[A] Unnamed virus disrupting network connections

Inactive
By Serrath
Dec 7, 2011
Topic Status:
Not open for further replies.
  1. First off, thank you for your time.

    Recently (about three days ago) I noticed that I was having trouble with a particular game. World of Warcraft. I would frequently disconnect from the game or experience severe lag. This was strange to me because each time I would still be able to actively chat with people in the game and no other part of my internet connection was disrupted (VoIP software worked, web browsing worked, etc). I thought this might have simply been a problem with my ISP connecting with the game's servers and thought nothing of it.

    Yesterday, I started receiving random popup windows for a website called blinx. I ran my Windows Defender (which had been disabled without my knowledge) and it found many virus files. I proceeded to "clean" my computer.

    Today, things are running fine for a few hours and then my game crashes. I am unable to actually log into WoW (it will not pass the "Connecting" prompt). My internet browsing has slowed to a snail's pace. I have verified other computers connected to the internet are not having this same issue. I ran Windows Defender AND Malware Bytes and neither are finding any bad files. It's like I'm fighting a ghost.

    I'm frustrated and have tried everything in my knowledge to address this situation. I'm not even sure what to look for at this point. Your help is greatly appreciated.

    Malware Bytes Logs:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8326

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    12/7/2011 12:33:09 AM
    mbam-log-2011-12-07 (00-33-09).txt

    Scan type: Quick scan
    Objects scanned: 170307
    Time elapsed: 2 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    MWB Attach:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/30/2010 4:13:43 PM
    System Uptime: 12/7/2011 12:21:58 AM (0 hours ago)
    .
    Motherboard: Intel Corporation | | DP55KG
    Processor: Intel(R) Core(TM) i7 CPU K 875 @ 2.93GHz | LGA 1156 | 2934/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 49.113 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 2795 GiB total, 2743.433 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP248: 9/26/2011 1:09:07 PM - Windows Update
    RP249: 9/28/2011 12:43:14 AM - Windows Update
    RP250: 10/1/2011 7:11:01 PM - Windows Update
    RP251: 10/2/2011 1:10:13 PM - Installed DirectX
    RP252: 10/5/2011 6:24:31 PM - Windows Update
    RP253: 10/5/2011 8:46:28 PM - Installed DirectX
    RP254: 10/7/2011 6:17:04 PM - Installed DirectX
    RP255: 10/9/2011 11:08:12 AM - Windows Update
    RP256: 10/11/2011 5:02:50 PM - Installed DirectX
    RP257: 10/12/2011 12:38:28 PM - Windows Update
    RP258: 10/12/2011 8:56:22 PM - Windows Update
    RP259: 10/16/2011 11:04:13 AM - Windows Update
    RP260: 10/19/2011 12:41:13 PM - Windows Update
    RP261: 10/24/2011 4:54:41 PM - Windows Update
    RP262: 10/25/2011 11:01:05 PM - Windows Update
    RP263: 10/26/2011 6:16:19 PM - Installed Java(TM) SE Development Kit 7 Update 1 (64-bit)
    RP264: 10/26/2011 6:17:09 PM - Installed Java(TM) 7 Update 1 (64-bit)
    RP265: 10/30/2011 2:17:39 PM - Windows Update
    RP266: 11/3/2011 4:51:21 PM - Installed DirectX
    RP267: 11/4/2011 12:17:19 PM - Windows Update
    RP268: 11/6/2011 6:47:22 PM - Installed Mumble 1.2.3
    RP269: 11/7/2011 12:52:14 PM - Windows Update
    RP270: 11/9/2011 12:17:00 AM - Windows Update
    RP271: 11/10/2011 1:19:49 PM - Windows Update
    RP272: 11/11/2011 1:14:27 PM - Installed DirectX
    RP273: 11/13/2011 12:49:06 AM - Windows Update
    RP274: 11/16/2011 12:58:56 PM - Windows Update
    RP275: 11/20/2011 12:21:14 PM - Windows Update
    RP276: 11/23/2011 2:18:30 PM - Windows Update
    RP277: 11/25/2011 2:54:16 PM - CheckIfInstallerIsBusy
    RP278: 11/25/2011 2:55:25 PM - Windows Live Essentials
    RP279: 11/25/2011 2:55:41 PM - Installed DirectX
    RP280: 11/25/2011 2:55:52 PM - Installed DirectX
    RP281: 11/25/2011 2:56:27 PM - WLSetup
    RP282: 11/28/2011 3:55:23 AM - Windows Update
    RP283: 12/1/2011 12:33:35 PM - Windows Update
    RP284: 12/5/2011 12:56:34 PM - Windows Update
    RP285: 12/6/2011 11:52:39 PM - Restore Operation
    RP286: 12/6/2011 11:59:20 PM - Windows Update
    RP287: 12/7/2011 12:13:21 AM - Removed LogMeIn Hamachi
    .
    ==== Installed Programs ======================
    .
    Acronis True Image OEM
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader X (10.1.0)
    Android SDK Tools
    AVS Update Manager 1.0
    AVS Video Converter 7
    AVS4YOU Software Navigator 1.4
    Bastion
    BitTorrent
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    CCC Help English
    Colonization - www.classic-gaming.net
    Curse Client
    D3DX10
    Dead Island
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diablo II
    Dragon Age II
    Dragon Age: Origins
    Dungeon Defenders Demo
    Dungeons - Demo
    Dungeons of Dredmor
    Dyyno Broadcaster
    EA Download Manager
    Fallout: New Vegas
    Fraps (remove only)
    Half-Life 2
    Heroes of Might and Magic V
    Heroes of Might and Magic V: Hammers of Fate
    Heroes of Might and Magic V: Tribes of the East
    Intel(R) Desktop Control Center
    Java Auto Updater
    Java(TM) 6 Update 23
    King's Bounty: Armored Princess
    King's Bounty: Crossworlds
    King's Bounty: The Legend
    League of Legends
    Left 4 Dead 2
    Magicka
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Mass Effect 2
    Master of Orion 1 and 2
    Medieval II: Total War
    Medieval II: Total War Kingdoms
    Microsoft .NET Framework 1.1
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Might and Magic Heroes VI Demo
    Might and Magic: Clash of Heroes - Demo
    Mozilla Firefox (3.6.24)
    MSVCRT
    Mumble 1.2.3
    NETGEAR WNA3100 wireless USB 2.0 adapter
    Neverwinter Nights 2: Platinum
    NVIDIA PhysX
    oZone3D.Net FurMark v1.8.2
    Pando Media Booster
    Plants vs. Zombies: Game of the Year
    Portal
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Excel 2010 (KB2553070)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Sid Meier's Alpha Centauri
    Sid Meier's Civilization 4 Complete
    Sid Meier's Civilization IV Colonization
    Sid Meier's Civilization V
    Skype™ 5.5
    Star Trek Online
    StarCraft II
    Steam
    Team Fortress 2
    Terraria
    The Elder Scrolls V: Skyrim
    The Sims™ 3
    Torchlight
    Total War: SHOGUN 2
    Tropico 3 - Steam Special Edition
    Tropico 3: Absolute Power
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Warcraft III
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR 4.01 (32-bit)
    World of Logs Client
    World of Logs Client (4.2)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/7/2011 12:05:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/7/2011 12:05:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/7/2011 12:05:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/7/2011 12:04:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: James-PC\James Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/7/2011 12:04:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: James-PC\James Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/7/2011 12:04:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: James-PC\James Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/7/2011 12:04:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: James-PC\James Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/7/2011 12:03:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/7/2011 12:03:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/7/2011 12:03:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/7/2011 12:03:01 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: James-PC\James Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/7/2011 12:03:01 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: James-PC\James Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/7/2011 12:03:01 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: James-PC\James Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/7/2011 12:03:01 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: James-PC\James Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/7/2011 12:02:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: James-PC\James Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/7/2011 12:02:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: James-PC\James Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/7/2011 12:02:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: James-PC\James Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/7/2011 12:02:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...1.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: James-PC\James Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee2 Error description: The operation timed out
    12/7/2011 12:01:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/7/2011 12:01:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/7/2011 12:01:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.651.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/6/2011 8:38:50 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/6/2011 11:29:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/4/2011 11:30:04 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/3/2011 12:12:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/2/2011 6:15:25 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    11/30/2011 6:04:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    .
    ==== End Of File ===========================

    I attempted to obtain gmer but every source I could locate it refuses to load the web page. I will attempt this from another computer tomorrow.

    DDS File:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
    Run by James at 0:40:15 on 2011-12-07
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4086.2489 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
    C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyServer = http=127.0.0.1:50182
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Dyyno Launcher] "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{129542A8-304C-4AE7-BC56-27B44BD733CD} : DhcpNameServer = 192.168.200.1
    TCP: Interfaces\{240D2216-8AA9-4801-9162-99F4508A5496} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{54ED844B-91C1-44AB-96EA-808B2B936608} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{54ED844B-91C1-44AB-96EA-808B2B936608}\131364850373032333937393 : DhcpNameServer = 192.168.200.1
    TCP: Interfaces\{54ED844B-91C1-44AB-96EA-808B2B936608}\352474635383033424 : DhcpNameServer = 209.18.47.61 209.18.47.62
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\0zlnu1zs.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50182
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: XUL Cache: {4079cc9e-3bc6-4113-a566-4a93580c062a} - %profile%\extensions\{4079cc9e-3bc6-4113-a566-4a93580c062a}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-1-10 415072]
    R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBios.sys [2010-2-3 30384]
    R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2011-7-29 285152]
    R2 XTUService;Intel(R) Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-2-19 22280]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-07 05:29:48 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-12-07 05:29:36 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-12-07 05:06:21 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E70C6A0-254C-4A76-BCE3-923E61E42C03}\offreg.dll
    2011-12-07 05:06:15 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E70C6A0-254C-4A76-BCE3-923E61E42C03}\mpengine.dll
    2011-12-06 03:14:49 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes
    2011-12-06 03:14:41 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-12-06 03:14:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-25 20:02:08 -------- d-----w- C:\Users\James\AppData\Local\{9FBC2537-C9F2-475A-BE03-804A77F3FD07}
    2011-11-25 20:01:45 -------- d-----w- C:\Users\James\AppData\Local\{1217F13C-B26D-4372-A251-EC8772955E6B}
    2011-11-25 20:00:34 -------- d-----w- C:\Windows\en
    2011-11-25 19:55:48 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\389cbd181ccabac04\DSETUP.dll
    2011-11-25 19:55:48 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\389cbd181ccabac04\DXSETUP.exe
    2011-11-25 19:55:48 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\389cbd181ccabac04\dsetup32.dll
    2011-11-25 19:55:40 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\35133af61ccabac03\DSETUP.dll
    2011-11-25 19:55:40 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\35133af61ccabac03\DXSETUP.exe
    2011-11-25 19:55:40 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\35133af61ccabac03\dsetup32.dll
    2011-11-25 19:55:07 -------- d-----w- C:\Users\James\AppData\Local\Windows Live
    2011-11-25 19:55:07 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2011-11-25 06:59:41 -------- d-----w- C:\Program Files (x86)\AMD APP
    2011-11-22 07:00:48 -------- d-----w- C:\Program Files (x86)\GOGcom
    2011-11-11 23:09:46 -------- d-----w- C:\Users\James\AppData\Local\Skyrim
    2011-11-08 20:38:52 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-08 20:38:52 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-08 20:38:51 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-08 20:38:50 3144704 ----a-w- C:\Windows\System32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2011-10-26 22:17:23 627600 ----a-w- C:\Windows\System32\deployJava1.dll
    2011-10-26 03:05:10 10496512 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-10-26 02:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2011-10-26 02:21:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2011-10-26 02:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll
    2011-10-26 02:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll
    2011-10-26 02:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-10-26 02:20:42 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-10-26 02:16:06 24866816 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-10-26 02:06:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-10-26 02:05:58 748544 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-10-26 02:04:28 892416 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-10-26 02:01:46 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-10-26 02:01:36 517120 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-10-26 02:00:58 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-10-26 01:59:48 18757120 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-10-26 01:59:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-10-26 01:59:22 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-10-26 01:59:16 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-10-26 01:59:04 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-10-26 01:58:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-10-26 01:58:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-10-26 01:58:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-10-26 01:55:48 4292096 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-10-26 01:46:12 5041664 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-10-26 01:43:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-10-26 01:43:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-10-26 01:43:12 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-10-26 01:38:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-10-26 01:38:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-10-26 01:38:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-10-26 01:38:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-10-26 01:38:08 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-10-26 01:35:38 4353536 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-10-26 01:34:56 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-10-26 01:32:30 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-10-26 01:29:32 5510144 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-10-26 01:29:24 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-10-26 01:22:38 486912 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-10-26 01:22:30 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-10-26 01:22:20 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-10-26 01:22:16 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-10-26 01:22:16 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-10-26 01:22:12 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-10-26 01:22:06 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-10-26 01:21:58 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-10-26 01:21:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-10-26 01:21:06 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-10-26 01:21:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-10-26 01:20:52 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-10-26 01:20:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-14 15:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
    2011-09-14 15:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-09-14 15:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
    2011-09-14 15:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
    .
    ============= FINISH: 0:40:50.62 ===============

    Again, any insight would be helpful. I feel helpless at this point. :(
  2. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.