files\AVAST Software 2012-09-03 13:58:38 1918976 ----a-w- C:\Windows\System32\drivers\athurx.sys 2012-09-03 13:58:38 1918976 ----a-w- C:\Windows\System32\athurx.sys 2012-09-03 13:58:38 -------- d-----w- C:\Windows\Options 2012-09-03 13:58:20 -------- d-----w- C:\ProgramData\TP-LINK 2012-09-03 13:53:34 -------- d-----w- C:\Users\Michelle\AppData\Roaming\LibreOffice 2012-09-01 09:51:33 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll 2012-08-31 15:58:07 -------- d-----w- C:\Users\Michelle\AppData\Local\IsolatedStorage 2012-08-31 15:58:06 -------- d-----w- C:\Users\Michelle\AppData\Local\Futuremark_Corporation 2012-08-31 15:17:20 -------- d-----w- C:\Program Files (x86)\Futuremark 2012-08-31 15:17:14 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll 2012-08-31 15:17:14 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll 2012-08-31 15:17:13 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll 2012-08-31 15:17:13 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll 2012-08-31 15:17:13 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll 2012-08-31 15:17:13 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll 2012-08-31 15:17:13 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll 2012-08-31 15:17:13 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll 2012-08-31 15:17:13 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll 2012-08-31 15:17:13 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll 2012-08-31 13:06:42 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-31 13:06:42 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-31 13:06:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-31 13:05:45 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-31 13:05:45 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-31 12:59:57 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.5 2012-08-31 12:59:04 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Windows Live Writer 2012-08-31 12:59:04 -------- d-----w- C:\Users\Michelle\AppData\Local\Windows Live Writer 2012-08-31 12:46:56 -------- d-----w- C:\Users\Michelle\AppData\Local\Apple Computer 2012-08-31 12:43:25 -------- dc----w- C:\Users\Michelle\AppData\Local\MigWiz 2012-08-31 08:46:56 -------- d-----w- C:\Users\Michelle\Tracing 2012-08-31 08:46:28 -------- d-----w- C:\Windows\en 2012-08-31 08:46:23 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-08-31 08:46:16 -------- d-----w- C:\Windows\PCHEALTH 2012-08-31 08:46:00 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll 2012-08-31 08:46:00 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll 2012-08-31 08:46:00 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll 2012-08-31 08:46:00 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll 2012-08-31 08:44:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2012-08-31 08:42:59 -------- d-----w- C:\Users\Michelle\AppData\Local\Google 2012-08-31 08:42:53 -------- d-----w- C:\Users\Michelle\AppData\Local\Deployment 2012-08-31 08:42:53 -------- d-----w- C:\Users\Michelle\AppData\Local\Apps 2012-08-31 08:41:27 -------- d-----w- C:\iDrive 2012-08-31 08:40:40 -------- d-----w- C:\Program Files (x86)\Conduit 2012-08-31 08:40:39 -------- d-----w- C:\Users\Michelle\AppData\Local\Conduit 2012-08-31 08:39:59 -------- d-----w- C:\Program Files (x86)\CAssistLive 2012-08-30 21:28:04 -------- d-----w- C:\Windows\Panther 2012-08-30 21:27:51 -------- d-sh--w- C:\Boot 2012-08-30 21:07:02 -------- d-----w- C:\archive_db 2012-08-30 15:56:46 -------- d-----w- C:\Windows\SysWow64\Wat 2012-08-30 15:56:46 -------- d-----w- C:\Windows\System32\Wat 2012-08-30 15:41:06 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-08-30 15:37:44 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-08-30 15:31:32 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-08-30 15:31:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-08-30 15:31:32 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-08-30 15:31:32 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-08-30 15:31:32 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-30 15:31:32 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-30 15:31:32 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-08-30 15:29:59 395776 ----a-w- C:\Windows\System32\webio.dll 2012-08-30 15:28:43 723456 ----a-w- C:\Windows\System32\EncDec.dll 2012-08-30 15:28:43 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2012-08-30 15:28:02 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-30 15:28:02 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-08-30 15:28:02 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-08-30 15:27:51 77312 ----a-w- C:\Windows\System32\packager.dll 2012-08-30 15:27:51 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-08-30 15:08:26 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll 2012-08-30 15:08:26 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2012-08-30 13:54:46 -------- d-----w- C:\Program Files (x86)\Setup Files 2012-08-30 13:38:55 -------- d-----w- C:\Windows\pss 2012-08-30 13:34:53 -------- d--h--w- C:\ControlCenterCount 2012-08-30 13:03:15 0 ----a-w- C:\Windows\ativpsrm.bin 2012-08-30 13:02:36 -------- d-----w- C:\Program Files\AMD 2012-08-30 13:02:36 -------- d-----w- C:\Program Files (x86)\AMD 2012-08-30 13:02:35 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-08-30 13:02:34 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2012-08-30 13:02:34 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2012-08-30 12:58:12 -------- d-----w- C:\AMD 2012-08-30 12:53:26 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-08-30 12:53:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-08-30 12:53:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-08-30 12:51:49 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-08-30 12:51:48 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-08-30 12:51:47 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-08-30 12:51:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-08-30 12:51:23 -------- d-----w- C:\Program Files (x86)\MSI 2012-08-30 12:50:34 -------- d-----w- C:\Program Files (x86)\Renesas Electronics 2012-08-30 12:50:13 -------- d-----w- C:\ProgramData\Downloaded Installations 2012-08-30 12:47:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-08-30 12:47:59 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-08-30 12:47:04 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2012-08-30 12:47:00 -------- d-----w- C:\Program Files (x86)\Realtek 2012-08-30 12:44:15 -------- d-----w- C:\Users\Michelle\AppData\Local\AMD 2012-08-30 12:44:14 -------- d-----w- C:\Users\Michelle\AppData\Local\ATI 2012-08-30 12:42:08 44672 ----a-r- C:\Windows\System32\drivers\usbfilter.sys 2012-08-30 12:41:47 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys 2012-08-30 12:41:47 -------- d-----w- C:\ProgramData\AMD 2012-08-30 12:41:44 79488 ----a-w- C:\Windows\System32\drivers\amd_sata.sys 2012-08-30 12:41:44 40064 ----a-w- C:\Windows\System32\drivers\amd_xata.sys 2012-08-30 12:41:38 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2012-08-30 12:41:36 -------- d-sh--w- C:\Windows\Installer 2012-08-30 12:41:36 -------- d-----w- C:\Program Files\ATI 2012-08-30 12:40:30 -------- d-----w- C:\Program Files\ATI Technologies 2012-08-30 12:37:58 -------- d-----w- C:\MSI 2012-08-23 12:55:04 -------- d-----w- C:\OEM . ==================== Find3M ==================== . 2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll 2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll 2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll 2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe 2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-07-28 02:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-07-28 01:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR 2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll 2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll 2012-07-28 01:22:36 77312 ----a-w- C:\Windows\System32\amdave64.dll 2012-07-28 01:22:28 77312 ----a-w- C:\Windows\SysWow64\amdave32.dll 2012-07-28 01:22:16 74240 ----a-w- C:\Windows\System32\atisamu64.dll 2012-07-28 01:22:10 71168 ----a-w- C:\Windows\atisamu32.dll 2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-07-27 21:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-07-27 21:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-07-27 21:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-07-27 21:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-07-27 21:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-07-27 21:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll 2012-07-27 21:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-07-27 21:44:56 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2012-07-27 21:44:42 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-07-26 18:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll 2012-07-26 18:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll 2012-07-26 18:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll 2012-07-26 18:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll 2012-07-26 18:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll 2012-07-26 14:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll 2012-07-26 14:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll 2012-07-26 14:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll 2012-07-26 14:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll 2012-07-26 14:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-17 14:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL 2012-07-17 13:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll . ============= FINISH: 9:44:58.51 ===============
-
I'm sorry but I need help, I can't seem to download Hijack this from their site. But this is the log that has gotten me worried from malwarebytes: 2012/09/05 20:51:29 +0100 MICHELLE-PC Michelle MESSAGE Starting protection 2012/09/05 20:51:30 +0100 MICHELLE-PC Michelle MESSAGE Executing scheduled update: Daily 2012/09/05 20:51:31 +0100 MICHELLE-PC Michelle MESSAGE Protection started successfully 2012/09/05 20:51:34 +0100 MICHELLE-PC Michelle MESSAGE Starting IP protection 2012/09/05 20:51:35 +0100 MICHELLE-PC Michelle MESSAGE IP Protection started successfully 2012/09/05 20:51:42 +0100 MICHELLE-PC Michelle MESSAGE Scheduled update executed successfully: database updated from version v2012.09.04.04 to version v2012.09.05.10 2012/09/05 20:51:42 +0100 MICHELLE-PC Michelle MESSAGE Starting database refresh 2012/09/05 20:51:42 +0100 MICHELLE-PC Michelle MESSAGE Stopping IP protection 2012/09/05 20:52:52 +0100 MICHELLE-PC Michelle MESSAGE IP Protection stopped 2012/09/05 20:52:54 +0100 MICHELLE-PC Michelle MESSAGE Database refreshed successfully 2012/09/05 20:52:54 +0100 MICHELLE-PC Michelle MESSAGE Starting IP protection 2012/09/05 20:52:55 +0100 MICHELLE-PC Michelle MESSAGE IP Protection started successfully 2012/09/05 23:26:11 +0100 MICHELLE-PC Michelle DETECTION D:\autorun.exe Backdoor.Bot QUARANTINE 2012/09/05 23:26:11 +0100 MICHELLE-PC Michelle ERROR Quarantine failed: SetFileAttributes failed with error code 5 2012/09/05 23:26:12 +0100 MICHELLE-PC Michelle DETECTION D:\autorun.exe Backdoor.Bot DENY 2012/09/05 23:26:12 +0100 MICHELLE-PC Michelle DETECTION D:\autorun.exe Backdoor.Bot DENY 2012/09/05 23:28:17 +0100 MICHELLE-PC Michelle MESSAGE Starting database refresh 2012/09/05 23:28:17 +0100 MICHELLE-PC Michelle MESSAGE Stopping IP protection 2012/09/05 23:29:29 +0100 MICHELLE-PC Michelle MESSAGE IP Protection stopped 2012/09/05 23:29:30 +0100 MICHELLE-PC Michelle MESSAGE Database refreshed successfully 2012/09/05 23:29:30 +0100 MICHELLE-PC Michelle MESSAGE Starting IP protection 2012/09/05 23:29:31 +0100 MICHELLE-PC Michelle MESSAGE IP Protection started successfully See it says the quarantine failed? I just ran a full scan and it came up clear. What should be my next step? I know this is an old log, I was just having a look through them and then saw this.