sheepdisease

Firefox.exe crashes, renamed firefox3.exe to resolve

31 posts in this topic

Hello there, I must have downloaded something nasty recently as I had problems with firefox for a long time until I renamed the file firefox3.exe.

There were permission errors with toolbars and when I tried to open gmail it would crash firefox. These issues had never arisen previously. Someone said that I shouldn't have to rename the file for it to work, so I thought it best I get it checked out.

I have scanned the system several times each with Malwarebyte's Anti-Malware, Spybot Search and Destroy, SUPERAntiSPyware and COMODO Internet Security PRO 2011 and managed to clear a few different things from the system. I have also used CrapCleaner to sweep the registry and application data.

The moment I rename firefox3.exe back to firefox.exe, I get the same problems back.

As we speak I am doing another scan. Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:50:24 AM, on 7/9/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Consumer Input\dca-ua.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\SoulseekNS\slsk.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox3.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Broadband Test Application (bbtest_svc) - Epitiro Ltd. - C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdagent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Easy Tune (GService) - Unknown owner - C:\Program Files (x86)\GIGABYTE\ET6\GService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunerFreeMCEService - MillieSoft - C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16738 bytes

Please let me know what you think.

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7084

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/17/2011 9:31:34 PM
mbam-log-2011-07-17 (21-31-34).txt

Scan type: Quick scan
Objects scanned: 171651
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS (Ver_2011-07-14.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421
Run by Media Centre at 21:33:10 on 2011-07-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.6108 [GMT 1:00]
.
AV: COMODO Antivirus *Enabled/Outdated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Consumer Input\dca-ua.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox3.exe
C:\Program Files (x86)\SoulseekNS\slsk.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe
C:\Users\Media Centre\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\eHome\EhTray.exe
C:\Windows\ehome\ehRec.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\MEDIAC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoWinKeys = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{747C689B-E33D-4726-A4ED-0928A481B762} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [VX1000] C:\Windows\vVX1000.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2011-7-13 27008]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-14 367696]
R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2011-6-23 459248]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-14 70224]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\Windows\System32\drivers\fvevol.sys [2011-6-23 223248]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2011-6-23 14720]
R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2011-6-23 152960]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-7-10 69152]
R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-14 15424]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-14 50768]
R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2011-6-23 213888]
R0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-13 19008]
R0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;C:\Windows\System32\drivers\vmstorfl.sys [2011-6-23 46464]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-6-11 1263200]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-14 36432]
R0 vmbus;Virtual Machine Bus;C:\Windows\System32\drivers\vmbus.sys [2011-6-23 199552]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2011-6-23 71552]
R0 volmgrx;Dynamic Volume Manager;C:\Windows\System32\drivers\volmgrx.sys [2011-6-23 363392]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-6-11 21104]
R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-14 45056]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2011-5-2 16016]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-5-2 252344]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-5-2 41712]
R1 CSC;Offline Files Driver;C:\Windows\System32\drivers\csc.sys [2011-6-23 514560]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2011-6-23 102400]
R1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-14 40448]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-14 24576]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-14 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-14 8192]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\System32\drivers\tdx.sys [2011-6-23 119296]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\System32\drivers\wanarp.sys [2011-6-23 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-14 12800]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-7-6 3246040]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-25 204288]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 bbtest_svc;Broadband Test Application;C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-3-24 815104]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 cmdagent;COMODO Internet Security Helper Service;C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-5-9 2528096]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-6-11 21992]
R2 CscService;Offline Files;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-6-11 68136]
R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-14 27136]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-14 60928]
R2 luafv;UAC File Virtualization;C:\Windows\System32\drivers\luafv.sys [2009-7-14 113152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-11 366640]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-14 651264]
R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-14 27136]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-6-11 114688]
R2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2011-6-23 45056]
R2 TunerFreeMCEService;TunerFreeMCEService;C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [2011-4-26 13824]
R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2011-6-23 229888]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-7-6 285280]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-5-25 9359872]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-5-25 309760]
R3 bowser;Browser Support Driver;C:\Windows\System32\drivers\bowser.sys [2011-6-11 90624]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2011-6-23 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2011-6-23 982912]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-5-25 52608]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-3-7 76160]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2009-7-14 31232]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-11 25912]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-11 56344]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-14 30208]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-14 77312]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2011-6-16 289280]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2011-6-16 128000]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\System32\drivers\Ph3xIB64.sys [2009-6-10 1627520]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-14 60416]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-14 24064]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-7 539240]
R3 srv2;Server SMB 2.xxx Driver;C:\Windows\System32\drivers\srv2.sys [2011-6-16 410112]
R3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2011-6-16 168448]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2011-6-23 125440]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2011-6-23 48640]
R3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-7-10 93360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2011-6-23 3524608]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2011-6-23 12800]
S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-13 339536]
S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2011-7-13 107904]
S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
S3 AppID;AppID Driver;C:\Windows\System32\drivers\appid.sys [2011-6-23 61440]
S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-13 97856]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-11 116752]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-14 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-14 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-14 8704]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-14 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-14 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-14 14976]
S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-14 45568]
S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-14 27136]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-10 3286016]
S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-10 530496]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-6-11 25640]
S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-14 34304]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-14 55376]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-6-13 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-7-5 130976]
S3 GService;Easy Tune;C:\Program Files (x86)\GIGABYTE\ET6\GService.exe [2010-11-10 40960]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-6-11 30528]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2011-6-23 78720]
S3 iaStorV;Intel RAID Controller Windows 7;C:\Windows\System32\drivers\iaStorV.sys [2011-7-13 410496]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2011-6-23 78848]
S3 iScsiPrt;iScsiPort Driver;C:\Windows\System32\drivers\msiscsi.sys [2011-6-23 273792]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-14 27136]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-9-24 1181328]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-10 35392]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\System32\drivers\mpio.sys [2011-6-23 155008]
S3 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2011-6-23 31104]
S3 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\System32\drivers\msdsm.sys [2011-6-23 140672]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-14 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2011-6-23 366976]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-14 15360]
S3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-14 318976]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-14 35328]
S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2011-7-13 166272]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PeerDistSvc;BranchCache;C:\Windows\System32\svchost.exe -k PeerDist [2009-7-14 27136]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-14 20992]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-23 20992]
S3 s3cap;s3cap;C:\Windows\System32\drivers\vms3cap.sys [2011-6-23 6656]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\System32\drivers\scfilter.sys [2011-6-23 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-14 27136]
S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-14 13824]
S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-14 93184]
S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-13 24656]
S3 storvsc;storvsc;C:\Windows\System32\drivers\storvsc.sys [2011-6-23 34688]
S3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2011-6-23 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2011-6-23 39424]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-14 40960]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-14 64592]
S3 UmRdpService;Remote Desktop Services UserMode Port Redirector;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2009-7-14 100352]
S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2009-7-14 31232]
S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2011-6-23 215936]
S3 VMBusHID;VMBusHID;C:\Windows\System32\drivers\VMBusHID.sys [2011-6-23 21760]
S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
S3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-14 24576]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-14 27776]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-11 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2011-6-23 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-14 27136]
S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-14 27136]
S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-14 21056]
S3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-14 27136]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-14 22096]
S3 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-14 27136]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 WPCSvc;Parental Controls;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
S4 Appupdater;Appupdater;C:\Program Files (x86)\Appupdater\appupdaters.exe [2009-4-22 2756979]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-14 06:17:44 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\qliner
2011-07-13 16:38:17 -------- d-----w- C:\Users\Media Centre\AppData\Local\ElevatedDiagnostics
2011-07-13 16:36:53 -------- d-----w- C:\Program Files (x86)\Unknown Device Identifier
2011-07-13 06:23:09 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-07-13 06:23:08 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-07-13 06:23:08 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-07-13 06:23:08 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-07-13 06:23:08 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-07-13 06:23:08 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-07-13 06:23:08 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-07-13 06:22:44 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-07-13 06:22:44 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-07-13 06:22:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-07-13 06:21:29 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-07-13 06:21:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-07-13 06:21:28 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-07-13 06:21:28 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-07-13 06:21:28 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-07-13 06:21:28 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-07-13 06:21:28 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-07-13 06:21:28 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-07-13 06:21:28 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-07-13 06:21:28 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-07-13 06:21:28 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-07-11 20:49:50 -------- d-----w- C:\Users\Media Centre\AppData\Local\Chromium
2011-07-11 06:53:53 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\Macro Recorder
2011-07-11 06:49:16 302184 ----a-w- C:\Windows\amuninst.exe
2011-07-11 06:49:16 -------- d-----w- C:\Program Files\American Systems
2011-07-11 06:36:15 -------- d-----w- C:\Program Files (x86)\Qliner Hotkeys
2011-07-11 06:25:19 -------- d-----w- C:\Program Files (x86)\AutoHotkey
2011-07-11 06:21:59 -------- d-----w- C:\Program Files (x86)\AC Tool
2011-07-10 15:57:27 15880 ----a-w- C:\Windows\System32\lsdelete.exe
2011-07-10 11:18:59 -------- d-----w- C:\Users\Media Centre\AppData\Local\Sunbelt Software
2011-07-10 11:16:52 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-07-10 11:16:42 93360 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-07-10 11:14:58 -------- dc-h--w- C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}
2011-07-10 11:14:56 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-07-10 09:05:34 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\QuickScan
2011-07-10 09:03:00 -------- d-----w- C:\Program Files (x86)\ESET
2011-07-09 06:49:46 -------- d-s---w- C:\ComboFix
2011-07-08 06:44:25 -------- d-----w- C:\Mod_BIOS_HD_6950
2011-07-08 06:42:30 -------- d-----w- C:\ati_winflash_2.0.1.14
2011-07-08 06:25:15 -------- d-----w- C:\Program Files (x86)\MSI Kombustor
2011-07-08 06:24:57 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll
2011-07-07 21:28:30 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-07-07 21:28:30 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-07-07 21:17:50 53248 ----a-r- C:\Users\Media Centre\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-07-07 17:55:52 73728 ----a-w- C:\Windows\system\vdremote.dll
2011-07-07 17:55:52 65536 ----a-w- C:\Windows\system\vdsvrlnk.dll
2011-07-07 06:21:47 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-07-06 20:40:20 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-07-06 20:40:20 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2011-07-06 20:40:19 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-07-06 18:09:40 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-07-06 17:15:55 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2011-07-06 17:15:55 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\C65C1E7F-D311-430A-8691-B7C3D7A3D6FF
2011-07-06 17:15:55 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\271B7EB2-D121-41A0-9944-2E5941B5A648
2011-07-06 17:15:49 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2011-07-05 20:18:57 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\SUPERAntiSpyware.com
2011-07-05 20:18:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-05 20:18:54 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-05 20:18:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-05 16:46:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-07-05 16:46:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-05 06:55:40 -------- d-----w- C:\Users\Media Centre\AppData\Local\IsolatedStorage
2011-07-05 06:55:39 -------- d-----w- C:\Users\Media Centre\AppData\Local\Futuremark_Corporation
2011-07-05 06:37:33 -------- d-----w- C:\Program Files (x86)\Futuremark
2011-07-05 06:36:37 -------- d-----w- C:\Program Files\Futuremark
2011-07-02 20:10:36 -------- d-----w- C:\ProgramData\TomTom
2011-07-02 20:10:12 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\TomTom
2011-07-02 20:10:12 -------- d-----w- C:\Users\Media Centre\AppData\Local\TomTom
2011-07-02 20:10:04 -------- d-----w- C:\Program Files (x86)\TomTom International B.V
2011-07-02 20:09:54 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2
2011-06-30 17:02:52 -------- d-----w- C:\ProgramData\Soulseek
2011-06-30 16:37:25 -------- d-----w- C:\Program Files (x86)\Consumer Input
2011-06-27 06:46:46 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-06-26 19:25:42 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\mp3DirectCut
2011-06-26 19:07:18 -------- d-----w- C:\Program Files (x86)\mp3DirectCut
2011-06-26 05:51:15 -------- d-----w- C:\Windows\System32\SPReview
2011-06-26 05:49:58 -------- d-----w- C:\Windows\System32\EventProviders
2011-06-24 17:45:56 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\AV Soft
2011-06-23 19:27:59 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2011-06-23 19:26:59 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2011-06-23 19:25:19 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-23 15:22:26 -------- d-----w- C:\Program Files (x86)\Westwood Chat
2011-06-22 16:56:59 -------- d-----w- C:\Users\Media Centre\AppData\Local\Origin
2011-06-22 16:56:39 -------- d-----w- C:\ProgramData\Origin
2011-06-22 16:56:39 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-06-22 16:56:17 -------- d-----w- C:\Program Files (x86)\Origin
2011-06-22 16:54:32 -------- d-----w- C:\ProgramData\Electronic Arts
2011-06-22 16:52:25 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2011-06-21 20:45:48 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2011-06-21 20:45:48 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2011-06-21 20:45:47 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2011-06-21 20:45:47 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2011-06-21 20:45:47 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2011-06-21 20:45:46 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2011-06-21 20:45:45 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2011-06-21 20:45:44 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2011-06-21 20:44:29 -------- d-----w- C:\Windows\SysWow64\directx
2011-06-21 20:00:33 -------- d-----w- C:\Program Files (x86)\EA Games
2011-06-19 21:34:48 -------- d-----w- C:\Users\Media Centre\AppData\Local\Adobe
2011-06-19 18:03:45 -------- d-----w- C:\ProgramData\MillieSoft
2011-06-19 18:03:45 -------- d-----w- C:\Program Files (x86)\MillieSoft
2011-06-19 17:07:22 31080 ----a-w- C:\Windows\SysWow64\drivers\hid8106.sys
2011-06-19 17:07:21 73728 ----a-w- C:\Windows\SysWow64\dancemat.exe
.
==================== Find3M ====================
.
2011-07-14 02:21:38 25640 ----a-w- C:\Windows\gdrv.sys
2011-07-10 19:32:55 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-07-08 06:56:37 30528 ----a-w- C:\Windows\GVTDrv64.sys
2011-07-07 21:34:05 25640 ----a-w- C:\Windows\etdrv.sys
2011-07-06 17:35:47 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-06 17:15:51 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2011-06-30 08:38:08 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-06-30 08:38:07 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-06-30 08:38:06 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-06-30 08:37:25 285256 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-06-30 08:37:24 363560 ----a-w- C:\Windows\System32\guard64.dll
2011-06-26 05:58:08 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-06-26 05:58:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-12 07:14:00 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-06-12 07:14:00 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-06-12 07:13:59 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-06-12 07:13:59 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-06-11 20:24:00 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2011-06-11 20:24:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2011-06-11 20:24:00 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-11 19:17:59 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-06-11 17:05:42 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
2011-06-11 06:43:45 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-06-11 06:43:45 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2011-06-11 01:15:38 0 ----a-w- C:\Windows\ativpsrm.bin
2011-06-10 13:34:52 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-29 08:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 08:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-25 18:19:00 76160 ----a-w- C:\Windows\System32\drivers\EtronXHCI.sys
2011-05-25 18:19:00 52608 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys
2011-05-25 04:26:56 9359872 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-05-25 03:53:28 23336960 ----a-w- C:\Windows\System32\atio6axx.dll
2011-05-25 03:31:38 17940992 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-05-25 03:07:58 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-05-25 03:07:48 688128 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-05-25 03:06:38 811008 ----a-w- C:\Windows\System32\aticfx64.dll
2011-05-25 03:04:16 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-05-25 03:04:10 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2011-05-25 03:03:38 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-05-25 03:02:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-05-25 03:02:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-05-25 03:02:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-05-25 03:02:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-05-25 03:01:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-05-25 03:01:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-05-25 03:01:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-05-25 03:00:00 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-05-25 02:59:38 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-05-25 02:59:26 3810816 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-05-25 02:58:52 4219904 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-05-25 02:50:38 4017152 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-05-25 02:49:44 5008384 ----a-w- C:\Windows\System32\atidxx64.dll
2011-05-25 02:47:40 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-05-25 02:47:38 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-05-25 02:47:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-05-25 02:47:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-05-25 02:47:18 8489472 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-05-25 02:43:52 6847488 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-05-25 02:39:16 4330496 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-05-25 02:38:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-05-25 02:38:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-05-25 02:38:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-05-25 02:38:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-05-25 02:33:04 5486592 ----a-w- C:\Windows\System32\atiumd64.dll
2011-05-25 02:26:18 366592 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-05-25 02:26:12 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-05-25 02:26:04 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-05-25 02:26:00 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-05-25 02:26:00 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-05-25 02:25:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-05-25 02:25:48 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-05-25 02:25:42 309760 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-05-25 02:24:58 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-05-25 02:24:50 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-05-25 02:24:44 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-05-25 02:24:36 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-05-25 02:24:08 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-05-25 02:19:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-05-24 22:44:30 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-05-24 22:44:26 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-05-24 22:44:04 16672768 ----a-w- C:\Windows\System32\amdocl64.dll
2011-05-24 22:43:50 12798976 ----a-w- C:\Windows\SysWow64\amdocl.dll
.
============= FINISH: 21:34:47.79 ===============

Share this post


Link to post
Share on other sites

Hi,

Please avoid using code boxes for logs.

I notice that you are using more than one antivirus program (Comodo and Lavasoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Reboot.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Share this post


Link to post
Share on other sites

+ComboFix 11-07-20.05 - Media Centre 07/21/2011 7:29.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.5468 [GMT 1:00]

Running from: d:\downloads\ComboFix.exe

AV: COMODO Antivirus *Disabled/Outdated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}

FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Steam\Steam.exe

c:\users\Media Centre\AppData\Local\common_functions.dll

c:\users\Media Centre\AppData\Local\ie_runner_app.exe

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))

.

.

2011-07-21 06:38 . 2011-07-21 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files\iTunes

2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files (x86)\iTunes

2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files\iPod

2011-07-20 16:26 . 2011-07-20 16:26 -------- d-----w- c:\program files\Bonjour

2011-07-20 16:26 . 2011-07-20 16:26 -------- d-----w- c:\program files (x86)\Bonjour

2011-07-14 06:17 . 2011-07-14 06:17 -------- d-----w- c:\users\Media Centre\AppData\Roaming\qliner

2011-07-13 16:38 . 2011-07-13 16:38 -------- d-----w- c:\users\Media Centre\AppData\Local\ElevatedDiagnostics

2011-07-13 16:36 . 2011-07-13 16:36 -------- d-----w- c:\program files (x86)\Unknown Device Identifier

2011-07-13 06:23 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-07-13 06:23 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-07-13 06:23 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-07-13 06:23 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-07-13 06:23 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-07-13 06:23 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-07-13 06:23 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-07-13 06:22 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2011-07-13 06:22 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2011-07-13 06:22 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-07-13 06:21 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2011-07-13 06:21 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe

2011-07-13 06:21 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2011-07-13 06:21 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-07-13 06:21 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-07-13 06:21 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-07-13 06:21 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-07-13 06:21 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-07-13 06:21 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-07-13 06:21 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2011-07-13 06:21 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2011-07-12 10:34 . 2011-07-12 10:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 10:34 . 2011-07-12 10:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 10:34 . 2011-07-12 10:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 10:34 . 2011-07-12 10:34 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-11 20:49 . 2011-07-11 20:49 -------- d-----w- c:\users\Media Centre\AppData\Local\Chromium

2011-07-11 06:53 . 2011-07-11 06:53 -------- d-----w- c:\users\Media Centre\AppData\Roaming\Macro Recorder

2011-07-11 06:49 . 2011-07-11 06:49 -------- d-----w- c:\program files\American Systems

2011-07-11 06:49 . 2008-07-01 12:24 302184 ----a-w- c:\windows\amuninst.exe

2011-07-11 06:36 . 2011-07-11 06:36 -------- d-----w- c:\program files (x86)\Qliner Hotkeys

2011-07-11 06:25 . 2011-07-11 06:25 -------- d-----w- c:\program files (x86)\AutoHotkey

2011-07-11 06:21 . 2011-07-11 06:22 -------- d-----w- c:\program files (x86)\AC Tool

2011-07-10 11:18 . 2011-07-10 11:18 -------- d-----w- c:\users\Media Centre\AppData\Local\Sunbelt Software

2011-07-10 11:16 . 2011-07-10 11:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-07-10 11:14 . 2011-07-21 06:14 -------- d-----w- c:\programdata\Lavasoft

2011-07-10 09:05 . 2011-07-10 09:05 -------- d-----w- c:\users\Media Centre\AppData\Roaming\QuickScan

2011-07-10 09:03 . 2011-07-10 09:03 -------- d-----w- c:\program files (x86)\ESET

2011-07-08 06:44 . 2011-07-08 06:48 -------- d-----w- C:\Mod_BIOS_HD_6950

2011-07-08 06:42 . 2011-07-08 06:49 -------- d-----w- C:\ati_winflash_2.0.1.14

2011-07-08 06:25 . 2011-07-08 06:25 -------- d-----w- c:\program files (x86)\MSI Kombustor

2011-07-08 06:24 . 2010-10-27 02:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll

2011-07-07 21:28 . 2011-06-10 13:34 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2011-07-07 21:28 . 2011-06-10 13:34 539240 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2011-07-07 21:17 . 2011-07-07 21:17 53248 ----a-r- c:\users\Media Centre\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-07-07 17:55 . 2010-12-24 12:18 73728 ----a-w- c:\windows\system\vdremote.dll

2011-07-07 17:55 . 2010-12-24 12:17 65536 ----a-w- c:\windows\system\vdsvrlnk.dll

2011-07-06 20:40 . 2010-01-10 18:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2011-07-06 20:40 . 2010-01-10 18:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2011-07-06 20:40 . 2011-07-06 20:40 -------- d-----w- c:\program files (x86)\SpywareBlaster

2011-07-06 18:09 . 2011-07-06 18:09 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2011-07-06 17:15 . 2011-07-06 17:15 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys

2011-07-06 17:15 . 2011-07-06 17:15 -------- d-----w- c:\users\Media Centre\AppData\Roaming\C65C1E7F-D311-430A-8691-B7C3D7A3D6FF

2011-07-06 17:15 . 2011-07-06 17:15 -------- d-----w- c:\users\Media Centre\AppData\Roaming\271B7EB2-D121-41A0-9944-2E5941B5A648

2011-07-06 17:15 . 2011-07-06 17:15 970336 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-07-05 20:18 . 2011-07-05 20:18 -------- d-----w- c:\users\Media Centre\AppData\Roaming\SUPERAntiSpyware.com

2011-07-05 20:18 . 2011-07-05 20:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-07-05 20:18 . 2011-07-05 20:18 -------- d-----w- c:\programdata\!SASCORE

2011-07-05 20:18 . 2011-07-09 06:27 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-05 16:46 . 2011-07-09 06:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-07-05 16:46 . 2011-07-05 16:53 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-07-05 06:55 . 2011-07-05 06:55 -------- d-----w- c:\users\Media Centre\AppData\Local\IsolatedStorage

2011-07-05 06:55 . 2011-07-05 06:55 -------- d-----w- c:\users\Media Centre\AppData\Local\Futuremark_Corporation

2011-07-05 06:37 . 2011-07-05 06:37 -------- d-----w- c:\program files (x86)\Futuremark

2011-07-05 06:36 . 2011-07-05 06:36 -------- d-----w- c:\program files\Futuremark

2011-07-02 20:10 . 2011-07-02 20:10 -------- d-----w- c:\programdata\TomTom

2011-07-02 20:10 . 2011-07-02 20:10 -------- d-----w- c:\users\Media Centre\AppData\Roaming\TomTom

2011-07-02 20:10 . 2011-07-02 20:10 -------- d-----w- c:\users\Media Centre\AppData\Local\TomTom

2011-07-02 20:10 . 2011-07-02 20:10 -------- d-----w- c:\program files (x86)\TomTom International B.V

2011-07-02 20:09 . 2011-07-02 20:09 -------- d-----w- c:\program files (x86)\TomTom HOME 2

2011-06-30 17:02 . 2011-07-14 06:19 -------- d-----w- c:\programdata\Soulseek

2011-06-30 16:37 . 2011-06-30 16:37 -------- d-----w- c:\program files (x86)\Consumer Input

2011-06-27 17:15 . 2011-06-27 17:15 -------- d-----w- c:\program files (x86)\Google

2011-06-27 06:47 . 2011-06-27 06:47 -------- d-----w- c:\programdata\ATI

2011-06-27 06:46 . 2011-06-27 06:46 -------- d-----w- c:\program files (x86)\AMD APP

2011-06-26 19:25 . 2011-06-26 19:25 -------- d-----w- c:\users\Media Centre\AppData\Roaming\mp3DirectCut

2011-06-26 19:07 . 2011-06-26 19:07 -------- d-----w- c:\program files (x86)\mp3DirectCut

2011-06-26 05:51 . 2011-06-26 05:51 -------- d-----w- c:\windows\system32\SPReview

2011-06-26 05:49 . 2011-06-26 05:49 -------- d-----w- c:\windows\system32\EventProviders

2011-06-24 17:45 . 2011-06-24 17:45 -------- d-----w- c:\users\Media Centre\AppData\Roaming\AV Soft

2011-06-23 19:27 . 2010-11-20 13:33 289664 ----a-w- c:\windows\system32\drivers\fltMgr.sys

2011-06-23 19:26 . 2010-11-20 13:27 10752 ----a-w- c:\windows\system32\riched32.dll

2011-06-23 19:25 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-06-23 15:22 . 2011-06-23 15:22 -------- d-----w- c:\program files (x86)\Westwood Chat

2011-06-22 16:56 . 2011-06-22 16:56 -------- d-----w- c:\users\Media Centre\AppData\Local\Origin

2011-06-22 16:56 . 2011-06-22 16:57 -------- d-----w- c:\programdata\Origin

2011-06-22 16:56 . 2011-06-22 16:56 -------- d-----w- c:\program files (x86)\Origin Games

2011-06-22 16:56 . 2011-06-22 16:56 -------- d-----w- c:\program files (x86)\Origin

2011-06-22 16:54 . 2011-06-22 16:56 -------- d-----w- c:\programdata\Electronic Arts

2011-06-22 16:52 . 2011-06-22 16:52 -------- d-----w- c:\program files (x86)\Microsoft WSE

2011-06-22 16:39 . 2011-06-22 16:56 -------- d-----w- c:\program files (x86)\Electronic Arts

2011-06-21 20:45 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2011-06-21 20:45 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll

2011-06-21 20:45 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll

2011-06-21 20:45 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2011-06-21 20:45 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll

2011-06-21 20:45 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll

2011-06-21 20:45 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll

2011-06-21 20:45 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll

2011-06-21 20:00 . 2011-06-21 20:00 -------- d-----w- c:\program files (x86)\EA Games

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-21 06:17 . 2011-06-11 01:15 25640 ----a-w- c:\windows\gdrv.sys

2011-07-10 19:32 . 2011-06-11 06:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-07-08 06:56 . 2011-06-11 00:59 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-07-08 06:39 . 2011-07-08 06:42 430555 ----a-w- C:\ati_winflash_2.0.1.14.zip

2011-07-08 06:27 . 2011-07-08 06:44 2731134 ----a-w- C:\Mod_BIOS_HD_6950.zip

2011-07-07 21:34 . 2011-06-11 01:11 25640 ----a-w- c:\windows\etdrv.sys

2011-07-07 11:48 . 2011-06-11 11:10 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-07-07 11:48 . 2011-06-11 11:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-07-06 17:35 . 2011-06-11 12:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-06 17:15 . 2011-06-11 17:05 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2011-06-30 08:38 . 2011-05-07 15:17 92688 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-06-30 08:38 . 2011-05-02 19:36 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-06-30 08:38 . 2011-05-02 19:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-06-30 08:38 . 2011-05-02 19:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-06-30 08:37 . 2011-05-02 19:36 285256 ----a-w- c:\windows\SysWow64\guard32.dll

2011-06-30 08:37 . 2011-05-02 19:36 363560 ----a-w- c:\windows\system32\guard64.dll

2011-06-26 05:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-26 05:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-24 11:33 . 2011-06-11 11:27 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-06-24 11:32 . 2011-06-11 11:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-06-13 18:19 . 2011-06-13 18:19 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-06-13 11:47 . 2011-06-13 11:47 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-06-12 07:14 . 2011-06-12 07:14 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2011-06-12 07:14 . 2011-06-12 07:14 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2011-06-12 07:13 . 2011-06-12 07:13 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2011-06-12 07:13 . 2011-06-12 07:13 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2011-06-11 20:24 . 2011-06-11 20:24 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-11 20:24 . 2011-06-11 20:24 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-11 20:24 . 2011-06-11 20:24 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-06-11 20:23 . 2011-06-11 20:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-11 20:23 . 2011-06-11 20:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-11 20:23 . 2011-06-11 20:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-11 20:23 . 2011-06-11 20:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-11 20:23 . 2011-06-11 20:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-11 20:23 . 2011-06-11 20:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-11 20:23 . 2011-06-11 20:23 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-11 20:23 . 2011-06-11 20:23 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-11 20:23 . 2011-06-11 20:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-11 20:23 . 2011-06-11 20:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-11 20:23 . 2011-06-11 20:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-11 20:23 . 2011-06-11 20:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-11 20:23 . 2011-06-11 20:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-11 20:23 . 2011-06-11 20:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-11 20:23 . 2011-06-11 20:23 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-11 20:23 . 2011-06-11 20:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-11 20:23 . 2011-06-11 20:23 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-06-11 20:23 . 2011-06-11 20:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-11 20:23 . 2011-06-11 20:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-11 20:23 . 2011-06-11 20:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-11 20:23 . 2011-06-11 20:23 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-11 20:23 . 2011-06-11 20:23 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-11 20:23 . 2011-06-11 20:23 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-11 20:23 . 2011-06-11 20:23 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-11 20:23 . 2011-06-11 20:23 448512 ----a-w- c:\windows\system32\html.iec

2011-06-11 20:23 . 2011-06-11 20:23 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-11 20:23 . 2011-06-11 20:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-11 20:23 . 2011-06-11 20:23 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-11 20:23 . 2011-06-11 20:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-11 20:23 . 2011-06-11 20:23 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-11 20:23 . 2011-06-11 20:23 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-11 20:23 . 2011-06-11 20:23 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-11 20:23 . 2011-06-11 20:23 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-11 20:23 . 2011-06-11 20:23 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-11 20:23 . 2011-06-11 20:23 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-11 19:17 . 2011-06-11 19:17 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2011-06-11 17:05 . 2011-06-11 17:05 277088 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-06-11 12:43 . 2011-06-11 12:43 388096 ----a-r- c:\users\Media Centre\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-11 11:10 . 2011-06-11 11:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-06-11 11:09 . 2011-06-11 11:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-06-11 06:43 . 2011-06-11 06:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-06-11 06:43 . 2011-06-11 06:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2011-06-10 13:34 . 2011-06-11 01:02 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2011-06-03 05:57 . 2011-07-13 06:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-29 08:11 . 2011-06-11 12:44 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-29 08:11 . 2011-06-11 12:44 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-25 18:19 . 2011-05-25 18:19 52608 ----a-w- c:\windows\system32\drivers\EtronHub3.sys

2011-05-25 18:19 . 2011-03-07 16:22 76160 ----a-w- c:\windows\system32\drivers\EtronXHCI.sys

2011-05-25 04:26 . 2011-05-25 04:26 9359872 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-05-25 03:53 . 2011-05-25 03:53 23336960 ----a-w- c:\windows\system32\atio6axx.dll

2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll

2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-05-25 03:07 . 2011-04-20 02:09 688128 ----a-w- c:\windows\SysWow64\aticfx32.dll

2011-05-25 03:06 . 2010-11-18 10:29 811008 ----a-w- c:\windows\system32\aticfx64.dll

2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-05-25 03:04 . 2011-05-25 03:04 485376 ----a-w- c:\windows\system32\atieclxx.exe

2011-05-25 03:03 . 2011-05-25 03:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe

2011-05-25 03:02 . 2011-05-25 03:02 120320 ----a-w- c:\windows\system32\atitmm64.dll

2011-05-25 03:02 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll

2011-05-25 03:02 . 2010-11-18 10:25 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll

2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll

2011-05-25 03:01 . 2011-05-25 03:01 16384 ----a-w- c:\windows\system32\atimuixx.dll

2011-05-25 03:01 . 2011-05-25 03:01 59392 ----a-w- c:\windows\system32\atiedu64.dll

2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2011-05-25 03:00 . 2011-05-25 03:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2011-05-25 02:59 . 2011-05-25 02:59 3810816 ----a-w- c:\windows\system32\atiumd6a.dll

2011-05-25 02:58 . 2011-04-20 01:59 4219904 ----a-w- c:\windows\SysWow64\atidxx32.dll

2011-05-25 02:50 . 2011-05-25 02:50 4017152 ----a-w- c:\windows\SysWow64\atiumdva.dll

2011-05-25 02:49 . 2010-11-18 10:14 5008384 ----a-w- c:\windows\system32\atidxx64.dll

2011-05-25 02:47 . 2011-05-25 02:47 51200 ----a-w- c:\windows\system32\aticalrt64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

"Consumer Input Update"="c:\program files (x86)\Consumer Input\dca-ua.exe" [2011-02-21 175800]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-07-09 107000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-10 2536440]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-27 5550840]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

.

c:\users\Media Centre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWinKeys"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 atillk64;atillk64;c:\users\MEDIAC~1\AppData\Local\Temp\Rar$EX00.121\atillk64.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-07-07 25640]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]

R3 GService;Easy Tune;c:\program files (x86)\GIGABYTE\ET6\GService.exe [2010-11-10 40960]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-07-08 30528]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]

R3 MSICDSetup;MSICDSetup;G:\CDriver64.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 Appupdater;Appupdater;c:\program files (x86)\Appupdater\appupdaters.exe [2009-04-22 2756979]

R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-06 3246040]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 bbtest_svc;Broadband Test Application;c:\program files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-06-14 815104]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 TunerFreeMCEService;TunerFreeMCEService;c:\program files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [2011-04-26 13824]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x]

S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x]

S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022568182-3715623078-2412027832-1000Core.job

- c:\users\Media Centre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 08:03]

.

2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022568182-3715623078-2412027832-1000UA.job

- c:\users\Media Centre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 08:03]

.

2011-07-21 c:\windows\Tasks\IsposureAgent.job

- c:\program files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-03-24 17:28]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]

2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]

.

[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]

[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-05-17 390736]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]

"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM

IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\steam.exe

AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe

AddRemove-Steam App 218 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 240 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 260 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 34330 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 44320 - c:\program files (x86)\Steam\steam.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:68,c6,52,5a,ed,ee,85,70,9d,04,7c,9b,68,7f,17,ec,7c,c8,ef,9e,64,43,49,

ca,f9,c7,c0,a2,e8,9b,f2,3f,01,c2,9a,c3,96,48,93,c3,9a,8d,78,7a,3d,ed,b7,9b,\

"??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa

.

[HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\SecuROM\License information*]

"datasecu"=hex:ee,5a,30,0f,a7,26,53,38,80,ef,b6,b4,d2,6b,95,dd,1d,53,97,e2,50,

9e,f2,60,40,4a,69,be,73,18,21,80,41,9e,26,ca,76,01,73,bc,8c,33,d6,e5,a3,88,\

"rkeysecu"=hex:bb,99,c2,b0,96,01,dc,a8,1e,60,1a,1a,86,2a,f3,2c

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-07-21 07:39:40

ComboFix-quarantined-files.txt 2011-07-21 06:39

.

Pre-Run: 22,778,933,248 bytes free

Post-Run: 20,317,343,744 bytes free

.

- - End Of File - - A698437C29589020DE7EEEA5D27647F5

DDS (Ver_2011-07-14.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421

Run by Media Centre at 17:28:33 on 2011-07-21

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.5671 [GMT 1:00]

.

AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Consumer Input\dca-ua.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\explorer.exe

C:\Windows\ehome\ehRecvr.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

C:\Windows\system32\notepad.exe

C:\Windows\ehome\mcGlidHost.exe

C:\Users\Media Centre\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox3.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

uRun: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [sAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\MEDIAC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoWinKeys = dword:1

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM

IE: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{747C689B-E33D-4726-A4ED-0928A481B762} : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll

x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -

x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll

x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [VX1000] C:\Windows\vVX1000.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-6-11 1263200]

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-6-11 21104]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2011-5-2 16016]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-5-2 252344]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-5-2 41712]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-7-6 3246040]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-25 204288]

R2 bbtest_svc;Broadband Test Application;C:\Program Files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-3-24 815104]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-6-11 21992]

R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-6-11 68136]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-11 366640]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-6-11 114688]

R2 TunerFreeMCEService;TunerFreeMCEService;C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [2011-4-26 13824]

R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-7-6 285280]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-5-25 9359872]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-5-25 309760]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-5-25 52608]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-3-7 76160]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-11 25912]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-11 56344]

R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\System32\drivers\Ph3xIB64.sys [2009-6-10 1627520]

R3 RRNetCapMP;RRNetCapMP;C:\Windows\System32\drivers\rrnetcap.sys [2011-4-1 37480]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-7 539240]

S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-7-10 93360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-11 116752]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-6-11 25640]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-6-13 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-7-5 130976]

S3 GService;Easy Tune;C:\Program Files (x86)\GIGABYTE\ET6\GService.exe [2010-11-10 40960]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-6-11 30528]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-23 20992]

S3 RRNetCap;RRNetCap Service;C:\Windows\System32\drivers\rrnetcap.sys [2011-4-1 37480]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-11 1255736]

S4 Appupdater;Appupdater;C:\Program Files (x86)\Appupdater\appupdaters.exe [2009-4-22 2756979]

S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-07-21 06:28:09 98816 ----a-w- C:\Windows\sed.exe

2011-07-21 06:28:09 256000 ----a-w- C:\Windows\PEV.exe

2011-07-21 06:28:09 208896 ----a-w- C:\Windows\MBR.exe

2011-07-20 16:28:02 -------- d-----w- C:\Program Files\iTunes

2011-07-20 16:28:02 -------- d-----w- C:\Program Files\iPod

2011-07-20 16:28:02 -------- d-----w- C:\Program Files (x86)\iTunes

2011-07-20 16:26:33 -------- d-----w- C:\Program Files\Bonjour

2011-07-20 16:26:33 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-07-14 06:17:44 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\qliner

2011-07-13 16:38:17 -------- d-----w- C:\Users\Media Centre\AppData\Local\ElevatedDiagnostics

2011-07-13 16:36:53 -------- d-----w- C:\Program Files (x86)\Unknown Device Identifier

2011-07-13 06:23:09 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2011-07-13 06:23:08 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2011-07-13 06:23:08 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys

2011-07-13 06:23:08 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2011-07-13 06:23:08 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2011-07-13 06:23:08 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2011-07-13 06:23:08 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2011-07-13 06:22:44 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS

2011-07-13 06:22:44 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2011-07-13 06:22:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-07-13 06:21:29 96768 ----a-w- C:\Windows\System32\fsutil.exe

2011-07-13 06:21:29 2565632 ----a-w- C:\Windows\System32\esent.dll

2011-07-13 06:21:28 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2011-07-13 06:21:28 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-07-13 06:21:28 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-07-13 06:21:28 189824 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-07-13 06:21:28 1699328 ----a-w- C:\Windows\SysWow64\esent.dll

2011-07-13 06:21:28 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-07-13 06:21:28 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-07-13 06:21:28 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-07-13 06:21:28 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-07-12 10:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 10:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 10:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 10:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 10:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 10:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 10:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 10:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-07-11 20:49:50 -------- d-----w- C:\Users\Media Centre\AppData\Local\Chromium

2011-07-11 06:53:53 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\Macro Recorder

2011-07-11 06:49:16 302184 ----a-w- C:\Windows\amuninst.exe

2011-07-11 06:49:16 -------- d-----w- C:\Program Files\American Systems

2011-07-11 06:36:15 -------- d-----w- C:\Program Files (x86)\Qliner Hotkeys

2011-07-11 06:25:19 -------- d-----w- C:\Program Files (x86)\AutoHotkey

2011-07-11 06:21:59 -------- d-----w- C:\Program Files (x86)\AC Tool

2011-07-10 11:18:59 -------- d-----w- C:\Users\Media Centre\AppData\Local\Sunbelt Software

2011-07-10 11:16:42 93360 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2011-07-10 09:05:34 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\QuickScan

2011-07-10 09:03:00 -------- d-----w- C:\Program Files (x86)\ESET

2011-07-08 06:44:25 -------- d-----w- C:\Mod_BIOS_HD_6950

2011-07-08 06:42:30 -------- d-----w- C:\ati_winflash_2.0.1.14

2011-07-08 06:25:15 -------- d-----w- C:\Program Files (x86)\MSI Kombustor

2011-07-08 06:24:57 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll

2011-07-07 21:28:30 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-07-07 21:28:30 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-07-07 21:17:50 53248 ----a-r- C:\Users\Media Centre\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-07-07 17:55:52 73728 ----a-w- C:\Windows\system\vdremote.dll

2011-07-07 17:55:52 65536 ----a-w- C:\Windows\system\vdsvrlnk.dll

2011-07-07 06:21:47 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-07-06 20:40:20 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL

2011-07-06 20:40:20 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2011-07-06 20:40:19 -------- d-----w- C:\Program Files (x86)\SpywareBlaster

2011-07-06 18:09:40 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-07-06 17:15:55 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys

2011-07-06 17:15:55 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\C65C1E7F-D311-430A-8691-B7C3D7A3D6FF

2011-07-06 17:15:55 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\271B7EB2-D121-41A0-9944-2E5941B5A648

2011-07-06 17:15:49 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys

2011-07-05 20:18:57 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\SUPERAntiSpyware.com

2011-07-05 20:18:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-07-05 20:18:54 -------- d-----w- C:\ProgramData\!SASCORE

2011-07-05 20:18:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-07-05 16:46:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-07-05 16:46:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-07-05 06:55:40 -------- d-----w- C:\Users\Media Centre\AppData\Local\IsolatedStorage

2011-07-05 06:55:39 -------- d-----w- C:\Users\Media Centre\AppData\Local\Futuremark_Corporation

2011-07-05 06:37:33 -------- d-----w- C:\Program Files (x86)\Futuremark

2011-07-05 06:36:37 -------- d-----w- C:\Program Files\Futuremark

2011-07-02 20:10:36 -------- d-----w- C:\ProgramData\TomTom

2011-07-02 20:10:12 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\TomTom

2011-07-02 20:10:12 -------- d-----w- C:\Users\Media Centre\AppData\Local\TomTom

2011-07-02 20:10:04 -------- d-----w- C:\Program Files (x86)\TomTom International B.V

2011-07-02 20:09:54 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2

2011-06-30 17:02:52 -------- d-----w- C:\ProgramData\Soulseek

2011-06-30 16:37:25 -------- d-----w- C:\Program Files (x86)\Consumer Input

2011-06-27 06:46:46 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-06-26 19:25:42 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\mp3DirectCut

2011-06-26 19:07:18 -------- d-----w- C:\Program Files (x86)\mp3DirectCut

2011-06-26 05:51:15 -------- d-----w- C:\Windows\System32\SPReview

2011-06-26 05:49:58 -------- d-----w- C:\Windows\System32\EventProviders

2011-06-24 17:45:56 -------- d-----w- C:\Users\Media Centre\AppData\Roaming\AV Soft

2011-06-23 19:27:59 833024 ----a-w- C:\Windows\SysWow64\user32.dll

2011-06-23 19:26:59 61440 ----a-w- C:\Windows\System32\drivers\appid.sys

2011-06-23 19:25:19 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-06-23 15:22:26 -------- d-----w- C:\Program Files (x86)\Westwood Chat

2011-06-22 16:56:59 -------- d-----w- C:\Users\Media Centre\AppData\Local\Origin

2011-06-22 16:56:39 -------- d-----w- C:\ProgramData\Origin

2011-06-22 16:56:39 -------- d-----w- C:\Program Files (x86)\Origin Games

2011-06-22 16:56:17 -------- d-----w- C:\Program Files (x86)\Origin

2011-06-22 16:54:32 -------- d-----w- C:\ProgramData\Electronic Arts

2011-06-22 16:52:25 -------- d-----w- C:\Program Files (x86)\Microsoft WSE

2011-06-21 20:45:48 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll

2011-06-21 20:45:48 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll

2011-06-21 20:45:47 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll

2011-06-21 20:45:47 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll

2011-06-21 20:45:47 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll

2011-06-21 20:45:46 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll

2011-06-21 20:45:45 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll

2011-06-21 20:45:44 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll

2011-06-21 20:44:29 -------- d-----w- C:\Windows\SysWow64\directx

2011-06-21 20:00:33 -------- d-----w- C:\Program Files (x86)\EA Games

.

==================== Find3M ====================

.

2011-07-21 06:17:09 25640 ----a-w- C:\Windows\gdrv.sys

2011-07-10 19:32:55 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2011-07-08 06:56:37 30528 ----a-w- C:\Windows\GVTDrv64.sys

2011-07-07 21:34:05 25640 ----a-w- C:\Windows\etdrv.sys

2011-07-06 17:35:47 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-06 17:15:51 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys

2011-06-30 08:38:08 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2011-06-30 08:38:07 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2011-06-30 08:38:06 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2011-06-30 08:37:25 285256 ----a-w- C:\Windows\SysWow64\guard32.dll

2011-06-30 08:37:24 363560 ----a-w- C:\Windows\System32\guard64.dll

2011-06-26 05:58:08 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-26 05:58:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-06-12 07:14:00 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-06-12 07:14:00 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-06-12 07:13:59 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-06-12 07:13:59 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-06-11 20:24:00 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2011-06-11 20:24:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll

2011-06-11 20:24:00 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-06-11 19:17:59 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2011-06-11 17:05:42 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys

2011-06-11 06:43:45 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-06-11 06:43:45 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2011-06-11 01:15:38 0 ----a-w- C:\Windows\ativpsrm.bin

2011-06-10 13:34:52 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-29 08:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-29 08:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-05-25 18:19:00 76160 ----a-w- C:\Windows\System32\drivers\EtronXHCI.sys

2011-05-25 18:19:00 52608 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys

2011-05-25 04:26:56 9359872 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-05-25 03:53:28 23336960 ----a-w- C:\Windows\System32\atio6axx.dll

2011-05-25 03:31:38 17940992 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-05-25 03:07:58 151552 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-05-25 03:07:48 688128 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-05-25 03:06:38 811008 ----a-w- C:\Windows\System32\aticfx64.dll

2011-05-25 03:04:16 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-05-25 03:04:10 485376 ----a-w- C:\Windows\System32\atieclxx.exe

2011-05-25 03:03:38 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-05-25 03:02:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-05-25 03:02:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-05-25 03:02:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-05-25 03:02:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-05-25 03:01:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll

2011-05-25 03:01:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-05-25 03:01:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-05-25 03:00:00 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-05-25 02:59:38 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-05-25 02:59:26 3810816 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-05-25 02:58:52 4219904 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-05-25 02:50:38 4017152 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-05-25 02:49:44 5008384 ----a-w- C:\Windows\System32\atidxx64.dll

2011-05-25 02:47:40 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-05-25 02:47:38 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-05-25 02:47:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-05-25 02:47:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-05-25 02:47:18 8489472 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-05-25 02:43:52 6847488 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-05-25 02:39:16 4330496 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-05-25 02:38:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll

2011-05-25 02:38:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-05-25 02:38:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-05-25 02:38:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-05-25 02:33:04 5486592 ----a-w- C:\Windows\System32\atiumd64.dll

2011-05-25 02:26:18 366592 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-05-25 02:26:12 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-05-25 02:26:04 14848 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-05-25 02:26:00 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-05-25 02:26:00 12800 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-05-25 02:25:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-05-25 02:25:48 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-05-25 02:25:42 309760 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-05-25 02:24:58 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-05-25 02:24:50 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-05-25 02:24:44 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-05-25 02:24:36 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-05-25 02:24:08 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-05-25 02:19:00 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-05-24 22:44:30 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-05-24 22:44:26 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-05-24 22:44:04 16672768 ----a-w- C:\Windows\System32\amdocl64.dll

2011-05-24 22:43:50 12798976 ----a-w- C:\Windows\SysWow64\amdocl.dll

.

============= FINISH: 17:30:01.95 ===============

Share this post


Link to post
Share on other sites

Hi,

My apologies for the delay. I wasn't notified of your reply.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Share this post


Link to post
Share on other sites

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=1dadabdacc97944cb17ba5761f9731ab

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-07-10 10:46:08

# local_time=2011-07-10 11:46:08 (+0000, GMT Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 2492588 2492588 0 0

# compatibility_mode=3073 16777213 80 75 7319 865806 0 0

# compatibility_mode=5893 16776574 100 94 1132887 62753861 0 0

# compatibility_mode=8192 67108863 100 0 231 231 0 0

# scanned=386994

# found=2

# cleaned=2

# scan_time=5956

D:\Downloads\Tag & Rename 3.5.7+Patch[h33t][eSpNs].rar a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Downloads\Unlocker1.9.1.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=1dadabdacc97944cb17ba5761f9731ab

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-31 10:06:10

# local_time=2011-07-31 11:06:10 (+0000, GMT Daylight Time)

# country="United States"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 4353744 4353744 0 0

# compatibility_mode=3073 16777213 80 75 5688 2726962 0 0

# compatibility_mode=5893 16776574 100 94 2994043 64615017 0 0

# compatibility_mode=8192 67108863 100 0 1861387 1861387 0 0

# scanned=164

# found=0

# cleaned=0

# scan_time=2

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=1dadabdacc97944cb17ba5761f9731ab

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-08-01 12:04:55

# local_time=2011-08-01 01:04:55 (+0000, GMT Daylight Time)

# country="United States"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 4353774 4353774 0 0

# compatibility_mode=3073 16777213 80 75 5718 2726992 0 0

# compatibility_mode=5893 16776574 100 94 2994073 64615047 0 0

# compatibility_mode=8192 67108863 100 0 1861417 1861417 0 0

# scanned=406476

# found=0

# cleaned=0

# scan_time=7099

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player 10.3.181.34

Adobe Reader X (10.1.0)

Mozilla Firefox (x86 en-GB..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe

``````````End of Log````````````

Share this post


Link to post
Share on other sites

Hi,'

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Restart your computer.

Let me know what issues remain.

-screen317

Share this post


Link to post
Share on other sites

Unfortunately, when I renamed firefox3.exe back to firefox.exe I get the crashing problems back and instability issues.

Share this post


Link to post
Share on other sites

Hi,

Uninstall Firefox completely. Reboot.

Get the latest version of Firefox from Mozilla. Install it, reboot, and see if the problem persists.

Share this post


Link to post
Share on other sites

Hi,

Uninstall Firefox completely. Reboot.

Get the latest version of Firefox from Mozilla. Install it, reboot, and see if the problem persists.

Unfortunately, that didn't work.

Share this post


Link to post
Share on other sites

Hi,

Please grab a fresh copy of ComboFix, run it, and post its log.

Share this post


Link to post
Share on other sites

Are you still with us? This topic will be closed in a few days if you do not respond.

Share this post


Link to post
Share on other sites

Still with you, unfortunately I am on holiday so unable to test your suggestion.

Share this post


Link to post
Share on other sites

It's really annoying, whenever I use this program it deletes Steam!

ComboFix 11-08-14.02 - Media Centre 08/14/2011 8:31.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8175.5993 [GMT 1:00]

Running from: d:\downloads\ComboFix.exe

AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}

FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Steam\steam.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))

.

.

2011-08-14 07:36 . 2011-08-14 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-10 22:21 . 2011-07-16 05:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-08-03 17:47 . 2011-08-03 17:51 -------- d-----w- c:\users\Media Centre\AppData\Roaming\GetRightToGo

2011-08-03 17:47 . 2011-08-03 17:47 -------- d-----w- c:\programdata\NCH Software

2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files\iTunes

2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files (x86)\iTunes

2011-07-20 16:28 . 2011-07-20 16:28 -------- d-----w- c:\program files\iPod

2011-07-20 16:26 . 2011-07-20 16:26 -------- d-----w- c:\program files\Bonjour

2011-07-20 16:26 . 2011-07-20 16:26 -------- d-----w- c:\program files (x86)\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-11 02:25 . 2011-06-11 01:15 25640 ----a-w- c:\windows\gdrv.sys

2011-07-16 04:26 . 2011-08-10 22:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-12 10:34 . 2011-07-12 10:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 10:34 . 2011-07-12 10:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 10:34 . 2011-07-12 10:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 10:34 . 2011-07-12 10:34 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-10 19:32 . 2011-06-11 06:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-07-10 11:16 . 2011-07-10 11:16 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-07-08 06:56 . 2011-06-11 00:59 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-07-08 06:39 . 2011-07-08 06:42 430555 ----a-w- C:\ati_winflash_2.0.1.14.zip

2011-07-08 06:27 . 2011-07-08 06:44 2731134 ----a-w- C:\Mod_BIOS_HD_6950.zip

2011-07-07 21:34 . 2011-06-11 01:11 25640 ----a-w- c:\windows\etdrv.sys

2011-07-07 21:17 . 2011-07-07 21:17 53248 ----a-r- c:\users\Media Centre\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-07-07 11:48 . 2011-06-11 11:10 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-07-07 11:48 . 2011-06-11 11:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-07-06 17:35 . 2011-06-11 12:43 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-06 17:15 . 2011-07-06 17:15 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys

2011-07-06 17:15 . 2011-06-11 17:05 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2011-07-06 17:15 . 2011-07-06 17:15 970336 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-06-30 08:38 . 2011-05-07 15:17 92688 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-06-30 08:38 . 2011-05-02 19:36 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-06-30 08:38 . 2011-05-02 19:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-06-30 08:38 . 2011-05-02 19:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-06-30 08:37 . 2011-05-02 19:36 285256 ----a-w- c:\windows\SysWow64\guard32.dll

2011-06-30 08:37 . 2011-05-02 19:36 363560 ----a-w- c:\windows\system32\guard64.dll

2011-06-26 05:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-26 05:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-24 11:33 . 2011-06-11 11:27 2588952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-06-24 11:32 . 2011-06-11 11:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-06-13 18:19 . 2011-06-13 18:19 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-06-13 11:47 . 2011-06-13 11:47 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-06-12 07:14 . 2011-06-12 07:14 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2011-06-12 07:14 . 2011-06-12 07:14 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2011-06-12 07:13 . 2011-06-12 07:13 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2011-06-12 07:13 . 2011-06-12 07:13 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2011-06-11 20:24 . 2011-06-11 20:24 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-11 20:24 . 2011-06-11 20:24 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-11 20:23 . 2011-06-11 20:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-11 20:23 . 2011-06-11 20:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-11 20:23 . 2011-06-11 20:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-11 20:23 . 2011-06-11 20:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-11 20:23 . 2011-06-11 20:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-11 20:23 . 2011-06-11 20:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-11 20:23 . 2011-06-11 20:23 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-11 20:23 . 2011-06-11 20:23 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-11 20:23 . 2011-06-11 20:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-11 20:23 . 2011-06-11 20:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-11 20:23 . 2011-06-11 20:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-11 20:23 . 2011-06-11 20:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-11 20:23 . 2011-06-11 20:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-11 20:23 . 2011-06-11 20:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-11 20:23 . 2011-06-11 20:23 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-11 20:23 . 2011-06-11 20:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-11 20:23 . 2011-06-11 20:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-11 20:23 . 2011-06-11 20:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-11 20:23 . 2011-06-11 20:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-11 20:23 . 2011-06-11 20:23 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-11 20:23 . 2011-06-11 20:23 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-11 20:23 . 2011-06-11 20:23 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-11 20:23 . 2011-06-11 20:23 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-11 20:23 . 2011-06-11 20:23 448512 ----a-w- c:\windows\system32\html.iec

2011-06-11 20:23 . 2011-06-11 20:23 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-11 20:23 . 2011-06-11 20:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-11 20:23 . 2011-06-11 20:23 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-11 20:23 . 2011-06-11 20:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-11 20:23 . 2011-06-11 20:23 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-11 20:23 . 2011-06-11 20:23 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-11 20:23 . 2011-06-11 20:23 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-11 20:23 . 2011-06-11 20:23 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-11 20:23 . 2011-06-11 20:23 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-11 20:23 . 2011-06-11 20:23 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-11 19:17 . 2011-06-11 19:17 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2011-06-11 17:05 . 2011-06-11 17:05 277088 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-06-11 12:43 . 2011-06-11 12:43 388096 ----a-r- c:\users\Media Centre\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-11 11:10 . 2011-06-11 11:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-06-11 11:09 . 2011-06-11 11:09 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-06-11 06:43 . 2011-06-11 06:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-06-11 06:43 . 2011-06-11 06:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2011-06-11 03:07 . 2011-07-13 06:22 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-06-11 00:58 . 2011-06-11 00:58 81744 ----a-w- c:\windows\SysWow64\mfcm100u.dll

2011-06-11 00:58 . 2011-06-11 00:58 81744 ----a-w- c:\windows\SysWow64\mfcm100.dll

2011-06-11 00:58 . 2011-06-11 00:58 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll

2011-06-11 00:58 . 2011-06-11 00:58 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll

2011-06-11 00:58 . 2011-06-11 00:58 64336 ----a-w- c:\windows\SysWow64\mfc100deu.dll

2011-06-11 00:58 . 2011-06-11 00:58 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll

2011-06-11 00:58 . 2011-06-11 00:58 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll

2011-06-11 00:58 . 2011-06-11 00:58 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll

2011-06-11 00:58 . 2011-06-11 00:58 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll

2011-06-11 00:58 . 2011-06-11 00:58 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll

2011-06-11 00:58 . 2011-06-11 00:58 4422992 ----a-w- c:\windows\SysWow64\mfc100u.dll

2011-06-11 00:58 . 2011-06-11 00:58 4397384 ----a-w- c:\windows\SysWow64\mfc100.dll

2011-06-11 00:58 . 2011-06-11 00:58 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll

2011-06-11 00:58 . 2011-06-11 00:58 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll

2011-06-11 00:58 . 2011-06-11 00:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

2011-06-11 00:58 . 2011-06-11 00:58 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll

2011-06-11 00:58 . 2011-06-11 00:58 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

"Consumer Input Update"="c:\program files (x86)\Consumer Input\dca-ua.exe" [2011-02-21 175800]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-08-13 107000]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-10 2536440]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-27 5550840]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWinKeys"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 atillk64;atillk64;c:\users\MEDIAC~1\AppData\Local\Temp\Rar$EX00.121\atillk64.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-07-07 25640]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]

R3 GService;Easy Tune;c:\program files (x86)\GIGABYTE\ET6\GService.exe [2010-11-10 40960]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-07-08 30528]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]

R3 MSICDSetup;MSICDSetup;G:\CDriver64.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 Appupdater;Appupdater;c:\program files (x86)\Appupdater\appupdaters.exe [2009-04-22 2756979]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-06 3246040]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 bbtest_svc;Broadband Test Application;c:\program files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-06-14 815104]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 TunerFreeMCEService;TunerFreeMCEService;c:\program files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [2011-04-26 13824]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x]

S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x]

S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022568182-3715623078-2412027832-1000Core.job

- c:\users\Media Centre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 08:03]

.

2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022568182-3715623078-2412027832-1000UA.job

- c:\users\Media Centre\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-12 08:03]

.

2011-08-14 c:\windows\Tasks\IsposureAgent.job

- c:\program files (x86)\Broadband Test Application\BroadbandTestApp.exe [2011-03-24 17:28]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]

2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]

.

[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]

[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-05-17 390736]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]

"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM

IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe

AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe

AddRemove-Steam App 218 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 240 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 260 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 34330 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 44320 - c:\program files (x86)\Steam\steam.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:68,c6,52,5a,ed,ee,85,70,9d,04,7c,9b,68,7f,17,ec,7c,c8,ef,9e,64,43,49,

ca,f9,c7,c0,a2,e8,9b,f2,3f,01,c2,9a,c3,96,48,93,c3,9a,8d,78,7a,3d,ed,b7,9b,\

"??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa

.

[HKEY_USERS\S-1-5-21-3022568182-3715623078-2412027832-1000\Software\SecuROM\License information*]

"datasecu"=hex:ee,5a,30,0f,a7,26,53,38,80,ef,b6,b4,d2,6b,95,dd,1d,53,97,e2,50,

9e,f2,60,40,4a,69,be,73,18,21,80,41,9e,26,ca,76,01,73,bc,8c,33,d6,e5,a3,88,\

"rkeysecu"=hex:bb,99,c2,b0,96,01,dc,a8,1e,60,1a,1a,86,2a,f3,2c

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-08-14 08:37:35

ComboFix-quarantined-files.txt 2011-08-14 07:37

ComboFix2.txt 2011-07-21 06:39

.

Pre-Run: 93,202,755,584 bytes free

Post-Run: 94,115,483,648 bytes free

.

- - End Of File - - CCA125A8F11B1AF3078C3F0F006283A5

Share this post


Link to post
Share on other sites

Hi,

That's odd. Attach this file to your next reply:

C:\qoobox\quarantine\c\program files (x86)\Steam\steam.exe.vir

Which version of Firefox are you running?

Share this post


Link to post
Share on other sites

Hi,

I am consulting with my colleagues and will be back with you as soon as possible. We appreciate you patience.

In the meantime, have you considered contacting Mozilla's support about this issue with their software? I do not believe this is malware-related.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    Firefox.exe


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

Thank you, I do appreciate all your hard work.

When I tried running that program I was issued with a prompt, 'Script Required!'. It wouldn't run as a result.

Share this post


Link to post
Share on other sites

Did you copy and paste the code as instructed??

Like I said, the script wouldn't run.

Share this post


Link to post
Share on other sites

Hi,

Please try once more, and post a screenshot of the entire screen right before clicking Look. Post it here.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.