Koenvil

Members
  • Content count

    8
  • Joined

  • Last visited

About Koenvil

  • Rank
    New Member
  1. It seems fine, nothing has turned up so far, so I believe that it is fixed. Is it okay to PM you if the problem (Fynloski) pops up again? Or should i start a new thread?
  2. Computer seems to be clean, the last time i got a warning from MSE was the 17th. I let you know if anything turns up. Thanks for your help.
  3. Here you go ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=780b5b1375c1c947ab333b7366678c40 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-04-20 11:51:29 # local_time=2012-04-20 07:51:29 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3073 16777213 80 71 98639 10467087 0 0 # compatibility_mode=5893 16776574 100 94 28782128 86428923 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=584526 # found=2 # cleaned=2 # scan_time=37215 C:\Users\Kevin\Downloads\cnet_Setup_FreeConverter_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
  4. Here is the log that Combofix generated ComboFix 12-04-18.02 - Kevin 04/18/2012 22:30:23.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3824 [GMT -4:00] Running from: c:\users\Kevin\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\DYA_WTOBNMDJRGHNVPABI c:\programdata\DYA_WTOBNMDJRGHNVPABI\1.0.0\Data\app.dat c:\programdata\DYA_WTOBNMDJRGHNVPABI\1.0.0\Data\updates.dat c:\users\Kevin\AppData\Roaming\DYA_WTOBNMDJRGHNVPABI c:\users\Kevin\AppData\Roaming\DYA_WTOBNMDJRGHNVPABI\1.0.0\Data\dya.dat c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI .exe c:\windows\SysWow64\nsg4B69.tmp c:\windows\SysWow64\NSIS.Library.RegTool.v3.{718F2CD8-CD24-4B12-8C3E-597F38B43206}.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 ))))))))))))))))))))))))))))))) . . 2012-04-18 23:54 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-04-18 23:53 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{853552B2-40EA-4842-BEA5-2B0E09C3BA90}\mpengine.dll 2012-04-17 22:06 . 2012-02-09 17:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72665318-BE66-44B6-AE45-46A9F612126A}\gapaengine.dll 2012-04-17 22:05 . 2012-04-17 22:05 50952 ----a-w- c:\windows\system32\certsentry.dll 2012-04-17 22:05 . 2012-04-17 22:05 42760 ----a-w- c:\windows\SysWow64\certsentry.dll 2012-04-17 22:02 . 2012-04-17 22:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-04-17 22:02 . 2012-04-17 22:02 -------- d-----w- c:\program files\Microsoft Security Client 2012-04-17 21:59 . 2012-04-19 02:02 -------- d-----w- c:\programdata\CPA_VA 2012-04-17 21:57 . 2012-04-17 22:07 -------- d-----w- c:\programdata\Comodo 2012-04-17 21:57 . 2012-04-17 21:57 -------- d-----w- c:\users\Kevin\AppData\Local\Comodo 2012-04-17 21:57 . 2012-04-17 22:05 -------- d-----w- c:\program files (x86)\Comodo 2012-04-17 21:57 . 2012-04-17 21:57 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-04-17 21:57 . 2012-04-17 21:57 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2012-04-17 21:57 . 2012-04-17 21:57 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2012-04-14 22:57 . 2012-04-14 22:57 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-04-12 04:36 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-12 04:36 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-04-12 04:36 . 2012-02-28 07:37 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-04-12 04:36 . 2012-02-28 06:56 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-04-12 04:36 . 2012-02-28 06:47 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-04-12 04:36 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll 2012-04-12 04:36 . 2012-02-28 01:08 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll 2012-04-12 04:32 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 04:32 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 04:32 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-12 04:32 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-12 04:32 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-12 04:32 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-12 04:32 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-08 16:59 . 2012-03-11 21:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll 2012-04-08 09:46 . 2012-04-08 09:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-04-08 09:46 . 2012-04-08 09:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-04-08 09:46 . 2012-04-08 09:46 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-04-08 09:46 . 2012-04-08 09:46 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-04-07 22:22 . 2012-04-07 22:22 -------- d-----w- c:\users\Kevin\.towns 2012-04-07 21:09 . 2012-04-07 21:09 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes 2012-04-07 21:09 . 2012-04-07 21:09 -------- d-----w- c:\programdata\Malwarebytes 2012-04-07 21:09 . 2012-04-12 02:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-07 21:09 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-02 17:10 . 2012-04-09 18:51 -------- d-----w- C:\programs 2012-03-30 00:19 . 2012-04-05 14:51 -------- d-----w- c:\program files (x86)\SpeedFan 2012-03-25 23:06 . 2012-03-25 23:06 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-25 23:06 . 2012-03-25 23:06 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-25 23:01 . 2012-03-25 23:01 -------- d-----w- c:\windows\system32\Macromed 2012-03-25 00:11 . 2012-03-25 00:11 -------- d-----w- C:\folder1 2012-03-24 22:12 . 2012-03-24 22:12 -------- d-----w- c:\programdata\ATI 2012-03-24 22:06 . 2012-03-24 22:06 -------- d-----w- c:\programdata\AMD 2012-03-24 22:06 . 2012-03-24 22:06 -------- d-----w- c:\program files (x86)\AMD AVT 2012-03-24 22:06 . 2012-03-24 22:06 -------- d-----w- c:\program files (x86)\AMD APP 2012-03-24 21:49 . 2012-03-24 21:49 95248 ----a-w- c:\windows\system32\drivers\AtihdW76.sys 2012-03-24 21:49 . 2012-03-24 21:49 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-01 18:48 . 2011-07-22 18:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-24 21:49 . 2010-08-04 01:23 58880 ----a-w- c:\windows\system32\coinst.dll 2012-03-12 01:13 . 2012-03-12 01:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2012-03-12 01:13 . 2012-03-12 01:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2012-03-12 01:13 . 2012-03-12 01:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys 2012-03-12 01:13 . 2012-03-12 01:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll 2012-03-12 01:13 . 2012-03-12 01:13 389840 ----a-w- c:\windows\system32\guard64.dll 2012-03-08 02:55 . 2011-10-04 00:35 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-03-08 02:55 . 2010-10-06 21:40 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-03-08 02:55 . 2010-10-06 21:40 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-03-07 06:05 . 2012-03-07 06:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-03-07 06:05 . 2012-03-07 06:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-03-07 06:05 . 2012-03-07 06:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-03-07 06:05 . 2012-03-07 06:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-03-07 06:05 . 2012-03-07 06:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-03-07 06:05 . 2012-03-07 06:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-03-07 06:05 . 2012-03-07 06:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-03-07 06:05 . 2012-03-07 06:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-03-07 06:05 . 2012-03-07 06:05 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-03-07 06:05 . 2012-03-07 06:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-03-07 06:05 . 2012-03-07 06:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-03-07 06:05 . 2012-03-07 06:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-03-07 06:05 . 2012-03-07 06:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-03-07 06:05 . 2012-03-07 06:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-03-07 06:05 . 2012-03-07 06:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-03-07 06:05 . 2012-03-07 06:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-03-07 06:05 . 2012-03-07 06:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-03-07 06:05 . 2012-03-07 06:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-03-07 06:05 . 2012-03-07 06:05 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-03-07 06:05 . 2012-03-07 06:05 222208 ----a-w- c:\windows\system32\msls31.dll 2012-03-07 06:05 . 2012-03-07 06:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-03-07 06:05 . 2012-03-07 06:05 12288 ----a-w- c:\windows\system32\mshta.exe 2012-03-07 06:05 . 2012-03-07 06:05 114176 ----a-w- c:\windows\system32\admparse.dll 2012-03-07 06:05 . 2012-03-07 06:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-03-07 06:05 . 2012-03-07 06:05 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-03-07 06:05 . 2012-03-07 06:05 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-03-07 06:05 . 2012-03-07 06:05 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-03-07 06:05 . 2012-03-07 06:05 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-03-07 06:05 . 2012-03-07 06:05 448512 ----a-w- c:\windows\system32\html.iec 2012-03-07 06:05 . 2012-03-07 06:05 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-07 06:05 . 2012-03-07 06:05 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-03-07 06:05 . 2012-03-07 06:05 160256 ----a-w- c:\windows\system32\wextract.exe 2012-03-07 06:05 . 2012-03-07 06:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-03-07 06:05 . 2012-03-07 06:05 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-03-03 19:35 . 2012-03-03 19:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-03-03 19:35 . 2012-03-03 19:35 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-03-03 19:34 . 2012-03-03 19:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-03-03 19:34 . 2012-03-03 19:34 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-02-17 06:38 . 2012-03-14 02:16 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-02-17 06:38 . 2012-03-14 02:16 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-14 02:16 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-14 02:16 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-14 02:16 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-16 23:42 . 2010-10-06 21:40 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll 2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2012-02-15 03:18 . 2011-01-05 03:02 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-02-15 03:17 . 2010-08-04 01:54 957952 ----a-w- c:\windows\system32\aticfx64.dll 2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe 2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe 2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-02-15 03:07 . 2011-04-20 05:59 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-02-15 02:52 . 2010-08-04 01:37 7646208 ----a-w- c:\windows\system32\atidxx64.dll 2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll 2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll 2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll 2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll 2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll 2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-02-15 02:12 . 2010-11-26 02:16 43008 ----a-w- c:\windows\system32\atiuxp64.dll 2012-02-15 02:12 . 2011-04-20 05:21 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll 2012-02-15 02:12 . 2010-11-26 02:15 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll 2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll 2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-02-15 02:05 . 2012-02-15 02:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-02-15 02:05 . 2012-02-15 02:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-02-15 02:05 . 2012-02-15 02:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-21 15:38 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-21 15:38 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-21 15:38 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-21 15:38 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-28 3077528] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] "Facebook Update"="c:\users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-11 137536] "Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-01-23 1425408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2007-11-20 147456] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "MRUTray"="c:\program files (x86)\Marvell\raid\tray\MarvellTray.exe" [2010-02-09 731176] "ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536] "autodetect"="c:\windows\SysWOW64\SupportAppXL\AutoDect.exe" [2008-10-08 91648] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-19 124256] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032] "DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832] "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304] "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120] . c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 ALSysIO;ALSysIO;c:\users\Kevin\AppData\Local\Temp\ALSysIO64.sys [x] R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-10-24 131912] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVUVC64;QuickCam for Notebooks Pro(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x] R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 X6va005;X6va005;c:\users\Kevin\AppData\Local\Temp\00546D5.tmp [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 MDFSYSNT;MacDrive file system driver; [x] S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x] S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-04-13 409232] S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312] S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 218112] S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [2010-02-09 235560] S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-06-12 24635] S2 PPPoEService;PPPoE Service;c:\progra~2\teksavvy.com\TEKSAV~1\app\pppoeservice.exe [2000-07-11 49152] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x] S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1834101746-3958539341-1467693513-1000Core.job - c:\users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-11 06:33] . 2012-04-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1834101746-3958539341-1467693513-1000UA.job - c:\users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-11 06:33] . 2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1834101746-3958539341-1467693513-1000Core.job - c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 15:30] . 2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1834101746-3958539341-1467693513-1000UA.job - c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-03 15:30] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 12:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-21 15:38 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-21 15:38 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-21 15:38 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-21 15:38 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-04-21 378880] "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-04-21 195072] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304] "MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-02-04 345688] "Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 151040] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 9569096] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7DFBEAA4-04A8-421F-841C-D35BF8D45DBB}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{ED0B1BB2-2788-4298-9308-218E5B313ECA}: NameServer = 8.26.56.26,156.154.70.22 FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\w3178hbo.default\ FF - prefs.js: browser.startup.homepage - hxxp://myfav.es/ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-MobiLink Lite - c:\program files (x86)\Novatel Wireless\MobiLink\Lite.exe Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ShellIconOverlayIdentifiers-MacDrive volume icons - (no file) AddRemove-Desura - c:\program files (x86)\Desura\Desura_Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\00546D5.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1834101746-3958539341-1467693513-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1834101746-3958539341-1467693513-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1834101746-3958539341-1467693513-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:63,a5,6c,d7,ba,17,cb,0e,66,eb,d9,a7,43,66,22,53,d9,ef,34,29,b4,65,e2, 5a,57,7b,34,db,9e,b8,de,33,81,36,08,25,0b,3c,7b,2c,ab,d0,2a,cb,1f,5f,51,9e,\ "??"=hex:84,d0,a1,c2,92,bf,d1,7e,ba,68,ab,b0,25,6a,23,0c . [HKEY_USERS\S-1-5-21-1834101746-3958539341-1467693513-1000\Software\SecuROM\License information*] "datasecu"=hex:b7,d5,da,a8,cb,0f,c5,65,db,d2,b5,47,c9,f0,29,de,e5,a4,75,24,6d, 27,49,45,1b,ce,10,f5,05,bf,f7,0f,88,99,fb,a3,32,7a,3e,55,d0,6f,e1,39,5f,4b,\ "rkeysecu"=hex:db,a4,aa,e9,e9,a2,77,68,fa,0a,b6,8a,35,b1,f4,77 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Dexpot\plugins\SevenDex.exe c:\program files (x86)\Dexpot\plugins\MouseEvents.exe c:\program files (x86)\Dexpot\plugins\Dexgrid.exe c:\program files (x86)\Razer\Lycosa\razertra.exe c:\program files (x86)\Razer\DeathAdder\razerofa.exe c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe . ************************************************************************** . Completion time: 2012-04-18 22:46:08 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-19 02:46 . Pre-Run: 222,951,002,112 bytes free Post-Run: 226,438,750,208 bytes free . - - End Of File - - 1C0450487972E8460BBA3BEA84B05D0F
  5. DDS reports DDS Log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Kevin at 18:14:23 on 2012-04-17 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3914 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\PROGRA~2\teksavvy.com\TEKSAV~1\app\pppoeservice.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Dexpot\dexpot.exe C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Razer\Lycosa\razerhid.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Razer\Lycosa\razertra.exe C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe C:\Program Files (x86)\Dexpot\Dexpot64.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe C:\Program Files (x86)\Dexpot\plugins\SevenDex.exe C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe C:\Program Files (x86)\Dexpot\plugins\MouseEvents.exe C:\Program Files (x86)\Dexpot\plugins\Dexgrid.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Kevin\Desktop\sfp.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\msiexec.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [MobiLink Lite] C:\Program Files (x86)\Novatel Wireless\MobiLink\Lite.exe uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Facebook Update] "C:\Users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe uRun: [CCC] C:\Users\Kevin\AppData\Local\Temp\ATI .exe mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe mRun: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe StartupFolder: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI .exe StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7DFBEAA4-04A8-421F-841C-D35BF8D45DBB} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{ED0B1BB2-2788-4298-9308-218E5B313ECA} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{ED0B1BB2-2788-4298-9308-218E5B313ECA} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA} : DhcpNameServer = 10.1.250.48 10.1.250.1 TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\14162746 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\6516C6B697279656 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\8497075625 : DhcpNameServer = 10.10.10.71 10.10.10.72 10.10.10.15 TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\B4566796E602C4F62E08993702960586F6E656 : DhcpNameServer = 207.164.79.254 204.101.237.136 TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\C696E6B6379737D276 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe mRun-x64: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe mRun-x64: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\w3178hbo.default\ FF - prefs.js: browser.startup.homepage - hxxp://myfav.es/ FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\w3178hbo.default\extensions\npretoxstable@stable.heroesandgenerals.com\plugins\npretoxstable.dll FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?] R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?] R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-4-13 409232] R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312] R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112] R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2010-2-9 235560] R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-6-12 24635] R2 PPPoEService;PPPoE Service;C:\PROGRA~2\teksavvy.com\TEKSAV~1\app\pppoeservice.exe [2010-9-22 49152] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 VKbms;Razer Gaming Device;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?] S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-4-24 131912] S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?] S3 LVUVC64;QuickCam for Notebooks Pro(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?] S3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-17 22:09:21 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF28DB3C-0FFF-4A3A-8FCA-6008FE2AA52F}\offreg.dll 2012-04-17 22:06:39 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{72665318-BE66-44B6-AE45-46A9F612126A}\gapaengine.dll 2012-04-17 22:06:21 8669240 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CF28DB3C-0FFF-4A3A-8FCA-6008FE2AA52F}\mpengine.dll 2012-04-17 22:05:49 50952 ----a-w- C:\Windows\System32\certsentry.dll 2012-04-17 22:05:49 42760 ----a-w- C:\Windows\SysWow64\certsentry.dll 2012-04-17 22:02:27 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-04-17 22:02:24 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-04-17 21:59:22 -------- d-----w- C:\ProgramData\CPA_VA 2012-04-17 21:57:31 -------- d-----w- C:\ProgramData\Comodo 2012-04-17 21:57:23 -------- d-----w- C:\Users\Kevin\AppData\Local\Comodo 2012-04-17 21:57:12 -------- d-----w- C:\Program Files (x86)\Comodo 2012-04-17 21:57:10 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-04-17 21:57:10 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll 2012-04-17 21:57:10 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2012-04-12 04:36:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-12 04:36:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-04-12 04:36:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll 2012-04-12 04:36:00 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-04-12 04:36:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll 2012-04-12 04:36:00 174392 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2012-04-12 04:36:00 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2012-04-12 04:32:37 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-12 04:32:37 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-12 04:32:37 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-12 04:32:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-12 04:32:37 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-12 04:32:37 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-12 04:32:37 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-08 16:59:37 41200 ----a-w- C:\Windows\System32\cmdcsr.dll 2012-04-08 09:46:46 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-04-08 09:46:30 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-04-08 09:46:14 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-04-08 09:46:11 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-04-07 22:22:05 -------- d-----w- C:\Users\Kevin\.towns 2012-04-07 21:09:09 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes 2012-04-07 21:09:02 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-07 21:09:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-07 21:09:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-02 17:10:20 -------- d-----w- C:\Users\Kevin\AppData\Roaming\DYA_WTOBNMDJRGHNVPABI 2012-04-02 17:10:20 -------- d-----w- C:\ProgramData\DYA_WTOBNMDJRGHNVPABI 2012-04-02 17:10:17 -------- d-----w- C:\programs 2012-03-30 00:19:30 -------- d-----w- C:\Program Files (x86)\SpeedFan 2012-03-25 23:06:15 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-25 23:06:15 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-03-25 00:11:53 -------- d-----w- C:\folder1 2012-03-24 22:06:56 -------- d-----w- C:\ProgramData\AMD 2012-03-24 22:06:55 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-03-24 22:06:51 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-03-24 21:49:08 95248 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys 2012-03-24 21:49:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll . ==================== Find3M ==================== . 2012-04-01 18:48:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-24 21:49:07 58880 ----a-w- C:\Windows\System32\coinst.dll 2012-03-12 01:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys 2012-03-12 01:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2012-03-12 01:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2012-03-12 01:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll 2012-03-12 01:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll 2012-03-08 02:55:29 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-03-08 02:55:29 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-03-08 02:55:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-02-16 23:42:56 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll 2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll 2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe 2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll 2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll 2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll 2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll 2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll 2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-02-15 02:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-02-15 02:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-02-15 02:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-02-15 02:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-02-15 02:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll 2012-02-15 02:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-02-15 02:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll 2012-02-15 02:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-01-31 10:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll 2012-01-31 10:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll 2012-01-31 08:59:04 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-01-23 02:14:54 5120 ----a-w- C:\Windows\SysWow64\NSIS.Library.RegTool.v3.{718F2CD8-CD24-4B12-8C3E-597F38B43206}.exe 2010-11-05 01:58:15 1169224 --sh--w- C:\Windows\Temp\Catalyst.exe . ============= FINISH: 18:14:55.49 =============== Attach Log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 9/3/2010 10:25:26 AM System Uptime: 4/17/2012 5:40:44 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | SABERTOOTH X58 Processor: Intel® Core™ i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 206.327 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (HFSXJ) - 465 GiB total, 229.379 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP367: 4/15/2012 6:51:31 PM - Windows Update RP368: 4/15/2012 11:58:30 PM - Removed Razer DeathAdder™ Mouse RP369: 4/15/2012 11:59:31 PM - Installed Razer DeathAdder™ Mouse RP370: 4/16/2012 12:00:54 AM - Device Driver Package Install: Razer Razer Device RP371: 4/17/2012 5:37:50 PM - Removed COMODO Internet Security RP372: 4/17/2012 6:07:23 PM - Device Driver Package Install: COMODO Network Service . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Age of Empires Online Apple Application Support Apple Software Update ARMA 2 ASUS Ai Charger ATI Catalyst Registration Batman: Arkham Asylum GOTY Edition Battlefield 3™ Battlelog Web Plugins BattlEye Uninstall Borderlands Brytenwalda version 1.35 Call of Pripyat Complete v1.0.2 Canon IJ Network Scan Utility Canon IJ Network Tool Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Command and Conquer: Red Alert 3 Command and Conquer: Red Alert 3 - Uprising Comodo Dragon COMODO GeekBuddy Company of Heroes: Opposing Fronts Crysis 2 Demo Crysis Warhead Crysis Wars Crysis Wars® Mod SDK Source Code 1.0 Crysis Wars® Mod SDK Tools 1.1 D3DX10 DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Desura Deus Ex: Human Revolution Dexpot Diablo III Beta DiRT 2 Dragon Age II Dragon Age: Origins Dropbox Empire: Total War ESN Sonar EVE Online (remove only) Facebook Video Calling 1.2.0.159 Fallout 3 - Game of the Year Edition Fallout Mod Manager 0.13.21 Fallout: New Vegas Far Cry 2 Fences Foxit Reader Freemake Video Converter version 2.0.0 GameSpy Comrade Garry's Mod Geeks3D.com FurMark 1.9.1 GeoGebra Global Agenda Google Chrome Google Talk Plugin Java Auto Updater Java™ 6 Update 29 Just Cause 2 Killing Floor Kingdoms of Amalur: Reckoning - Demo League of Legends Left 4 Dead 2 Malwarebytes Anti-Malware version 1.61.0.1400 Marvell MRU V4 Mass Effect Men of War: Assault Squad Mesh Runtime Metro 2033 Microsoft .NET Framework 1.1 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 4.0 Mobilink Lite Monday Night Combat Mount & Blade: With Fire and Sword Mount and Blade: Warband Mozilla Firefox 11.0 (x86 en-US) MSI Afterburner 2.1.0 MSI Kombustor 2.0.0 MSVCRT NEC Electronics USB 3.0 Host Controller Driver Nexon Game Manager NVIDIA PhysX Oblivion mod manager 1.1.12 OpenAL Operation Flashpoint: Dragon Rising Origin Pando Media Booster Portal 2 PunkBuster Services QuickTime Rapture3D 2.3.26 Game Razer DeathAdder™ Mouse Razer Lycosa Realtek High Definition Audio Driver Rogers Connection Manager S.T.A.L.K.E.R.: Call of Pripyat Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Sid Meier's Civilization V Sins of a Solar Empire Skype Click to Call Skype™ 5.8 SpeedFan (remove only) StarCraft II Steam Super Meat Boy Supreme Commander 2 Team Fortress 2 TekSavvy Access Manager Terraria The Elder Scrolls IV: Oblivion The Elder Scrolls V: Skyrim The Settlers 7: Paths to a Kingdom The Witcher 2 The Witcher: Enhanced Edition Total War: SHOGUN 2 Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Vampire: The Masquerade - Bloodlines Vindictus VirtualFem VLC media player 2.0.0 Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Wings of Prey World of Tanks v.0.6.5 Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 4/17/2012 6:07:14 PM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 4/17/2012 4:40:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/16/2012 7:32:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/16/2012 7:07:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.123.1899.0). 4/16/2012 7:07:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1823.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070643 Error description: Fatal error during installation. 4/16/2012 6:55:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/16/2012 12:07:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/15/2012 9:48:16 PM, Error: Disk [11] - The driver detected a controller error on \...\DR4. 4/15/2012 5:06:26 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer READYSHARE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ED0B1BB2-2788-4298-9308-218E5B313ECA}. The master browser is stopping or an election is being forced. 4/15/2012 11:46:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/15/2012 11:05:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR17. 4/15/2012 10:01:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR13. 4/11/2012 10:17:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. . ==== End Of File ===========================
  6. Here you go, . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Kevin at 19:36:55 on 2012-04-16 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3798 [GMT -4:00] . AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\PROGRA~2\teksavvy.com\TEKSAV~1\app\pppoeservice.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\vds.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Dexpot\dexpot.exe C:\Program Files (x86)\Razer\Lycosa\razerhid.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Dexpot\Dexpot64.exe C:\Program Files (x86)\Razer\Lycosa\razertra.exe C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe C:\Program Files (x86)\Dexpot\plugins\SevenDex.exe C:\Program Files (x86)\Dexpot\plugins\MouseEvents.exe C:\Program Files (x86)\Dexpot\plugins\Dexgrid.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\Temp\Catalyst.exe C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\sppsvc.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [MobiLink Lite] C:\Program Files (x86)\Novatel Wireless\MobiLink\Lite.exe uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Facebook Update] "C:\Users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe uRun: [CCC] C:\Users\Kevin\AppData\Local\Temp\ATI .exe mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe mRun: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe StartupFolder: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI .exe StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{ED0B1BB2-2788-4298-9308-218E5B313ECA} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA} : DhcpNameServer = 10.1.250.48 10.1.250.1 TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\14162746 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\6516C6B697279656 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\8497075625 : DhcpNameServer = 10.10.10.71 10.10.10.72 10.10.10.15 TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\B4566796E602C4F62E08993702960586F6E656 : DhcpNameServer = 207.164.79.254 204.101.237.136 TCP: Interfaces\{F309F468-E3E0-40A8-BB7A-0DBAC4A443CA}\C696E6B6379737D276 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe" mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe mRun-x64: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe mRun-x64: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\w3178hbo.default\ FF - prefs.js: browser.startup.homepage - hxxp://myfav.es/ FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\w3178hbo.default\extensions\npretoxstable@stable.heroesandgenerals.com\plugins\npretoxstable.dll FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Kevin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?] R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?] R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?] R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-29 205312] R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-7 218112] R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2010-2-9 235560] R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-6-12 24635] R2 PPPoEService;PPPoE Service;C:\PROGRA~2\teksavvy.com\TEKSAV~1\app\pppoeservice.exe [2010-9-22 49152] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 VKbms;Razer Gaming Device;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?] S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-4-24 131912] S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?] S3 LVUVC64;QuickCam for Notebooks Pro(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?] S3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-15 22:52:25 8669240 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AED25CB7-468B-4070-9ADD-81581C92845F}\mpengine.dll 2012-04-12 04:36:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-12 04:36:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-04-12 04:36:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll 2012-04-12 04:36:00 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-04-12 04:36:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll 2012-04-12 04:36:00 174392 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2012-04-12 04:36:00 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2012-04-12 04:32:37 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-12 04:32:37 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-12 04:32:37 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-12 04:32:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-12 04:32:37 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-12 04:32:37 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-12 04:32:37 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-08 16:59:37 41200 ----a-w- C:\Windows\System32\cmdcsr.dll 2012-04-08 09:46:46 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-04-08 09:46:30 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-04-08 09:46:14 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-04-08 09:46:11 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-04-07 22:22:05 -------- d-----w- C:\Users\Kevin\.towns 2012-04-07 21:09:09 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes 2012-04-07 21:09:02 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-07 21:09:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-07 21:09:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-02 17:10:20 -------- d-----w- C:\Users\Kevin\AppData\Roaming\DYA_WTOBNMDJRGHNVPABI 2012-04-02 17:10:20 -------- d-----w- C:\ProgramData\DYA_WTOBNMDJRGHNVPABI 2012-04-02 17:10:17 -------- d-----w- C:\programs 2012-03-30 00:19:30 -------- d-----w- C:\Program Files (x86)\SpeedFan 2012-03-25 23:06:15 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-25 23:06:15 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-03-25 00:11:53 -------- d-----w- C:\folder1 2012-03-24 22:06:56 -------- d-----w- C:\ProgramData\AMD 2012-03-24 22:06:55 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-03-24 22:06:51 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-03-24 21:49:08 95248 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys 2012-03-24 21:49:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll . ==================== Find3M ==================== . 2012-04-01 18:48:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-24 21:49:07 58880 ----a-w- C:\Windows\System32\coinst.dll 2012-03-11 21:13:41 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2012-03-11 21:13:40 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys 2012-03-11 21:13:38 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2012-03-11 21:13:18 301224 ----a-w- C:\Windows\SysWow64\guard32.dll 2012-03-11 21:13:17 389840 ----a-w- C:\Windows\System32\guard64.dll 2012-03-08 02:55:29 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-03-08 02:55:29 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-03-08 02:55:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-02-16 23:42:56 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll 2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll 2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe 2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll 2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll 2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll 2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll 2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll 2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-02-15 02:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-02-15 02:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-02-15 02:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-02-15 02:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-02-15 02:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll 2012-02-15 02:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-02-15 02:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll 2012-02-15 02:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-31 10:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll 2012-01-31 10:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll 2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-01-23 02:14:54 5120 ----a-w- C:\Windows\SysWow64\NSIS.Library.RegTool.v3.{718F2CD8-CD24-4B12-8C3E-597F38B43206}.exe 2010-11-05 01:58:15 1169224 --sh--w- C:\Windows\Temp\Catalyst.exe . ============= FINISH: 19:38:47.05 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 9/3/2010 10:25:26 AM System Uptime: 4/16/2012 7:30:51 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | SABERTOOTH X58 Processor: Intel® Core i7 CPU 930 @ 2.80GHz | LGA1366 | 2801/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 199.326 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (HFSXJ) - 465 GiB total, 229.379 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP365: 4/11/2012 10:30:47 PM - Windows Update RP366: 4/12/2012 12:31:30 AM - Windows Update RP367: 4/15/2012 6:51:31 PM - Windows Update RP368: 4/15/2012 11:58:30 PM - Removed Razer DeathAdder Mouse RP369: 4/15/2012 11:59:31 PM - Installed Razer DeathAdder Mouse RP370: 4/16/2012 12:00:54 AM - Device Driver Package Install: Razer Razer Device . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Age of Empires Online Apple Application Support Apple Software Update ARMA 2 ASUS Ai Charger ATI Catalyst Registration Batman: Arkham Asylum GOTY Edition Battlefield 3ô Battlelog Web Plugins BattlEye Uninstall Borderlands Brytenwalda version 1.35 Call of Pripyat Complete v1.0.2 Canon IJ Network Scan Utility Canon IJ Network Tool Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Command and Conquer: Red Alert 3 Command and Conquer: Red Alert 3 - Uprising Company of Heroes: Opposing Fronts Crysis 2 Demo Crysis Warhead Crysis Wars Crysis Wars® Mod SDK Source Code 1.0 Crysis Wars® Mod SDK Tools 1.1 D3DX10 DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Desura Deus Ex: Human Revolution Dexpot Diablo III Beta DiRT 2 Dragon Age II Dragon Age: Origins Dropbox Empire: Total War ESN Sonar EVE Online (remove only) Facebook Video Calling 1.2.0.159 Fallout 3 - Game of the Year Edition Fallout Mod Manager 0.13.21 Fallout: New Vegas Far Cry 2 Fences Foxit Reader Freemake Video Converter version 2.0.0 GameSpy Comrade Garry's Mod Geeks3D.com FurMark 1.9.1 GeoGebra Global Agenda Google Chrome Google Talk Plugin Java Auto Updater Java 6 Update 29 Just Cause 2 Killing Floor Kingdoms of Amalur: Reckoning - Demo League of Legends Left 4 Dead 2 Malwarebytes Anti-Malware version 1.61.0.1400 Marvell MRU V4 Mass Effect Men of War: Assault Squad Mesh Runtime Metro 2033 Microsoft .NET Framework 1.1 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 4.0 Mobilink Lite Monday Night Combat Mount & Blade: With Fire and Sword Mount and Blade: Warband Mozilla Firefox 11.0 (x86 en-US) MSI Afterburner 2.1.0 MSI Kombustor 2.0.0 MSVCRT NEC Electronics USB 3.0 Host Controller Driver Nexon Game Manager NVIDIA PhysX Oblivion mod manager 1.1.12 OpenAL Operation Flashpoint: Dragon Rising Origin Pando Media Booster Portal 2 PunkBuster Services QuickTime Rapture3D 2.3.26 Game Razer DeathAdder Mouse Razer Lycosa Realtek High Definition Audio Driver Rogers Connection Manager S.T.A.L.K.E.R.: Call of Pripyat Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Sid Meier's Civilization V Sins of a Solar Empire Skype Click to Call Skypeô 5.8 SpeedFan (remove only) StarCraft II Steam Super Meat Boy Supreme Commander 2 Team Fortress 2 TekSavvy Access Manager Terraria The Elder Scrolls IV: Oblivion The Elder Scrolls V: Skyrim The Settlers 7: Paths to a Kingdom The Witcher 2 The Witcher: Enhanced Edition Total War: SHOGUN 2 Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Vampire: The Masquerade - Bloodlines Vindictus VirtualFem VLC media player 2.0.0 Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Wings of Prey World of Tanks v.0.6.5 Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 4/9/2012 7:09:08 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bisar!rts&threatid=2147625172 Name: Backdoor:Win32/Bisar!rts ID: 2147625172 Severity: High Category: Backdoor Path: containerfile:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip;file:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip->LazyNewbPack[0.31.25][V9.1]/LNP/Utilities/C-Hacks/DFhack 0.5.12/dfattachtest.exe;file:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip->LazyNewbPack[0.31.25][V9.1]/LNP/Utilities/C-Hacks/DFhack 0.5.12/dfexpbench.exe;file:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip->LazyNewbPack[0.31.25][V9.1]/LNP/Utilities/C-Hacks/DFhack 0.5.12/dflair.exe;file:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip->LazyNewbPack[0.31.25][V9.1]/LNP/Utilities/C-Hacks/DFhack 0.5.12/dfpause.exe;file:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip->LazyNewbPack[0.31.25][V9.1]/LNP/Utilities/C-Hacks/DFhack 0.5.12/dfposition.exe;file:_C:\Users\Kevin\Downloads\LazyNewbPack[0.31.25][V9.1].zip->LazyNewbPack[0.31.25][V9.1]/LNP/Utilities/C-Hacks/DFhack 0.5.12/dfsuspend.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.123.1329.0, AS: 1.123.1329.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8202.0, NIS: 2.0.8001.0 4/9/2012 12:05:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/16/2012 7:32:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/16/2012 7:07:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.123.1899.0). 4/16/2012 7:07:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1823.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070643 Error description: Fatal error during installation. 4/16/2012 6:55:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/16/2012 12:07:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/15/2012 9:48:16 PM, Error: Disk [11] - The driver detected a controller error on \...\DR4. 4/15/2012 5:06:26 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer READYSHARE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ED0B1BB2-2788-4298-9308-218E5B313ECA}. The master browser is stopping or an election is being forced. 4/15/2012 11:46:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/15/2012 11:05:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR17. 4/15/2012 10:01:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR13. 4/11/2012 10:17:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. . ==== End Of File =========================== MBAM Log Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.16.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kevin :: KEVIN-PC [administrator] 4/16/2012 7:03:03 PM mbam-log-2012-04-16 (19-03-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245523 Time elapsed: 14 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Kevin\AppData\Local\Temp\dclogs (Stolen.Data) -> Quarantined and deleted successfully. Files Detected: 7 C:\Users\Kevin\AppData\Local\Temp\archivezz.exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully. C:\Users\Kevin\Local Settings\Temporary Internet Files\Content.IE5\13PBNSSP\archivezz[1].exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully. C:\Users\Kevin\AppData\Local\Temp\dclogs\2012-04-09-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Kevin\AppData\Local\Temp\dclogs\2012-04-11-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Kevin\AppData\Local\Temp\dclogs\2012-04-13-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Kevin\AppData\Local\Temp\dclogs\2012-04-15-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Kevin\AppData\Local\Temp\dclogs\2012-04-16-2.dc (Stolen.Data) -> Quarantined and deleted successfully. (end)
  7. Thanks for the quick reply to my question, I believe that I have uninstalled uTorrent now, except when i search it there are still a few image files, hopefully the program is gone now. I am running both MSE and Comodo Internet Security in Tandem with Malware-bytes supplimenting, I was wondering if there are any reprecussions in using both of these together? I have run the quick scan on Malware-bytes and used the DDS. Logs are attached. Thanks Attach.txt DDSnew.txt mbam-log-2012-04-16 (19-03-03).txt
  8. Hey, For the past little while MSE keeps telling me that it detects Win32/Fynloski.A on startup. Even though it tries to clean it every time the notice keeps appearing. How do I get rid of it. Logs and example picture Included DDS.txt Attach.txt