I am infected

painrage · October 19, 2011

I'm about to wipe everything down to CMOS, but I use avast and pretty much all of Iobits products and no one is picking up whats on my computer. So I thought if there is anything that some one wants to try to find this bug i'll be a good lab partner.

why i think i have a virus: my computer shut it self off when i tried to delete cookies several times. There are suspicious programs showing up on the parental block list for another account. Internetexplorer 9 kept having the internet options button locked (i'd click the button and IE would freeze) and these problems came back after i fixed them theres a million buggy things i noticed, but i thought these where some keypoints. if any ones interested just tell me what u need my cpu info is the report off the analyz function offf of game boost so it's all there i hope

Melvin_Deal · October 19, 2011

Welcome here!!

Your post should have been made in the spyware malware removal section of this forum. I have sent a link to superdave so that he may assist you with this. You should go to the spyware malware section and read the guidelines concerning how to provide the malware fighting team here the information we need to assist you.

-Sincerely,

Mel

This is a link to the thread you need to read: http://forums.iobit.com/showthread.php?t=6216

painrage · October 19, 2011

ty

Your post should have been made in the spyware malware removal section of this forum. I have sent a link to superdave so that he may assist you with this. You should go to the spyware malware section and read the guidelines concerning how to provide the malware fighting team here the information we need to assist you.

-Sincerely,

Mel

This is a link to the thread you need to read: http://forums.iobit.com/showthread.php?t=6216

ty i was in a bit of a rush when i decided try to fight back rather than just wipe everything. hoping i could learn a few things along the way

enoskype · October 19, 2011

Hi guys, we are at the right location NOW! :-D

Let's hope Superdave will take over.

Cheers.

Melvin_Deal · October 19, 2011

Thanks Enoskype!

Hi again painrage... Enoskype has moved your thread to the right location. I am not qualified to help you personally in this particular problem at this time, even though I am listed as a malware fighter. Superdave will assist you when he can. Its important that you follow the guidelines listed in the thread I provided you... they serve as a baseline on which effective assistance may be provided. So please execute the instructions as provided!

You will have to perform a series of carefully implemented instructions and post accordingly. Sometimes this can take some time. Its good that you did not wipe everything! What a pain in the ***, and all the loss if you're not backing up properly! Be patient and thorough with what you do!

Live long and prosper!

-Mel

painrage · October 19, 2011

I'm in the process of going through the steps right now I don't have 360 though I use avast and Iobits malware fighter, as well as the advance care and game booster. I think i just got the malware fighter a little to late though. I just figured this bug on my computer is wierd because it's been persistant and i couldn't find any mention of the computer shutting down when attempting to delet cookies on google.

will the DDS by sUBs still work with out 360?

painrage · October 19, 2011

Here are the atatchments thanks for your time.

DDS.txt

Attach.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by jessie palacky at 20:29:35 on 2011-10-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.5964 [GMT -7:00]

.

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\IObit\Game Booster\gbtray.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Pandora\Pandora.exe

C:\Users\jessie palacky\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\DllHost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.msn.com

uSearchAssistant = hxxp://www.google.com/ie

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe

uRun: [Google Update] "C:\Users\jessie palacky\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

StartupFolder: C:\Users\JESSIE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Pandora.lnk - C:\Program Files (x86)\Pandora\Pandora.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: devry.edu\lab

Trusted Zone: ecollege.com\chat.next

Trusted Zone: localhost

Trusted Zone: openSession('LaunchJoinSession.ed')

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://devryonline.webex.com/client/T27L10NSP25/webex/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0B452A08-9E5A-4B30-8EAD-38BDF29AD5DE} : DhcpNameServer = 192.168.42.129

TCP: Interfaces\{DA913B41-1980-4AEB-ABBE-308823E610B9} : DhcpNameServer = 192.168.1.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\system32\DRIVERS\nm3.sys --> C:\Windows\system32\DRIVERS\nm3.sys [?]

R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-7-29 328536]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-9 44768]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-9-9 127192]

R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-8-10 820568]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-8-10 20336]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-8-10 33184]

R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-8-10 21872]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-8 136176]

S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-8 136176]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?]

S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys --> C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [?]

S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?]

S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys --> C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TEK-VISAUSBTMC;Tek-VISA USBTMC driver;C:\Windows\system32\Drivers\TekUsb.sys --> C:\Windows\system32\Drivers\TekUsb.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

.

=============== Created Last 30 ================

.

2011-10-19 03:13:19 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8267DB22-6B30-45EE-9672-A981FD78B815}\offreg.dll

2011-10-19 03:12:41 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{0499E0BF-6BD1-44B1-908D-00CD937B8D14}

2011-10-19 03:12:24 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{D3ED9A7F-4C97-41E8-9A40-F6BDC929E099}

2011-10-18 22:32:01 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{10C89D5A-743E-46C8-9E22-CE9D067A9077}

2011-10-18 06:04:27 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8267DB22-6B30-45EE-9672-A981FD78B815}\mpengine.dll

2011-10-18 05:41:42 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{F4D90013-6F08-41C3-AF1D-18F3D6A6AF40}

2011-10-18 05:41:07 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{71D1B1E4-8F2E-4603-917E-C5F1DE056B82}

2011-10-18 03:42:07 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2011-10-18 03:42:07 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2011-10-18 03:42:06 613376 ----a-w- C:\Windows\System32\vbscript.dll

2011-10-18 03:42:06 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-10-17 17:32:29 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{EB2D295E-A553-4055-84A9-36B77B6B3E5E}

2011-10-17 17:32:18 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{1396872A-8791-49E5-9E6F-885B1044BDCD}

2011-10-17 03:03:27 -------- d-----w- C:\Users\jessie palacky\AppData\Local\Logitech

2011-10-17 03:02:37 22408 ----a-w- C:\Windows\System32\drivers\LGBusEnum.sys

2011-10-17 03:02:37 16008 ----a-w- C:\Windows\System32\drivers\LGVirHid.sys

2011-10-17 03:02:35 374792 ----a-w- C:\Windows\System32\drivers\UMDF\lgSSQVGA.dll

2011-10-17 03:02:35 157704 ----a-w- C:\Windows\System32\drivers\UMDF\lgSSBW.dll

2011-10-17 03:02:33 79432 ----a-w- C:\Windows\System32\ladfGSRCoinst_amd64.dll

2011-10-17 03:02:33 410184 ----a-w- C:\Windows\System32\drivers\ladfGSCamd64.sys

2011-10-17 03:02:33 341832 ----a-w- C:\Windows\System32\drivers\ladfGSRamd64.sys

2011-10-17 03:02:31 -------- d-----w- C:\Program Files\Logitech Gaming Software

2011-10-17 02:50:05 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{C4F73FD4-802B-43B9-B2EC-83C237CC353F}

2011-10-17 02:49:39 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{8A73B4BF-8363-4DD7-A534-5CB18D19FA5A}

2011-10-15 16:01:27 -------- d-----w- C:\Users\jessie palacky\AppData\Local\Logishrd

2011-10-15 11:33:15 -------- d-----w- C:\sfzone_profile

2011-10-15 11:15:14 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{C5E2BA52-4F90-4404-8D14-54CD28467E9C}

2011-10-15 11:14:59 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{D960DA68-46DE-412C-8129-74DEFBE4D348}

2011-10-09 14:55:39 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{2BDE66EB-A55C-4EBB-B001-C87701E3D6C7}

2011-10-09 02:55:12 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{49ED2337-D5F3-45E2-A1B1-7E6231651CB9}

2011-10-08 14:54:42 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{F3D0D459-2F79-4F1D-B84F-3D27CE6305A9}

2011-10-08 05:31:09 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd

2011-10-08 05:31:09 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys

2011-10-08 05:31:08 -------- d-----w- C:\Program Files\Common Files\INCA Shared

2011-10-08 04:55:55 -------- d-----w- C:\Program Files (x86)\GamesCampus

2011-10-08 04:38:32 1384399313 ----a-w- C:\Program Files (x86)\asda2setup_110728_en.exe

2011-10-08 04:37:45 -------- d-----w- C:\Users\jessie palacky\AppData\Local\PMB Files

2011-10-08 04:37:44 -------- d-----w- C:\ProgramData\PMB Files

2011-10-08 04:37:36 -------- d-----w- C:\Program Files (x86)\Pando Networks

2011-10-08 02:54:18 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{33A92164-A33C-4ACC-8CBD-B07F8F6C5C51}

2011-10-07 16:54:32 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-10-07 14:53:42 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{F45E3360-6FEE-4D0D-A3DB-E067E5D071E0}

2011-10-07 14:53:25 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{EDAF909F-B8DD-4EE9-B9DA-8177204694A6}

2011-10-07 02:52:59 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{8EC3AF77-6DB7-47E3-BEC4-0CE2EC3EB4FB}

2011-10-07 02:52:48 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{FBD0F283-844F-4311-BD10-E6A1F7926F75}

2011-10-07 02:52:37 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{85CB5CD0-A31A-4F92-86DB-5BD9031825F8}

2011-10-06 14:52:06 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{04DA68BA-3174-4799-A8D7-79AC4BD556CF}

2011-10-06 02:51:35 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{BB4D2F32-9BAF-44A5-B866-59F7F04D8B5E}

2011-10-06 02:51:20 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{C68D64A3-40FC-4646-8365-2880360E2E5C}

2011-10-05 20:47:10 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-10-05 20:46:29 -------- d-----w- C:\Users\jessie palacky\AppData\Local\IsolatedStorage

2011-10-05 20:46:28 -------- d-----w- C:\Users\jessie palacky\AppData\Local\Futuremark_Corporation

2011-10-05 14:50:52 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{0134128E-8B87-4D9C-8505-DE6880826AA1}

2011-10-05 02:50:25 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{28392DAA-6880-446E-8752-B16DD8F9F3CC}

2011-10-04 14:49:52 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{11FD26C1-C85C-454D-A31E-8BD9FCF395DC}

2011-10-04 02:49:21 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{FE715DD7-C2E3-4BE7-8975-EE111F921400}

2011-10-04 02:49:06 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{FF7937E0-28C7-45B7-BE46-36CBF20A78C1}

2011-10-03 14:48:12 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{A3C67454-8EC2-4436-AE41-AF0943D44DAC}

2011-10-03 02:47:41 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{C41FE229-15F7-414C-AC8C-CAE7202EA1BE}

2011-10-02 14:47:00 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{EFB2F233-0132-4757-9C3E-005F8141EAB4}

2011-10-02 02:46:20 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{3267296D-5165-44DE-BF57-C16B3493E63C}

2011-10-01 14:45:42 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{E29F065A-CC6A-4DEF-ABD9-D9EA0D034BFF}

2011-10-01 14:45:24 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{282597C5-CC4A-4663-AFFF-C33EE5EF9AF5}

2011-10-01 02:44:53 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{F4DD510E-8FD4-4C08-B6F9-4C8DE4317FD9}

2011-10-01 02:44:43 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{2D3349CF-CE95-4E7E-A733-452E9CF61EE4}

2011-10-01 02:44:32 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{E655BF6B-8152-4312-8D56-12645CA63637}

2011-10-01 02:44:18 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{11B208DB-3976-4DF0-B16F-588F32A2320E}

2011-09-30 14:43:51 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{CA4FF8E8-5BD1-4B2D-A4A6-24A0180A52EF}

2011-09-30 14:43:31 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{7F7D05E0-BBE8-45A9-9F3C-25AEB3BAC0EF}

2011-09-30 02:43:05 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{E1B2044C-F2E0-4704-8CD3-38BC6F854056}

2011-09-29 14:42:33 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{20EB89CA-DF49-416C-BCE5-EB956074833A}

2011-09-29 14:42:16 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{7B42BF63-4931-409B-86BB-1A5DD642FDA0}

2011-09-29 02:41:50 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{4DDABC2F-BC10-418B-A093-6B09624472FE}

2011-09-29 02:41:30 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{DA9A7E6E-16FD-4124-BA4E-285DC8C6EC22}

2011-09-28 14:41:03 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{F1514817-9AA9-4340-9186-68175BD15092}

2011-09-28 14:40:48 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{1A5C504D-D6F8-4528-B6D3-032953D51064}

2011-09-28 02:40:21 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{5CC025FA-3527-46F3-AF43-A83679565A0D}

2011-09-28 02:39:53 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{51DBCA25-6462-48D3-8720-27732089AD18}

2011-09-27 14:39:26 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{49093C64-9E8A-4BD5-BF96-CA4973747550}

2011-09-27 14:39:09 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{9DA9F005-2785-403E-8CE3-B558DE6A8EE8}

2011-09-27 02:38:42 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{7CCEFBC5-68EE-40FD-A338-A042282BBB36}

2011-09-26 14:38:02 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{8A291529-2E6A-4EF7-8B28-D86F833E5728}

2011-09-26 14:37:42 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{80E7BABD-DD4E-4268-979C-8D665E9FBEA7}

2011-09-26 02:37:11 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{F5D83C18-D5C3-4B7C-A1D4-1E86FAD58D5E}

2011-09-25 14:36:36 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{9AE54FEF-617E-4115-8ED9-E91DE31D8323}

2011-09-25 14:36:16 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{306C69B4-DF01-44ED-9F08-953DD43D83CE}

2011-09-25 02:35:40 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{1B35E197-8E59-4F1A-9634-6572FA91E566}

2011-09-24 14:34:59 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{515C833F-EF50-4956-BBA8-666853A297EC}

2011-09-24 14:34:39 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{A58C0500-85A2-44CB-B8F6-E0502E942B65}

2011-09-24 02:34:06 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{9C8F2175-6BC0-44CB-9A50-166C88F4746F}

2011-09-24 02:33:36 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{C326C543-DA39-4F8D-BC36-00990E9B989C}

2011-09-23 14:33:07 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{CD2B1A2C-E602-48A5-95BF-1E47CA4B99B0}

2011-09-23 14:32:52 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{86F15A17-0460-499F-BAE7-B23F78957BE3}

2011-09-23 14:32:36 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{09768697-281B-4523-B4F5-54DC8C1E9A6B}

2011-09-23 02:29:13 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{F8097175-0907-4615-ABC1-7B30E1C117FC}

2011-09-22 16:18:56 -------- d--h--w- C:\Windows\AxInstSV

2011-09-22 14:28:27 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{EBBFA836-4D7C-4C9E-B6D3-75433538D6BA}

2011-09-22 14:28:10 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{B951672F-5636-43F8-9369-39D7B15B72F1}

2011-09-22 02:27:43 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{677A6668-3066-435C-9553-4610AC42EFF6}

2011-09-22 02:27:26 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{701DCF1B-F1B0-4AB3-974E-5F340516AA5A}

2011-09-21 14:26:50 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{CABE6821-8E20-4560-9BB3-2BD4C8E5FF19}

2011-09-21 14:26:31 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{8C260AD5-8F77-407B-9481-DC0C8E0DB1E8}

2011-09-21 02:25:58 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{4E21C7CA-153E-4CC9-BC9A-1686F64FBF6E}

2011-09-21 02:25:42 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{5A159A00-A7F4-445B-B30B-FD301FAEAF44}

2011-09-20 14:25:09 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{0FC98A36-A16D-42F9-9FC7-1CAEEB83985D}

2011-09-20 14:24:44 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{73CE1775-0AF3-4D6C-B69D-C185A9A9C8D0}

2011-09-20 02:24:15 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{B21A1537-DC7A-4A51-86B9-A0D76D8DDA09}

2011-09-20 02:23:59 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{2591B2E8-9F50-49D3-9346-5CAF6A3F2D42}

2011-09-19 14:23:26 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{BC33B3C7-FE1A-4015-ABD3-7F4ABF70B6B6}

2011-09-19 14:23:09 -------- d-----w- C:\Users\jessie palacky\AppData\Local\{07F6950F-73CE-4CAB-80DC-8A7315FBD148}

.

==================== Find3M ====================

.

2011-10-15 16:01:20 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-14 18:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-09-14 18:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-09-14 18:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll

2011-09-14 18:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll

2011-09-14 18:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll

2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll

2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll

2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe

2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll

2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll

2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr

2011-09-06 20:39:00 140120 ----a-w- C:\Windows\System32\drivers\aswFW.sys

2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-09-06 20:37:45 258392 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys

2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-08-30 21:47:11 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2011-08-30 21:46:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-25 03:19:10 56320 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2011-08-25 03:18:30 13601280 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-19 23:33:16 27992 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe

2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-08-17 01:46:02 3056360 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2011-08-16 21:43:16 2518120 ----a-w- C:\Windows\System32\RtPgEx64.dll

2011-08-16 21:43:14 3200104 ----a-w- C:\Windows\System32\RtkAPO64.dll

2011-08-15 23:47:14 93800 ----a-w- C:\Windows\System32\RCoInst64.dll

2011-08-12 19:27:04 626264 ----a-w- C:\Windows\System32\MBTHX64.dll

2011-08-12 19:27:00 561240 ----a-w- C:\Windows\SysWow64\MBTHX32.dll

2011-08-12 04:22:09 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-05 19:27:38 24576 ----a-w- C:\Windows\System32\drivers\FlyUsb.sys

2011-07-31 07:35:48 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2011-07-31 07:35:46 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2011-07-29 21:46:56 1827944 ----a-w- C:\Windows\System32\RtkApi64.dll

2011-07-28 07:55:14 2604376 ----a-w- C:\Windows\System32\WavesGUILib.dll

2011-07-28 07:55:08 2132824 ----a-w- C:\Windows\System32\MaxxAudioEQ.dll

2011-07-23 02:35:22 1247848 ----a-w- C:\Windows\System32\RTCOM64.dll

.

============= FINISH: 20:33:25.95 ===============

painrage · October 19, 2011

Here are the atatchments thanks for your time.

DDS.txt

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume4

Install Date: 3/22/2011 12:38:35 PM

System Uptime: 10/18/2011 8:09:46 PM (0 hours ago)

.

Motherboard: Gateway | | H57M01

Processor: Intel® Core i7 CPU 860 @ 2.80GHz | CPU 1 | 2801/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1863 GiB total, 1451.574 GiB free.

D: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.

E: is FIXED (NTFS) - 1381 GiB total, 1210.699 GiB free.

F: is CDROM ()

H: is Removable

I: is Removable

J: is FIXED (NTFS) - 298 GiB total, 297.627 GiB free.

K: is Removable

M: is Removable

N: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: USB Mass Storage Device

Device ID: USB\VID_03F0&PID_C602&MI_02\7&2C25F21F&0&0002

Manufacturer: Compatible USB storage device

Name: USB Mass Storage Device

PNP Device ID: USB\VID_03F0&PID_C602&MI_02\7&2C25F21F&0&0002

Service: USBSTOR

.

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}

Description: PS/2 Keyboard

Device ID: ACPI\PNP0303\4&F457971&0

Manufacturer: Logitech

Name: PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&F457971&0

Service: i8042prt

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: PS/2 Mouse

Device ID: ACPI\PNP0F03\4&F457971&0

Manufacturer: Logitech

Name: PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&F457971&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP217: 10/17/2011 8:05:19 PM - Windows Modules Installer

RP218: 10/17/2011 8:21:15 PM - Windows Update

RP219: 10/17/2011 8:29:59 PM - Windows Update

RP220: 10/17/2011 8:34:42 PM - Windows Update

RP221: 10/17/2011 8:36:17 PM - Windows Update

RP222: 10/17/2011 8:38:07 PM - Windows Modules Installer

RP223: 10/17/2011 8:43:26 PM - Windows Update

RP224: 10/17/2011 8:55:26 PM - Windows Modules Installer

RP225: 10/17/2011 10:46:01 PM - Windows Modules Installer

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.5

Advanced SystemCare 4

Amazon MP3 Downloader 1.0.12

Apple Application Support

Apple Software Update

Asda2

ATI Catalyst Registration

avast! Internet Security

Beat Hazard

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

CCC Help English

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Curse Client

D3DX10

Dead Island

Dead Space 2

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Deus Ex: Human Revolution

E.Y.E: Divine Cybermancy

eReg

EVE Online (remove only)

F.E.A.R.

F.E.A.R. 2: Project Origin

F.E.A.R.: Extraction Point

F.E.A.R.: Perseus Mandate

Fallout 3 - Game of the Year Edition

Fallout 3 - The Garden of Eden Creation Kit

Fallout Mod Manager 0.13.21

Forsaken World

Fraps (remove only)

Game Booster 3

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

GraphCalc v4.0.1

IObit Malware Fighter

Java Auto Updater

Java 6 Update 27

LeapFrog Connect

LeapFrog Tag Plugin

Logitech Harmony Remote Software 7

Machinarium

Mass Effect

Mass Effect 2

Microsoft Easy Assist v2

Microsoft Games for Windows - LIVE Redistributable

Microsoft Mathematics Add-in (32-bit)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft XNA Framework Redistributable 4.0

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA PhysX

OpenChoice PC Communication Software

OpenChoice TekVISA

Pando Media Booster

Pandora

Picasa 3

Portal

Portal 2

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

RIFT

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2584066)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Smart Defrag 2

Solar 2

Steam

Stellarium 0.10.6.1

TeamSpeak 3 Client

TekVISA USB-TMC

TheMatrix Screen Saver version 1.14

TI Connect 1.6

TurboTax Audit Support Center 3.0

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Outlook Social Connector (KB2583935)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

VitalSource Bookshelf

WebEx

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

10/18/2011 8:24:23 PM, Error: Service Control Manager [7023] - The Windows Live Family Safety Service service terminated with the following error: %%-2147024894

10/18/2011 8:11:28 PM, Error: Microsoft-Windows-GroupPolicy [1096] - The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.

10/17/2011 8:36:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.

10/17/2011 4:54:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

10/17/2011 4:23:43 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

10/17/2011 12:44:01 PM, Error: LEqdUsb [12289] - WDF call failed.

10/17/2011 10:54:37 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running.

10/17/2011 10:54:07 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/17/2011 10:53:57 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/17/2011 10:49:03 PM, Error: Service Control Manager [7034] - The LeapFrog Connect Device Service service terminated unexpectedly. It has done this 1 time(s).

10/16/2011 3:17:09 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.

10/16/2011 10:16:00 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {022105BD-948A-40C9-AB42-A3300DDF097F}. The error: "786" Happened while starting this command: "C:\Users\jessie palacky\AppData\Local\Google\Update\GoogleUpdate.exe" -Embedding

10/15/2011 4:52:39 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}. The error: "786" Happened while starting this command: C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe -Embedding

10/15/2011 2:41:41 PM, Error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Melvin_Deal · October 19, 2011

Good job!

Its ok you don't have IS360... we need to change that instruction. Keep up the good work! Your system is cluttered and confused. I am looking at your logs and deferring to someone more qualified than I.

Thanks!!

-Mel

painrage · October 19, 2011

first step logs

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 10/18/2011 at 10:52 PM

Application Version : 5.0.1134

Core Rules Database Version : 7815

Trace Rules Database Version: 5627

Scan type : Quick Scan

Total Scan Time : 00:02:58

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

Memory items scanned : 833

Memory threats detected : 0

Registry items scanned : 60249

Registry threats detected : 0

File items scanned : 10505

File threats detected : 4

Adware.Tracking Cookie

C:\USERS\JESSIE PALACKY\AppData\Roaming\Microsoft\Windows\Cookies\Low\YK9YS4LD.txt [ Cookie:jessie palacky@r1-ads.ace.advertising.com/ ]

C:\USERS\JESSIE PALACKY\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z5IDE3VE.txt [ Cookie:jessie palacky@advertising.com/ ]

C:\USERS\JESSIE PALACKY\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q5UGMKEN.txt [ Cookie:jessie palacky@revsci.net/ ]

C:\USERS\JESSIE PALACKY\AppData\Roaming\Microsoft\Windows\Cookies\Low\CTFA96XW.txt [ Cookie:jessie palacky@kontera.com/ ]

Malwarebytes' Anti-Malware 1.51.2.1300

http://www.malwarebytes.org

Database version: 7977

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/19/2011 12:26:35 AM

mbam-log-2011-10-19 (00-26-35).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|H:\|I:\|J:\|K:\|M:\|N:\|P:\|)

Objects scanned: 477278

Time elapsed: 1 hour(s), 10 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

painrage · October 19, 2011

ComboFix 11-10-19.03 - jessie palacky 10/19/2011 6:42.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.5349 [GMT -7:00]

Running from: c:\users\jessie palacky\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\asda2setup_110728_en.exe

.

((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))

.

2011-10-19 13:54 . 2011-10-19 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-19 06:14 . 2011-10-19 06:14 -------- d-----w- c:\users\jessie palacky\AppData\Roaming\Malwarebytes

2011-10-19 06:13 . 2011-10-19 06:13 -------- d-----w- c:\programdata\Malwarebytes

2011-10-19 06:13 . 2011-10-19 06:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-19 06:13 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-19 06:00 . 2011-10-19 14:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8267DB22-6B30-45EE-9672-A981FD78B815}\offreg.dll

2011-10-19 05:49 . 2011-10-19 05:49 -------- d-----w- c:\users\jessie palacky\AppData\Roaming\SUPERAntiSpyware.com

2011-10-19 05:48 . 2011-10-19 05:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-10-19 05:48 . 2011-10-19 05:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-10-18 06:04 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8267DB22-6B30-45EE-9672-A981FD78B815}\mpengine.dll

2011-10-17 03:03 . 2011-10-17 03:03 -------- d-----w- c:\users\jessie palacky\AppData\Local\Logitech

2011-10-17 03:02 . 2011-10-17 03:02 22408 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys

2011-10-17 03:02 . 2011-10-17 03:02 16008 ----a-w- c:\windows\system32\drivers\LGVirHid.sys

2011-10-17 03:02 . 2011-10-17 03:02 374792 ----a-w- c:\windows\system32\drivers\UMDF\lgSSQVGA.dll

2011-10-17 03:02 . 2011-10-17 03:02 157704 ----a-w- c:\windows\system32\drivers\UMDF\lgSSBW.dll

2011-10-17 03:02 . 2011-10-17 03:02 79432 ----a-w- c:\windows\system32\ladfGSRCoinst_amd64.dll

2011-10-17 03:02 . 2011-10-17 03:02 410184 ----a-w- c:\windows\system32\drivers\ladfGSCamd64.sys

2011-10-17 03:02 . 2011-10-17 03:02 341832 ----a-w- c:\windows\system32\drivers\ladfGSRamd64.sys

2011-10-17 03:02 . 2011-10-17 03:02 -------- d-----w- c:\program files\Logitech Gaming Software

2011-10-17 02:51 . 2011-10-17 02:51 -------- d-----w- c:\program files\Logitech

2011-10-15 16:01 . 2011-10-15 16:01 -------- d-----w- c:\users\jessie palacky\AppData\Local\Logishrd

2011-10-15 11:33 . 2011-10-15 11:36 -------- d-----w- C:\sfzone_profile

2011-10-08 05:31 . 2005-01-04 09:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys

2011-10-08 05:31 . 2003-07-20 18:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd

2011-10-08 05:31 . 2011-10-08 05:31 -------- d-----w- c:\program files\Common Files\INCA Shared

2011-10-08 04:55 . 2011-10-08 04:55 -------- d-----w- c:\program files (x86)\GamesCampus

2011-10-08 04:37 . 2011-10-19 13:55 -------- d-----w- c:\users\jessie palacky\AppData\Local\PMB Files

2011-10-08 04:37 . 2011-10-08 04:38 -------- d-----w- c:\programdata\PMB Files

2011-10-08 04:37 . 2011-10-08 04:37 -------- d-----w- c:\program files (x86)\Pando Networks

2011-10-07 16:54 . 2011-10-07 16:54 -------- d-----w- c:\programdata\ATI

2011-10-07 16:54 . 2011-10-07 16:54 -------- d-----w- c:\program files (x86)\AMD APP

2011-10-05 20:47 . 2011-10-05 20:47 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2011-10-05 20:46 . 2011-10-05 20:46 -------- d-----w- c:\users\jessie palacky\AppData\Local\IsolatedStorage

2011-10-05 20:46 . 2011-10-05 20:46 -------- d-----w- c:\users\jessie palacky\AppData\Local\Futuremark_Corporation

2011-09-22 16:18 . 2011-09-22 16:18 -------- d--h--w- c:\windows\AxInstSV

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-15 16:01 . 2011-03-25 17:19 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-09-14 18:47 . 2011-09-14 18:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll

2011-09-14 18:47 . 2011-09-14 18:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll

2011-09-14 18:47 . 2011-09-14 18:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll

2011-09-14 18:38 . 2011-09-14 18:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll

2011-09-14 18:38 . 2011-09-14 18:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll

2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll

2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll

2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-09-08 17:34 . 2011-01-27 06:00 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll

2011-09-08 17:32 . 2011-01-27 05:59 862720 ----a-w- c:\windows\system32\aticfx64.dll

2011-09-08 17:30 . 2011-07-08 03:25 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe

2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe

2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll

2011-09-08 17:28 . 2011-07-08 03:23 423424 ----a-w- c:\windows\system32\atipdl64.dll

2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll

2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll

2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll

2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll

2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2011-09-08 17:24 . 2011-01-27 05:49 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll

2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2011-09-08 17:18 . 2011-01-27 05:32 3888640 ----a-w- c:\windows\system32\atiumd6a.dll

2011-09-08 17:16 . 2011-01-27 05:40 4944896 ----a-w- c:\windows\system32\atidxx64.dll

2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll

2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll

2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll

2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll

2011-09-08 17:00 . 2011-01-27 05:22 5428736 ----a-w- c:\windows\system32\atiumd64.dll

2011-09-08 16:59 . 2011-01-27 05:20 58880 ----a-w- c:\windows\system32\coinst.dll

2011-09-08 16:53 . 2011-07-08 02:47 381952 ----a-w- c:\windows\system32\atiadlxx.dll

2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll

2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll

2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll

2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-09-08 16:52 . 2011-01-27 05:12 40960 ----a-w- c:\windows\system32\atiuxp64.dll

2011-09-08 16:51 . 2011-01-27 05:12 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2011-09-08 16:51 . 2011-01-27 05:12 38912 ----a-w- c:\windows\system32\atiu9p64.dll

2011-09-08 16:51 . 2011-07-08 02:45 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll

2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2011-09-06 20:45 . 2011-03-22 21:21 41184 ----a-w- c:\windows\avastSS.scr

2011-09-06 20:45 . 2011-03-22 21:21 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-09-06 20:45 . 2011-03-22 21:22 254400 ----a-w- c:\windows\system32\aswBoot.exe

2011-09-06 20:39 . 2011-03-22 21:22 140120 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-09-06 20:38 . 2011-03-22 21:22 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:38 . 2011-03-22 21:22 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:37 . 2011-03-22 21:22 258392 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-09-06 20:36 . 2011-03-22 21:22 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2011-03-22 21:22 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2011-03-22 21:22 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 20:36 . 2011-03-22 21:22 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-06 03:03 . 2011-08-13 05:06 3138048 ----a-w- c:\windows\system32\win32k.sys

2011-08-30 21:47 . 2011-08-30 21:47 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-30 21:46 . 2011-08-30 21:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-08-27 05:37 . 2011-08-13 05:06 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 05:37 . 2011-08-13 05:06 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-08-27 04:26 . 2011-08-13 05:06 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-27 04:26 . 2011-08-13 05:06 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-08-25 03:19 . 2011-08-25 03:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2011-08-25 03:18 . 2011-08-25 03:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll

2011-08-19 23:33 . 2011-08-31 06:32 27992 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-08-17 05:26 . 2011-08-13 05:06 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-08-17 05:25 . 2011-08-13 05:06 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-08-17 04:24 . 2011-08-13 05:06 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-08-17 04:19 . 2011-08-13 05:06 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-08-17 01:46 . 2011-08-23 22:02 3056360 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2011-08-16 21:43 . 2011-08-23 22:02 2518120 ----a-w- c:\windows\system32\RtPgEx64.dll

2011-08-16 21:43 . 2011-08-19 21:06 3200104 ----a-w- c:\windows\system32\RtkAPO64.dll

2011-08-15 23:47 . 2011-08-23 22:02 93800 ----a-w- c:\windows\system32\RCoInst64.dll

2011-08-15 05:40 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-12 19:27 . 2011-08-19 21:06 626264 ----a-w- c:\windows\system32\MBTHX64.dll

2011-08-12 19:27 . 2011-08-23 22:02 561240 ----a-w- c:\windows\SysWow64\MBTHX32.dll

2011-08-12 04:22 . 2011-05-16 01:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-05 19:27 . 2011-08-05 19:27 24576 ----a-w- c:\windows\system32\drivers\FlyUsb.sys

2011-07-31 07:35 . 2011-07-31 07:35 71680 ----a-w- c:\windows\system32\frapsv64.dll

2011-07-31 07:35 . 2011-07-31 07:35 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

2011-07-29 21:46 . 2011-08-23 22:02 1827944 ----a-w- c:\windows\system32\RtkApi64.dll

2011-07-28 07:55 . 2011-08-23 22:02 2604376 ----a-w- c:\windows\system32\WavesGUILib.dll

2011-07-28 07:55 . 2011-08-23 22:02 2132824 ----a-w- c:\windows\system32\MaxxAudioEQ.dll

2011-07-23 02:35 . 2011-08-23 22:02 1247848 ----a-w- c:\windows\system32\RTCOM64.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-08 3077528]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]

"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2011-10-09 4441944]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-13 304568]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

.

c:\users\jessie palacky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Pandora.lnk - c:\program files (x86)\Pandora\Pandora.exe [2011-3-22 142848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 136176]

R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 136176]

R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [x]

R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [x]

R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [x]

R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]

R3 TEK-VISAUSBTMC;Tek-VISA USBTMC driver;c:\windows\system32\Drivers\TekUsb.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-10-09 20336]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-09-06 127192]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-09 820568]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]

S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 17:43]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 17:43]

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2518139368-4259536424-1302243345-1000Core.job

- c:\users\jessie palacky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-01 02:51]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2518139368-4259536424-1302243345-1000UA.job

- c:\users\jessie palacky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-01 02:51]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\system32\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

Trusted Zone: devry.edu\lab

Trusted Zone: ecollege.com\chat.next

Trusted Zone: localhost

Trusted Zone: openSession('LaunchJoinSession.ed')

TCP: DhcpNameServer = 192.168.1.1

DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab

DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v420.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files (x86)\IObit\Game Booster\gbtray.exe

c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

.

**************************************************************************

.

Completion time: 2011-10-19 07:17:50 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-19 14:17

.

Pre-Run: 1,562,215,505,920 bytes free

Post-Run: 1,562,156,494,848 bytes free

.

- - End Of File - - EBC944D45F8E6ADBABFABE6497465CCF

painrage · October 19, 2011

ok i see these are a problem

2011-10-08 05:31 . 2005-01-04 09:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys

2011-10-08 05:31 . 2003-07-20 18:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd

can i just delete them?

Superdave · October 19, 2011

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Download OTL to your desktop.

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

:OTL

Trusted Zone: devry.edu\lab
Trusted Zone: ecollege.com\chat.next
Trusted Zone: localhost
Trusted Zone: openSession('LaunchJoinSession.ed')
BHO-X64: AcroIEHelperStub - No File
BHO-X64: URLRedirectionBHO - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

***************************************************

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1

Link # 2

If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

painrage · October 19, 2011

logs

ComboFix 11-10-19.06 - jessie palacky 10/19/2011 13:56:08.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6129 [GMT -7:00]

Running from: c:\users\jessie palacky\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))

.

2011-10-19 21:22 . 2011-10-19 21:22 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8267DB22-6B30-45EE-9672-A981FD78B815}\offreg.dll

2011-10-19 21:18 . 2011-10-19 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-19 19:56 . 2011-10-19 19:56 -------- d-----w- C:\_OTL