Jump to content

Synetra

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I have noticed something that has struck me as odd. Malware bytes settings seem to be being changed when I first turn my pc on. File system protection and Malicous website blocking. I do have Norton internet securtiy, could it be turning the features off?
  2. Thank your for all your help, I appreciate it. If I can just ask one last thing. Is my PC now safe to use for things such as online banking and shopping etc?
  3. Here is the new log: Result.txt You didn't say which devices (there where several options, so I selected "All" Thankyou for taking the time to help me out with this, could I ask what you think might be going on? I've not had the blue screen error today yet, well so far.
  4. I should only have Norton installed, I was using AVAST. But before installing Norton I used the add remove programs to uninstall it. It seems its rather stubborn and some files haven't been removed. This is the Combofix log. Combofix.txt
  5. Thank you again, here are the files. DDS.txt Attach.zip
  6. I seem to be having blue screening now. I've taken photographs of the errors. Should I link those there?
  7. Ok here are the new logs, thanks for all the help, so whats the diagnosis, can I lift the sign off my PC that says "unclean" ? It seems to be running just fine at the moment. Results of screen317's Security Check version 0.99.50 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 7 Update 7 Adobe Reader X (10.1.4) Google Chrome 21.0.1180.89 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8% ````````````````````End of Log`````````````````````` Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.12.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michelle :: MICHELLE-PC [administrator] Protection: Enabled 12/09/2012 20:22:46 mbam-log-2012-09-12 (20-22-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 198946 Time elapsed: 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  8. EDIT: I went back to ESET and after deleteing the file it detected as a worm from the quarantine (the file was Acer Live\Home media, I'm sure it was something like that). I ran the scan again and this time it created a more detailed log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=9792f5ca675bd14b85d61925aeb9c387 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-09-12 02:58:10 # local_time=2012-09-12 03:58:10 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=2057 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 56292 99921939 0 0 # compatibility_mode=8192 67108863 100 0 13333 13333 0 0 # scanned=363670 # found=0 # cleaned=0 # scan_time=5001
  9. ok as requested, I did notice the ESET Onlinescanner did Quarantine a file. But I'm not sure the log has saved correctly because there isn't much in it. # AdwCleaner v2.001 - Logfile created 09/12/2012 at 10:45:39 # Updated 09/09/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Michelle - MICHELLE-PC # Boot Mode : Normal # Running from : C:\Users\Michelle\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Michelle\AppData\Local\Temp\Uninstall.exe Folder Deleted : C:\Program Files (x86)\CAssistLive Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Users\Michelle\AppData\Local\Conduit Folder Deleted : C:\Users\Michelle\AppData\Local\Temp\avg@toolbar Folder Deleted : C:\Users\Michelle\AppData\LocalLow\CAssistLive Folder Deleted : C:\Users\Michelle\AppData\LocalLow\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\CAssistLive Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D74BE77-E811-418C-9C7A-DD9E51A1F4A8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\Software\CAssistLive Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2306632 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8D74BE77-E811-418C-9C7A-DD9E51A1F4A8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8D74BE77-E811-418C-9C7A-DD9E51A1F4A8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A366883A-2D70-4116-9B44-E41E5A1FAB50} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5DC0EBC-DBB9-439F-AEF7-468DBEA4ED55} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CAssistLive Toolbar Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CC3DEC62-7C65-460A-BF75-E2199BCAA3D4}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2306632 --> hxxp://www.google.com -\\ Google Chrome v21.0.1180.89 File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.11] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632", Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632", "hxxp://www.computer-assist.org.uk/" ] Deleted [l.44] : icon_url = "hxxps://isearch.avg.com/favicon.ico", Deleted [l.47] : keyword = "isearch.avg.com", Deleted [l.50] : search_url = "hxxps://isearch.avg.com/search?cid={37E7584F-7AE0-4C18-BBD1-17923B800E23}&mid=〈=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}", Deleted [l.1133] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632", Deleted [l.1359] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2306632", "hxxp://www.computer-assist.org.uk/" ] ************************* AdwCleaner[s1].txt - [5313 octets] - [12/09/2012 10:45:39] ########## EOF - C:\AdwCleaner[s1].txt - [5373 octets] ########## The Eset log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
  10. Attach.zipThankyou for getting back to me, there are the requested logs. I did find that on right clicking DDS, there wasn't an option to run it as an administrator. I also found that the attach report didn't need unzipping, so I tried to send it to a zipped folder to attach. I hope I have done this right otherwise. Again thankyou. Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.12.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Michelle :: MICHELLE-PC [administrator] Protection: Enabled 12/09/2012 09:31:51 mbam-log-2012-09-12 (09-31-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 198416 Time elapsed: 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Michelle at 9:44:38 on 2012-09-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.16354.14044 [GMT 1:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Michelle\AppData\Local\Apps\2.0\70NZ94KL.RXG\MPJQ7C2X.GBV\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384f20fde9ac\CurseClient.exe C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1009&m=aspire_g7200 uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2306632 uURLSearchHooks: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll mURLSearchHooks: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Google Update] "C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui StartupFolder: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{A4FF57CD-E9F5-47B1-BFAC-91D70B364B20} : DhcpNameServer = 192.168.1.254 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File BHO-X64: AMD SteadyVideo BHO - No File BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll BHO-X64: CAssistLive - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: CAssistLive Toolbar: {cc3dec62-7c65-460a-bf75-e2199bcaa3d4} - C:\Program Files (x86)\CAssistLive\prxtbCAss.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-11 44808] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 676936] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-31 250568] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-8-31 135584] S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-8-30 33592] S3 NTIOLib_1_0_1;NTIOLib_1_0_1;C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-8-30 13328] S3 NTIOLib_1_0_2;NTIOLib_1_0_2;C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-8-30 13328] S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-8-30 14136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-11 22:14:09 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-09-11 22:14:09 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-09-11 22:14:09 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-09-11 22:14:01 41224 ----a-w- C:\Windows\avastSS.scr 2012-09-11 22:04:03 -------- d-----w- C:\Users\Michelle\AppData\Local\Avg2013 2012-09-11 21:59:00 -------- d-----w- C:\Users\Michelle\AppData\Roaming\TuneUp Software 2012-09-11 19:47:12 -------- d--h--w- C:\ProgramData\Common Files 2012-09-11 19:47:12 -------- d-----w- C:\Users\Michelle\AppData\Local\MFAData 2012-09-11 19:47:12 -------- d-----w- C:\ProgramData\MFAData 2012-09-11 14:46:59 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{86C433E4-F65E-4A6F-A217-3B01CF5DE277}\mpengine.dll 2012-09-10 21:51:07 -------- d-----w- C:\Program Files (x86)\Microsoft WSE 2012-09-10 21:09:27 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Microsoft Games 2012-09-10 21:09:04 -------- d-----w- C:\ProgramData\Microsoft Games 2012-09-10 21:09:04 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games 2012-09-10 21:01:14 -------- d-----w- C:\Program Files (x86)\Microsoft Games 2012-09-06 18:51:58 -------- d-----w- C:\Users\Michelle\AppData\Local\ElevatedDiagnostics 2012-09-03 18:18:53 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-09-03 17:45:35 -------- d-----w- C:\Users\Michelle\AppData\Local\Microsoft Games 2012-09-03 17:35:54 -------- d-----w- C:\ProgramData\Battle.net 2012-09-03 17:31:02 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Malwarebytes 2012-09-03 17:31:00 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-03 17:30:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-03 17:30:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-03 14:17:45 -------- d-----r- C:\Program Files (x86)\Skype 2012-09-03 14:08:08 -------- d-----w- C:\ProgramData\AVAST Software 2012-09-03 14:08:08 -------- d-----w- C:\Program Files\AVAST Software 2012-09-03 13:58:38 1918976 ----a-w- C:\Windows\System32\drivers\athurx.sys 2012-09-03 13:58:38 1918976 ----a-w- C:\Windows\System32\athurx.sys 2012-09-03 13:58:38 -------- d-----w- C:\Windows\Options 2012-09-03 13:58:20 -------- d-----w- C:\ProgramData\TP-LINK 2012-09-03 13:53:34 -------- d-----w- C:\Users\Michelle\AppData\Roaming\LibreOffice 2012-09-01 09:51:33 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll 2012-08-31 15:58:07 -------- d-----w- C:\Users\Michelle\AppData\Local\IsolatedStorage 2012-08-31 15:58:06 -------- d-----w- C:\Users\Michelle\AppData\Local\Futuremark_Corporation 2012-08-31 15:17:20 -------- d-----w- C:\Program Files (x86)\Futuremark 2012-08-31 15:17:14 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll 2012-08-31 15:17:14 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll 2012-08-31 15:17:13 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll 2012-08-31 15:17:13 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll 2012-08-31 15:17:13 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll 2012-08-31 15:17:13 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll 2012-08-31 15:17:13 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll 2012-08-31 15:17:13 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll 2012-08-31 15:17:13 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll 2012-08-31 15:17:13 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll 2012-08-31 13:06:42 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-08-31 13:06:42 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-31 13:06:40 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-08-31 13:05:45 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-31 13:05:45 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-31 12:59:57 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.5 2012-08-31 12:59:04 -------- d-----w- C:\Users\Michelle\AppData\Roaming\Windows Live Writer 2012-08-31 12:59:04 -------- d-----w- C:\Users\Michelle\AppData\Local\Windows Live Writer 2012-08-31 12:46:56 -------- d-----w- C:\Users\Michelle\AppData\Local\Apple Computer 2012-08-31 12:43:25 -------- dc----w- C:\Users\Michelle\AppData\Local\MigWiz 2012-08-31 08:46:56 -------- d-----w- C:\Users\Michelle\Tracing 2012-08-31 08:46:28 -------- d-----w- C:\Windows\en 2012-08-31 08:46:23 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-08-31 08:46:16 -------- d-----w- C:\Windows\PCHEALTH 2012-08-31 08:46:00 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll 2012-08-31 08:46:00 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll 2012-08-31 08:46:00 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll 2012-08-31 08:46:00 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll 2012-08-31 08:44:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2012-08-31 08:42:59 -------- d-----w- C:\Users\Michelle\AppData\Local\Google 2012-08-31 08:42:53 -------- d-----w- C:\Users\Michelle\AppData\Local\Deployment 2012-08-31 08:42:53 -------- d-----w- C:\Users\Michelle\AppData\Local\Apps 2012-08-31 08:41:27 -------- d-----w- C:\iDrive 2012-08-31 08:40:40 -------- d-----w- C:\Program Files (x86)\Conduit 2012-08-31 08:40:39 -------- d-----w- C:\Users\Michelle\AppData\Local\Conduit 2012-08-31 08:39:59 -------- d-----w- C:\Program Files (x86)\CAssistLive 2012-08-30 21:28:04 -------- d-----w- C:\Windows\Panther 2012-08-30 21:27:51 -------- d-sh--w- C:\Boot 2012-08-30 21:07:02 -------- d-----w- C:\archive_db 2012-08-30 15:56:46 -------- d-----w- C:\Windows\SysWow64\Wat 2012-08-30 15:56:46 -------- d-----w- C:\Windows\System32\Wat 2012-08-30 15:41:06 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-08-30 15:37:44 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-08-30 15:31:32 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-08-30 15:31:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-08-30 15:31:32 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-08-30 15:31:32 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-08-30 15:31:32 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-30 15:31:32 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-30 15:31:32 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-08-30 15:29:59 395776 ----a-w- C:\Windows\System32\webio.dll 2012-08-30 15:28:43 723456 ----a-w- C:\Windows\System32\EncDec.dll 2012-08-30 15:28:43 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2012-08-30 15:28:02 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-30 15:28:02 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-08-30 15:28:02 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-08-30 15:27:51 77312 ----a-w- C:\Windows\System32\packager.dll 2012-08-30 15:27:51 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-08-30 15:08:26 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll 2012-08-30 15:08:26 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2012-08-30 13:54:46 -------- d-----w- C:\Program Files (x86)\Setup Files 2012-08-30 13:38:55 -------- d-----w- C:\Windows\pss 2012-08-30 13:34:53 -------- d--h--w- C:\ControlCenterCount 2012-08-30 13:03:15 0 ----a-w- C:\Windows\ativpsrm.bin 2012-08-30 13:02:36 -------- d-----w- C:\Program Files\AMD 2012-08-30 13:02:36 -------- d-----w- C:\Program Files (x86)\AMD 2012-08-30 13:02:35 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-08-30 13:02:34 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2012-08-30 13:02:34 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2012-08-30 12:58:12 -------- d-----w- C:\AMD 2012-08-30 12:53:26 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-08-30 12:53:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-08-30 12:53:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-08-30 12:51:49 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-08-30 12:51:48 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-08-30 12:51:47 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-08-30 12:51:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-08-30 12:51:23 -------- d-----w- C:\Program Files (x86)\MSI 2012-08-30 12:50:34 -------- d-----w- C:\Program Files (x86)\Renesas Electronics 2012-08-30 12:50:13 -------- d-----w- C:\ProgramData\Downloaded Installations 2012-08-30 12:47:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-08-30 12:47:59 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-08-30 12:47:04 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2012-08-30 12:47:00 -------- d-----w- C:\Program Files (x86)\Realtek 2012-08-30 12:44:15 -------- d-----w- C:\Users\Michelle\AppData\Local\AMD 2012-08-30 12:44:14 -------- d-----w- C:\Users\Michelle\AppData\Local\ATI 2012-08-30 12:42:08 44672 ----a-r- C:\Windows\System32\drivers\usbfilter.sys 2012-08-30 12:41:47 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys 2012-08-30 12:41:47 -------- d-----w- C:\ProgramData\AMD 2012-08-30 12:41:44 79488 ----a-w- C:\Windows\System32\drivers\amd_sata.sys 2012-08-30 12:41:44 40064 ----a-w- C:\Windows\System32\drivers\amd_xata.sys 2012-08-30 12:41:38 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2012-08-30 12:41:36 -------- d-sh--w- C:\Windows\Installer 2012-08-30 12:41:36 -------- d-----w- C:\Program Files\ATI 2012-08-30 12:40:30 -------- d-----w- C:\Program Files\ATI Technologies 2012-08-30 12:37:58 -------- d-----w- C:\MSI 2012-08-23 12:55:04 -------- d-----w- C:\OEM . ==================== Find3M ==================== . 2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll 2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll 2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll 2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe 2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-07-28 02:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-07-28 01:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR 2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll 2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll 2012-07-28 01:22:36 77312 ----a-w- C:\Windows\System32\amdave64.dll 2012-07-28 01:22:28 77312 ----a-w- C:\Windows\SysWow64\amdave32.dll 2012-07-28 01:22:16 74240 ----a-w- C:\Windows\System32\atisamu64.dll 2012-07-28 01:22:10 71168 ----a-w- C:\Windows\atisamu32.dll 2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-07-27 21:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-07-27 21:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-07-27 21:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-07-27 21:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-07-27 21:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-07-27 21:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll 2012-07-27 21:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-07-27 21:44:56 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2012-07-27 21:44:42 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-07-26 18:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll 2012-07-26 18:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll 2012-07-26 18:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll 2012-07-26 18:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll 2012-07-26 18:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll 2012-07-26 14:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll 2012-07-26 14:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll 2012-07-26 14:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll 2012-07-26 14:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll 2012-07-26 14:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-17 14:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL 2012-07-17 13:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll . ============= FINISH: 9:44:58.51 ===============
  11. I'm sorry but I need help, I can't seem to download Hijack this from their site. But this is the log that has gotten me worried from malwarebytes: 2012/09/05 20:51:29 +0100 MICHELLE-PC Michelle MESSAGE Starting protection 2012/09/05 20:51:30 +0100 MICHELLE-PC Michelle MESSAGE Executing scheduled update: Daily 2012/09/05 20:51:31 +0100 MICHELLE-PC Michelle MESSAGE Protection started successfully 2012/09/05 20:51:34 +0100 MICHELLE-PC Michelle MESSAGE Starting IP protection 2012/09/05 20:51:35 +0100 MICHELLE-PC Michelle MESSAGE IP Protection started successfully 2012/09/05 20:51:42 +0100 MICHELLE-PC Michelle MESSAGE Scheduled update executed successfully: database updated from version v2012.09.04.04 to version v2012.09.05.10 2012/09/05 20:51:42 +0100 MICHELLE-PC Michelle MESSAGE Starting database refresh 2012/09/05 20:51:42 +0100 MICHELLE-PC Michelle MESSAGE Stopping IP protection 2012/09/05 20:52:52 +0100 MICHELLE-PC Michelle MESSAGE IP Protection stopped 2012/09/05 20:52:54 +0100 MICHELLE-PC Michelle MESSAGE Database refreshed successfully 2012/09/05 20:52:54 +0100 MICHELLE-PC Michelle MESSAGE Starting IP protection 2012/09/05 20:52:55 +0100 MICHELLE-PC Michelle MESSAGE IP Protection started successfully 2012/09/05 23:26:11 +0100 MICHELLE-PC Michelle DETECTION D:\autorun.exe Backdoor.Bot QUARANTINE 2012/09/05 23:26:11 +0100 MICHELLE-PC Michelle ERROR Quarantine failed: SetFileAttributes failed with error code 5 2012/09/05 23:26:12 +0100 MICHELLE-PC Michelle DETECTION D:\autorun.exe Backdoor.Bot DENY 2012/09/05 23:26:12 +0100 MICHELLE-PC Michelle DETECTION D:\autorun.exe Backdoor.Bot DENY 2012/09/05 23:28:17 +0100 MICHELLE-PC Michelle MESSAGE Starting database refresh 2012/09/05 23:28:17 +0100 MICHELLE-PC Michelle MESSAGE Stopping IP protection 2012/09/05 23:29:29 +0100 MICHELLE-PC Michelle MESSAGE IP Protection stopped 2012/09/05 23:29:30 +0100 MICHELLE-PC Michelle MESSAGE Database refreshed successfully 2012/09/05 23:29:30 +0100 MICHELLE-PC Michelle MESSAGE Starting IP protection 2012/09/05 23:29:31 +0100 MICHELLE-PC Michelle MESSAGE IP Protection started successfully See it says the quarantine failed? I just ran a full scan and it came up clear. What should be my next step? I know this is an old log, I was just having a look through them and then saw this.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.