1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System Fix Virus Cleanup - Still Having Issues

Discussion in 'Virus & Other Malware Removal' started by Strave19, Dec 13, 2011.

Thread Status:
Not open for further replies.
  1. Strave19

    Strave19 Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    3
    Hi there,

    I'm using Win 7 - 64bit. I got the system fix virus a week or so ago. I ended up unplugging from the internet when I realized something was wrong and troubleshooting from a laptop. The computer was unusable for awhile but I was finally able to use rkill to stop the program from jamming up my computer. Finally used malawarebytes to clean it up but still having some issues with what I suspect is a rootkit issue. I tried several programs suggested on bleepingcomputer.com to remove rootkits with no avail. My computer is functional now and the actual system fix nonsense is gone, but something is still off. Google and websites are redirecting and I'm only connecting online when necessary just to be safe...

    Below is hijackthis log - I renamed hijackthis.exe to applesauce.exe ... fyi :rolleyes:
    I also ran combofix b/c I was following the suggestions for someone with a similar problem on this site - before realizing that its probably too specific to solve that way, I'll go ahead and post that log too in a sec.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:51:41 PM, on 12/12/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16766)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Windows\DAODx.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\ASUS\TweakIt\TWeakIt.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Sam\Desktop\Applesauce.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [TweakIt Help] "C:\Program Files (x86)\ASUS\TweakIt\TweakIt.exe" -r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RadeonPro Support Service - Mr. John aka japamd - C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 10841 bytes
     
  2. Strave19

    Strave19 Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    3
    Here is the combofix log.
    This took forever to run and it kept warning me that I had Symantec and MSE running. I disabled symantec and could not even find MSE on my computer though I used to have it... It could be there but I couldnt find it in the task manager or anywhere. System fix did a number on my computer though so it may be hidden or moved somewhere or something.

    ComboFix 11-12-12.02 - Sam 12/12/2011 20:42:56.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6795 [GMT -8:00]
    Running from: c:\users\Sam\Desktop\Gotcha.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Sam\AppData\Local\ges.exe
    c:\users\Sam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    c:\users\Sam\AppData\Roaming\mm
    c:\users\Sam\AppData\Roaming\mm\cache\.cache
    c:\users\Sam\AppData\Roaming\mm\cache\ImageLoader\0D51E9900D2C17AA30F9D5B537BA8FCE
    c:\users\Sam\AppData\Roaming\mm\cache\ImageLoader\50C29A0817DA15706DF4BEF40A633D15
    c:\users\Sam\AppData\Roaming\mm\cache\ImageLoader\B12F48B9073487D3847A2187C557EEE1
    c:\users\Sam\AppData\Roaming\mm\cache\ImageLoader\F722CF962F4FCDC6D9D98B6BDE3E35D8
    c:\users\TEMP.Salmon-PC.001\prfD4FA.tmp
    c:\users\TEMP.Salmon-PC\prfC3CB.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-13 to 2011-12-13 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-13 05:21 . 2011-12-13 05:21 -------- d-----w- c:\users\TEMP.Salmon-PC\AppData\Local\temp
    2011-12-13 05:21 . 2011-12-13 05:21 -------- d-----w- c:\users\TEMP.Salmon-PC.001\AppData\Local\temp
    2011-12-13 05:21 . 2011-12-13 05:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-13 05:21 . 2011-12-13 05:21 -------- d-----w- c:\users\Sam1\AppData\Local\temp
    2011-12-13 05:21 . 2011-12-13 05:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-12-13 04:16 . 2011-12-13 05:25 -------- d-----w- C:\32788R22FWJFW
    2011-12-13 01:44 . 2011-12-13 01:44 -------- d-----w- c:\program files (x86)\Western Digital
    2011-12-05 23:12 . 2011-12-05 23:12 -------- d-----w- c:\program files (x86)\ESET
    2011-12-05 21:36 . 2011-12-05 21:36 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes
    2011-12-05 21:35 . 2011-12-05 21:35 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-05 21:35 . 2011-12-05 21:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-30 06:04 . 2011-12-01 06:14 -------- d-----w- c:\users\Sam\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
    2011-11-29 01:20 . 2011-11-29 01:20 -------- d-----w- c:\users\Sam\AppData\Roaming\runic games
    2011-11-14 22:56 . 2011-11-14 22:56 -------- d-----w- c:\users\Sam\AppData\Roaming\Wargaming.Net
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-11 01:02 . 2011-09-28 13:26 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-09 03:09 . 2010-07-29 23:25 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-11-09 03:09 . 2009-12-25 18:35 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-11-09 03:08 . 2009-12-25 18:35 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-09-16 03:18 . 2009-12-25 18:35 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TweakIt Help"="c:\program files (x86)\ASUS\TweakIt\TweakIt.exe" [2009-03-14 817152]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-17 1302528]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-11-13 141600]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-10-30 115560]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "MSIAfterburner"="c:\program files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" [2010-06-07 44344]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]
    "AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "NUSB3MON"="c:\program files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AmbFilt64;AmbFilt64;c:\windows\system32\drivers\Ambfilt64.sys [x]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-05 354304]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
    S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
    S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [2011-02-10 12800]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 138360]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-06-07 14648]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602215695-2090005817-924741249-1001Core.job
    - c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-21 01:36]
    .
    2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602215695-2090005817-924741249-1001UA.job
    - c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-21 01:36]
    .
    2011-11-19 c:\windows\Tasks\Norton Security Scan for Sam.job
    - c:\progra~2\NORTON~2\Engine\311~1.6\Nss.exe [2011-06-13 15:22]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ip3tpmy1.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Battlefield Heroes Updater: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: vShare Plugin: [email protected] - %profile%\extensions\[email protected]
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
    SafeBoot-Symantec Antvirus
    AddRemove-BattlEye - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
    AddRemove-PunkBusterSvc - c:\program files (x86)\steam\steamapps\common\red orchestra 2\Binaries\Win32\pbsvc_hos.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-602215695-2090005817-924741249-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:b7,47,43,76,e2,e3,83,48,33,ee,87,e6,06,ca,bf,b9,f8,cf,81,be,8f,18,05,
    89,20,f4,18,7f,0d,f1,b8,52,b3,bc,a7,c1,f3,d0,e1,80,7d,eb,a4,87,d8,ea,40,db,\
    "??"=hex:77,ef,20,6e,ce,02,d9,aa,29,0a,c0,41,c3,5f,95,81
    .
    [HKEY_USERS\S-1-5-21-602215695-2090005817-924741249-1001\Software\SecuROM\License information*]
    "datasecu"=hex:8b,ec,3c,6c,88,0c,91,41,df,60,32,9b,be,35,08,c2,84,d4,53,3d,d2,
    1b,59,25,d8,a4,e1,fd,fe,c9,19,e4,20,6c,7e,24,f1,e6,e1,0d,bd,6c,6d,b8,ff,79,\
    "rkeysecu"=hex:12,27,39,41,e2,83,05,80,7a,fa,21,ee,2f,20,1f,e1
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    c:\windows\DAODx.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
    c:\program files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-12 21:48:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-13 05:47
    .
    Pre-Run: 169,003,503,616 bytes free
    Post-Run: 176,607,571,968 bytes free
    .
    - - End Of File - - C82F369453FA945FF3A463308D67429D
     
  3. Strave19

    Strave19 Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    3
    DDS LOG:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Run by Sam at 22:16:58 on 2011-12-12
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6028 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\DAODx.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\ASUS\TweakIt\TWeakIt.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    mRun: [TweakIt Help] "C:\Program Files (x86)\ASUS\TweakIt\TweakIt.exe" -r
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [NUSB3MON] "C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{04385EFE-F853-47B8-9D3B-A4F2E9504E87} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{F1B51121-C210-47D6-8935-48F4CE851694} : DhcpNameServer = 76.85.229.110 76.85.229.111
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [TweakIt Help] "C:\Program Files (x86)\ASUS\TweakIt\TweakIt.exe" -r
    mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun-x64: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\ip3tpmy1.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Battlefield Heroes Updater: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: vShare Plugin: [email protected] - %profile%\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-7-3 401920]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-4 354304]
    R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-25 90112]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]
    R2 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2011-3-1 12800]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-10-30 2477304]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-8 138360]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-6-6 14648]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AmbFilt64;AmbFilt64;C:\Windows\system32\drivers\Ambfilt64.sys --> C:\Windows\system32\drivers\Ambfilt64.sys [?]
    S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
    S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
    S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
    S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
    S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-13 04:31:44 98816 ----a-w- C:\Windows\sed.exe
    2011-12-13 04:31:44 518144 ----a-w- C:\Windows\SWREG.exe
    2011-12-13 04:31:44 256000 ----a-w- C:\Windows\PEV.exe
    2011-12-13 04:31:44 208896 ----a-w- C:\Windows\MBR.exe
    2011-12-13 04:30:36 -------- d-----w- C:\Gotcha
    2011-12-13 01:44:04 -------- d-----w- C:\Program Files (x86)\Western Digital
    2011-12-05 23:12:30 -------- d-----w- C:\Program Files (x86)\ESET
    2011-12-05 21:36:24 -------- d-----w- C:\Users\Sam\AppData\Roaming\Malwarebytes
    2011-12-05 21:35:46 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-12-05 21:35:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-30 06:04:45 -------- d-----w- C:\Users\Sam\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
    2011-11-29 01:20:17 -------- d-----w- C:\Users\Sam\AppData\Roaming\runic games
    2011-11-14 22:56:18 -------- d-----w- C:\Users\Sam\AppData\Roaming\Wargaming.Net
    .
    ==================== Find3M ====================
    .
    2011-11-11 01:02:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-09 03:09:17 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-11-09 03:09:17 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-11-09 03:08:59 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-09-16 03:18:27 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    .
    ============= FINISH: 22:24:34.65 ===============
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1031013

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice