Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure???


  • This topic is locked This topic is locked
9 replies to this topic

#1 egv

egv

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 02 January 2012 - 12:59 PM

I started having parsing errors in photoshop acr that I haven't had before. AFter doing some research, testing my ram and harddrive, I have come to the conclusion that it must be some infection. Any help you can give would be greatly appreciated!!!!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_12
Run by Owner at 11:51:33 on 2012-01-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16382.13125 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\Garmin\Training Center\gStart.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.evphotostx.net/
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5928BD6F-EC97-8663-1C19-CC32AA99E4AF} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe
uRun: [3OCYBnN6NA] control.exe "C:\Program Files (x86)\ZAJjWwLJ8Z1\3OCYBnN6NA.cpl",0,1
uRun: [AdobeBridge]
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{82DDBE1E-3C3E-4841-A24E-F3CBE74B600A} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5928BD6F-EC97-8663-1C19-CC32AA99E4AF} - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
BHO-X64: Norton Safe Web Lite BHO - No File
BHO-X64: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB-X64: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\69pwruhd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.evphotostx.net/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf179b53d-7537-4414-bb55-7ff569e46f80%7D&mid=3a6beecb36d047d1b1dc6de783ce5177-a41964700aff18e3430990773509f65755104f97&ds=AVG&v=9.0.0.22&lang=en&pr=fr&d=2011-10-27%2014%3A29%3A09&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-21 1156216]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20111228.001\IDSviA64.sys [2011-12-28 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-2-17 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-2-17 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-6-29 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-19 365568]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-13 55936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2011-12-9 109056]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-2-24 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-2-24 128512]
R2 JuniperAccessService;Juniper Unified Network Service;C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2011-2-4 198000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-30 652872]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [2011-5-9 130008]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2011-11-2 66560]
R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2011-2-22 130000]
R2 PDFSFilter;PDFSFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys --> C:\Windows\system32\DRIVERS\PDFsFilter.sys [?]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 ubsbm;Unibrain 1394 SBM Driver;C:\Windows\system32\DRIVERS\ubsbm.sys --> C:\Windows\system32\DRIVERS\ubsbm.sys [?]
R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\Windows\system32\DRIVERS\ubumapi.sys --> C:\Windows\system32\DRIVERS\ubumapi.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Spyder3;Datacolor Spyder3;C:\Windows\system32\DRIVERS\Spyder3.sys --> C:\Windows\system32\DRIVERS\Spyder3.sys [?]
R3 ubohci;Unibrain 1394 OHCI Driver;C:\Windows\system32\DRIVERS\ubohci.sys --> C:\Windows\system32\DRIVERS\ubohci.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-2-21 401920]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-13 136616]
.
=============== Created Last 30 ================
.
2012-01-02 15:50:57 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7D0919A-0E1F-431E-8E28-5177042308AC}\offreg.dll
2012-01-01 20:06:22 -------- d-----w- C:\Users\Owner\DoctorWeb
2012-01-01 18:50:21 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7D0919A-0E1F-431E-8E28-5177042308AC}\mpengine.dll
2011-12-30 16:34:31 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-12-30 09:04:46 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-30 08:56:36 -------- d-s---w- C:\ComboFix
2011-12-30 07:55:14 -------- d-----w- C:\MGtools
2011-12-30 07:19:07 98816 ----a-w- C:\Windows\sed.exe
2011-12-30 07:19:07 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-30 07:19:07 256000 ----a-w- C:\Windows\PEV.exe
2011-12-30 07:19:07 208896 ----a-w- C:\Windows\MBR.exe
2011-12-30 07:11:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2011-12-30 07:10:46 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-30 07:10:46 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-30 07:10:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-30 07:08:00 2447081 ----a-w- C:\MGtools(1).exe
2011-12-29 03:53:02 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2011-12-29 03:53:02 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2011-12-29 03:53:02 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2011-12-29 03:53:02 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2011-12-29 03:53:01 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2011-12-29 03:53:01 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2011-12-29 03:53:01 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2011-12-29 03:53:01 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2011-12-29 03:53:00 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2011-12-29 03:53:00 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2011-12-29 03:53:00 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2011-12-29 03:53:00 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2011-12-29 03:10:39 17961 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires II\Crack.exe
2011-12-29 02:58:46 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2011-12-24 21:56:13 -------- d-----w- C:\ProgramData\Innovative Solutions
2011-12-24 21:10:18 92160 ----a-w- C:\Windows\System32\drivers\UBUMAPI.sys
2011-12-24 21:10:18 24064 ----a-w- C:\Windows\System32\drivers\UBSBM.sys
2011-12-24 21:10:18 132608 ----a-w- C:\Windows\System32\drivers\ubohci.sys
2011-12-24 21:10:17 187392 ----a-w- C:\Windows\System32\drivers\UB1394.sys
2011-12-24 20:56:57 -------- d-----w- C:\Users\Owner\AppData\Local\Innovative Solutions
2011-12-24 19:46:27 -------- d-----w- C:\Program Files\CCleaner
2011-12-15 15:20:02 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-12-14 23:12:31 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2011-12-14 23:12:31 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2011-12-14 22:51:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 22:51:34 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 22:51:25 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 22:51:19 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 22:51:16 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 22:51:16 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-10 02:39:42 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2011-12-10 01:44:18 962612 ----a-w- C:\Windows\SysWow64\mfc42d.dll
2011-12-10 01:44:18 434252 ----a-w- C:\Windows\SysWow64\MSVCRTD.DLL
2011-12-08 05:08:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\com.adobe.DC3Module.AdobeADC
2011-12-08 03:30:46 158056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-12-07 18:04:24 75200 ----a-w- C:\Windows\System32\libusb0.dll
2011-12-07 18:04:24 67008 ----a-w- C:\Windows\SysWow64\libusb0.dll
2011-12-07 18:04:24 43456 ----a-w- C:\Windows\System32\drivers\libusb0.sys
2011-12-06 19:47:22 -------- d-----w- C:\Program Files (x86)\SpeedFan
2011-12-05 22:23:43 -------- d-----w- C:\ProgramData\Tiffen
2011-12-05 22:23:29 -------- d-----w- C:\Program Files\Tiffen
2011-12-05 22:19:39 -------- d-----w- C:\Program Files (x86)\Common Files\Simple Adblock
2011-12-05 19:01:47 -------- d-----w- C:\Users\Owner\AppData\Roaming\PotPlayerMini64
2011-12-05 19:01:47 -------- d-----w- C:\Users\Owner\AppData\Local\Daum
2011-12-05 19:01:18 -------- d-----w- C:\Program Files\DAUM
.
==================== Find3M ====================
.
2011-12-02 03:55:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-30 17:44:02 10497024 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-11-30 17:19:56 24887808 ----a-w- C:\Windows\System32\atio6axx.dll
2011-11-30 17:03:50 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-11-30 17:03:36 749568 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-11-30 17:01:54 893440 ----a-w- C:\Windows\System32\aticfx64.dll
2011-11-30 16:58:56 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-11-30 16:58:40 517120 ----a-w- C:\Windows\System32\atieclxx.exe
2011-11-30 16:58:02 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-11-30 16:58:00 18829312 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-11-30 16:56:46 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-11-30 16:56:26 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-11-30 16:56:20 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-11-30 16:56:08 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-11-30 16:56:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-11-30 16:55:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-11-30 16:55:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-11-30 16:51:20 4327936 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-11-30 16:40:50 5079552 ----a-w- C:\Windows\System32\atidxx64.dll
2011-11-30 16:33:46 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-11-30 16:33:14 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-11-30 16:33:02 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-11-30 16:31:18 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-11-30 16:31:16 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-11-30 16:31:06 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-11-30 16:31:04 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-11-30 16:30:52 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-11-30 16:28:56 4356096 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-11-30 16:27:02 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-11-30 16:24:58 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-11-30 16:22:08 5512704 ----a-w- C:\Windows\System32\atiumd64.dll
2011-11-30 16:20:04 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-11-30 16:14:14 486912 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-11-30 16:14:06 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-11-30 16:13:52 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-11-30 16:13:48 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-11-30 16:13:48 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-11-30 16:13:44 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-11-30 16:13:36 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-11-30 16:13:28 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-11-30 16:12:38 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-11-30 16:12:30 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-11-30 16:12:24 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-11-30 16:12:16 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-11-30 16:11:38 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-11-30 16:11:14 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-11-30 16:11:14 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-11-30 16:11:08 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-11-30 16:11:08 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-11-15 20:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-25 02:15:32 66560 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
2011-10-25 02:15:32 66560 ----a-w- C:\Windows\System32\nlssrv32.exe
2011-10-13 17:02:05 410984 ------w- C:\Windows\SysWow64\deploytk.dll
.
============= FINISH: 11:52:02.74 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:49 PM

Posted 07 January 2012 - 11:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#3 egv

egv
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 08 January 2012 - 11:25 PM

Ran combofix and it stopped working and I got this error..

Commandline Standard Stream Splitter has Stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.



Security Check info

Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spyder3Pro
SpywareBlaster 4.5
Java™ 6 Update 12
Java version out of date!
Adobe Reader X (10.1.1)
Mozilla Firefox 8.0.1 Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
``````````End of Log````````````

Thanks for your help!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:49 PM

Posted 09 January 2012 - 09:52 AM

Commandline Standard Stream Splitter has Stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.


Go to this page.

http://windows7themes.net/disable-windows-data-execution-prevention-in-windows-7-vista.html

Open the Data Execution Prevention tab on your computer.

Make sure that the Turn On DEP for essential Windows programs.... is selected.

Press the Apply button.

Try to run ComboFix now.

Post the log if you can.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 12


===

#5 egv

egv
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 09 January 2012 - 12:13 PM

both options in Data Execution Prevention tab are grayed out.

#6 egv

egv
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 09 January 2012 - 12:47 PM

got it to work....
txt attached

ComboFix 12-01-09.03 - Owner 01/09/2012 11:31:53.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16382.13916 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\windows\system32\java.exe
c:\windows\SysWow64\local.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-12-09 to 2012-01-09 )))))))))))))))))))))))))))))))
.
.
2012-01-09 17:39 . 2012-01-09 17:39 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-01-09 17:39 . 2012-01-09 17:39 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-01-09 17:39 . 2012-01-09 17:39 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-01-09 17:37 . 2012-01-09 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-06 15:47 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8E5943C-31EC-4C28-A5BF-BD6A01BD16A0}\mpengine.dll
2012-01-03 04:26 . 2012-01-03 04:26 -------- d-----w- c:\users\Owner\New folder
2012-01-01 20:06 . 2012-01-01 20:06 -------- d-----w- c:\users\Owner\DoctorWeb
2011-12-30 16:34 . 2011-12-30 16:34 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-30 09:04 . 2011-12-30 09:04 -------- d-----w- c:\program files (x86)\ESET
2011-12-30 07:55 . 2011-12-30 08:00 -------- d-----w- C:\MGtools
2011-12-30 07:11 . 2011-12-30 07:11 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-12-30 07:10 . 2012-01-09 15:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-30 07:10 . 2011-12-30 07:10 -------- d-----w- c:\programdata\Malwarebytes
2011-12-30 07:10 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-29 03:53 . 2010-06-02 10:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-12-29 03:53 . 2010-06-02 10:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2011-12-29 03:53 . 2010-06-02 10:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2011-12-29 03:53 . 2010-06-02 10:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-12-29 03:53 . 2010-06-02 10:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2011-12-29 03:53 . 2010-06-02 10:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-12-29 03:53 . 2010-05-26 17:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-12-29 03:53 . 2010-05-26 17:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2011-12-29 03:53 . 2010-05-26 17:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-12-29 03:53 . 2010-05-26 17:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2011-12-29 03:53 . 2010-05-26 17:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-12-29 03:53 . 2010-05-26 17:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2011-12-29 02:58 . 2011-12-29 02:58 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-12-24 21:56 . 2011-12-24 21:56 -------- d-----w- c:\programdata\Innovative Solutions
2011-12-24 21:10 . 2011-09-13 22:35 92160 ----a-w- c:\windows\system32\drivers\UBUMAPI.sys
2011-12-24 21:10 . 2011-09-13 22:35 24064 ----a-w- c:\windows\system32\drivers\UBSBM.sys
2011-12-24 21:10 . 2011-09-13 22:35 132608 ----a-w- c:\windows\system32\drivers\ubohci.sys
2011-12-24 21:10 . 2011-09-13 22:35 187392 ----a-w- c:\windows\system32\drivers\UB1394.sys
2011-12-24 20:56 . 2011-12-24 20:56 -------- d-----w- c:\users\Owner\AppData\Local\Innovative Solutions
2011-12-24 19:46 . 2011-12-24 19:46 -------- d-----w- c:\program files\CCleaner
2011-12-15 15:20 . 2011-11-21 04:04 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-12-14 23:12 . 2008-01-04 19:34 11832 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-12-14 23:12 . 2008-01-04 19:34 10216 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2011-12-14 22:51 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 22:51 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 22:51 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 22:51 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 22:51 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 22:51 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 08:00 . 2011-12-30 07:55 392577 ----a-w- C:\MGlogs.zip
2011-12-08 03:30 . 2011-12-08 03:30 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-12-07 18:04 . 2011-12-07 18:04 75200 ----a-w- c:\windows\system32\libusb0.dll
2011-12-07 18:04 . 2011-12-07 18:04 67008 ----a-w- c:\windows\SysWow64\libusb0.dll
2011-12-07 18:04 . 2011-12-07 18:04 43456 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-12-02 03:55 . 2011-11-08 02:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-30 17:19 . 2011-05-25 03:53 24887808 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-30 17:03 . 2011-07-08 03:29 749568 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-30 17:01 . 2010-10-27 08:54 893440 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-30 16:58 . 2011-07-08 03:25 517120 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-30 16:58 . 2011-07-08 03:25 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-30 16:51 . 2011-07-08 03:19 4327936 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-30 16:40 . 2010-10-27 08:38 5079552 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-30 16:28 . 2011-07-08 03:00 4356096 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-30 16:24 . 2011-07-08 02:55 4189184 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-30 16:20 . 2010-10-27 08:15 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-30 16:14 . 2011-05-25 02:26 486912 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-30 16:13 . 2011-05-25 02:26 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-30 16:13 . 2011-05-25 02:25 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-30 16:12 . 2010-10-27 08:13 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-30 16:12 . 2011-07-08 02:46 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-30 16:12 . 2011-05-25 02:24 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-15 20:29 . 2011-02-16 18:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-25 02:15 . 2011-11-02 21:46 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
2011-10-25 02:15 . 2011-11-02 21:46 66560 ----a-w- c:\windows\system32\nlssrv32.exe
2011-10-13 17:02 . 2011-10-13 17:02 410984 ------w- c:\windows\SysWow64\deploytk.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 18:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-12-09 18:51 3911776 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\program files (x86)\Garmin\Training Center\gStart.exe" [2008-08-13 1891416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2010-7-26 7667970]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"AmazonGSDownloaderTray"=c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
"CPMonitor"="c:\program files (x86)\Roxio 2011\5.0\CPMonitor.exe"
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QFan Help"="c:\program files\ASUS\Ai Suite\QFan4\FanHelp.exe"
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe"
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe"
"Seagate Dashboard"=c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.1;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-11-14 1156216]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120106.002\IDSvia64.sys [2011-08-23 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-08-04 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-08-04 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-18 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-20 365568]
S2 AODDriver4.1;AODDriver4.1;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-14 55936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2011-02-04 198000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-10-25 66560]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2010-11-24 130000]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys [x]
S2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [x]
S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-04-01 15:50]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4100472628-1273909507-579357203-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-21 22:36]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4100472628-1273909507-579357203-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-21 22:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.evphotostx.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\69pwruhd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.evphotostx.net/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf179b53d-7537-4414-bb55-7ff569e46f80%7D&mid=3a6beecb36d047d1b1dc6de783ce5177-a41964700aff18e3430990773509f65755104f97&ds=AVG&v=9.0.0.22&lang=en&pr=fr&d=2011-10-27%2014%3A29%3A09&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{5928BD6F-EC97-8663-1C19-CC32AA99E4AF} - (no file)
Wow6432Node-HKCU-Run-3OCYBnN6NA - c:\program files (x86)\ZAJjWwLJ8Z1\3OCYBnN6NA.cpl
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4100472628-1273909507-579357203-1000\Software\SecuROM\License information*]
"datasecu"=hex:90,bd,47,f2,3b,3d,96,5c,80,92,3c,6c,04,f5,e8,f3,c6,72,98,12,62,
95,0b,60,b6,d0,46,25,b1,a6,15,d9,78,89,ac,8d,61,a9,b4,f2,b9,2b,da,e6,5f,03,\
"rkeysecu"=hex:bc,4c,e7,63,77,54,65,6c,18,7f,f7,b2,89,9d,86,92
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
c:\windows\DAODx.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
.
**************************************************************************
.
Completion time: 2012-01-09 11:43:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-09 17:43
.
Pre-Run: 439,605,456,896 bytes free
Post-Run: 439,585,873,920 bytes free
.
- - End Of File - - 43F266BF085A7B9D16679CBD1A4D69A9

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:49 PM

Posted 10 January 2012 - 09:39 AM

Your log is clean.

Any remaining issues with this computer?

#8 egv

egv
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 10 January 2012 - 02:40 PM

I'll check and let you know. What software do you recommend I should have installed on computer for best prevention?

Thanks!!

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:49 PM

Posted 11 January 2012 - 08:44 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:49 PM

Posted 17 January 2012 - 10:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users