TechSpot

Internet Explorer popup's

By azndrift14
Aug 8, 2011
  1. The problem has started yesterday, I thought it was fine. It popups random internet explorer windows, with either a page that can't connect or some other random things. I don't use Internet explorer, only Mozilla firefox.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot!


    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  3. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7412

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    8/8/2011 2:56:28 PM
    mbam-log-2011-08-08 (14-56-28).txt

    Scan type: Quick scan
    Objects scanned: 165921
    Time elapsed: 2 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Users\Tony\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
     
  4. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
    Run by Tony at 15:18:16 on 2011-08-08
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2701 [GMT -4:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe
    C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Giraffic\Giraffic.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\FREEzeFlip\bin\1.0.4.0\FREEzeFlipSA.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110704&user_guid=79F4008CF2C64054A2F04EF1A2590E4D&machine_id=6a3b8dc841fb21b650ba48842970d962&browser=IE&os=win&os_version=6.1-x64-SP1
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
    BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tony\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [tr_winamp] C:\Program Files (x86)\Winamp\Winamp.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [FREEzeFlipSA] "C:\Program Files (x86)\FREEzeFlip\bin\1.0.4.0\FREEzeFlipSA.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Download all by FlashGet3 - C:\Users\Tony\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - C:\Users\Tony\AppData\Roaming\FlashGetBHO\GetUrl.htm
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{0DC78849-C325-456D-9B47-E9E84275A777} : DhcpNameServer = 192.168.1.1
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO-X64: StartNowToolbarHelper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tony\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    BHO-X64: FlashGetBHO - No File
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [(Default)]
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [FREEzeFlipSA] "C:\Program Files (x86)\FREEzeFlip\bin\1.0.4.0\FREEzeFlipSA.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\xe6xjo8q.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110704&user_guid=79F4008CF2C64054A2F04EF1A2590E4D&machine_id=6a3b8dc841fb21b650ba48842970d962&browser=FF&os=win&os_version=6.1-x64-SP1&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-7-22 1151096]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110805.030\IDSviA64.sys [2011-8-5 488056]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-5-24 365568]
    R2 Giraffic;Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe --service [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-8 366640]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-7-15 130008]
    R2 Toolbar Updater Service;Toolbar Updater Service;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-3-24 199904]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-29 136824]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 AdobeARMservice;Adobe Acrobat Update Service;"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
    S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-08-08 18:51:56 -------- d-----w- C:\Users\Tony\AppData\Roaming\Malwarebytes
    2011-08-08 18:51:50 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-08 18:51:49 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-08-08 18:51:46 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-08-08 18:51:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-08-08 16:28:12 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP
    2011-08-03 23:16:07 -------- d-----w- C:\LFS - Copy
    2011-08-03 04:49:34 -------- d-----w- C:\Users\Tony\AppData\Roaming\FREEzeFlip
    2011-08-03 04:49:34 -------- d-----w- C:\ProgramData\FREEzeFlipSA
    2011-08-03 04:49:34 -------- d-----w- C:\Program Files (x86)\FREEzeFlip
    2011-07-30 23:42:12 -------- d-----w- C:\Program Files (x86)\GoldWave
    2011-07-29 18:38:46 -------- d-----w- C:\Program Files\Common Files\Logitech
    2011-07-29 18:32:26 -------- d-----w- C:\LFS
    2011-07-25 22:22:52 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
    2011-07-25 00:10:11 -------- d-sh--w- C:\ProgramData\SecuROM
    2011-07-20 08:11:18 -------- d-----w- C:\Users\Tony\AppData\Roaming\atitray
    2011-07-20 08:03:51 -------- d-----w- C:\Program Files (x86)\AMD APP
    2011-07-20 08:03:45 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2011-07-20 08:03:45 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2011-07-20 08:02:57 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2011-07-20 08:02:40 -------- d-----w- C:\Program Files\ATI Technologies
    2011-07-19 02:14:36 -------- d-----w- C:\Program Files\AuditionSEA
    2011-07-18 18:12:52 -------- d-s---w- C:\Downloads
    2011-07-18 18:12:31 -------- d-----w- C:\Users\Tony\AppData\Roaming\FlashGet
    2011-07-18 18:12:31 -------- d-----w- C:\Users\Tony\AppData\Roaming\BITS
    2011-07-18 18:12:28 -------- d-----w- C:\Users\Tony\AppData\Roaming\FlashGetBHO
    2011-07-18 18:12:26 -------- d-----w- C:\Program Files (x86)\FlashGet Network
    2011-07-18 03:48:05 -------- d-----w- C:\Program Files (x86)\uTorrent
    2011-07-18 03:47:37 -------- d-----w- C:\Users\Tony\AppData\Roaming\uTorrent
    2011-07-18 02:32:19 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-07-17 04:10:35 -------- d-----w- C:\Program Files\Core Temp
    2011-07-16 01:47:45 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-07-16 01:47:29 912504 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\SymEFA64.sys
    2011-07-16 01:47:29 744568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
    2011-07-16 01:47:29 450680 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\SymDS64.sys
    2011-07-16 01:47:29 40568 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
    2011-07-16 01:47:29 386168 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
    2011-07-16 01:47:28 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\Ironx64.sys
    2011-07-16 01:47:23 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
    2011-07-11 02:24:22 -------- d-----w- C:\Users\Tony\AppData\Local\Rockstar Games
    2011-07-11 02:24:09 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
    .
    ==================== Find3M ====================
    .
    2011-07-21 04:13:00 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-07-21 04:13:00 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-07-21 04:13:00 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-07-16 01:47:34 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
    2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-05-25 04:26:56 9359872 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-05-25 03:53:28 23336960 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-05-25 03:44:30 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
    2011-05-25 03:44:26 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-05-25 03:44:04 16672768 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-05-25 03:43:50 12798976 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-05-25 03:31:38 17940992 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-05-25 03:07:58 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-05-25 03:07:48 688128 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-05-25 03:06:38 811008 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-05-25 03:04:16 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-05-25 03:04:10 485376 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-05-25 03:03:38 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-05-25 03:02:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-05-25 03:02:16 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-05-25 03:02:10 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-05-25 03:02:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-05-25 03:01:54 16384 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-05-25 03:01:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-05-25 03:01:46 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-05-25 03:00:00 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-05-25 02:59:38 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-05-25 02:59:26 3810816 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-05-25 02:58:52 4219904 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-05-25 02:50:38 4017152 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-05-25 02:49:44 5008384 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-05-25 02:47:40 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-05-25 02:47:38 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-05-25 02:47:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-05-25 02:47:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-05-25 02:47:18 8489472 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-05-25 02:43:52 6847488 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-05-25 02:39:16 4330496 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-05-25 02:38:18 53760 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-05-25 02:38:18 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-05-25 02:38:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-05-25 02:38:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-05-25 02:33:04 5486592 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-05-25 02:26:18 366592 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-05-25 02:26:12 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-05-25 02:26:04 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-05-25 02:26:00 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-05-25 02:26:00 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-05-25 02:25:58 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-05-25 02:25:48 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-05-25 02:25:42 309760 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-05-25 02:24:58 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-05-25 02:24:50 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-05-25 02:24:44 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-05-25 02:24:36 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-05-25 02:24:08 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-05-25 02:19:00 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    .
    ============= FINISH: 15:18:30.67 ===============
     
  5. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/28/2011 11:55:37 PM
    System Uptime: 8/8/2011 2:57:35 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A88T-M LE
    Processor: AMD Phenom(tm) II X4 925 Processor | AM3 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 343.319 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP33: 7/31/2011 3:00:12 AM - Windows Update
    RP34: 8/6/2011 7:31:46 PM - Removed Logitech Gaming Software 5.10.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Audacity 1.3.13 (Unicode)
    Audition
    Battlefield: Bad Company 2
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    CCC Help English
    Counter-Strike: Source
    Dead Rising 2
    FlashGet 3.7
    FREEzeFlip
    Giraffic Video Accelerator
    GoldWave v5.58
    Grand Theft Auto IV
    Grand Theft Auto: Episodes from Liberty City
    Java Auto Updater
    Java(TM) 6 Update 26
    Killing Floor
    Mabinogi
    Malwarebytes' Anti-Malware version 1.51.1.1800
    ManyCam 2.6.55 (remove only)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox 5.0 (x86 en-US)
    Nexon Game Manager
    Norton 360
    Pando Media Booster
    PunkBuster Services
    QuickTime
    Rainmeter
    Ray Adams ATI Tray Tools
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Source SDK
    StartNow Toolbar 2.0
    Steam
    Team Fortress 2
    Veoh Web Player
    Winamp
    Winamp Detector Plug-in
    WinRAR 4.00 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/7/2011 4:07:35 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer KENNY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0DC78849-C325-456D-9B47-E9E84275A777}. The master browser is stopping or an election is being forced.
    8/7/2011 12:58:58 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{0DC78849-C325-456D-9B47-E9E84275A777} because another computer on the network has the same name. The server could not start.
    8/7/2011 12:58:58 PM, Error: NetBT [4321] - The name "TONY-PC :20" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
    8/7/2011 12:58:56 PM, Error: NetBT [4321] - The name "TONY-PC :0" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
    8/5/2011 8:36:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    8/4/2011 2:35:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    8/4/2011 2:35:30 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/3/2011 1:00:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    .
    ==== End Of File ===========================
     
  6. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    There was nothing in the gmer log.

    Also, Malwarebyte's Anti-malware kept blocking something like FREEzeFlipsa.exe.

    It's a little notification saying:

    Malwarebytes' Anti-Malware
    Successfully blocked access to a potentially malicious website: 66.150.14.71

    Type: outgoing
    Port: 49362
    Process: freezeflipsa.exe

    Also, when I was looking for something in my Program Files (86x) there is a program that I never download, it's FREEzeFlipSA.

    Seems like I stop getting the popup whenever I have malwarebyte on and it blocks the FREEzeFlipSA.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Looks like it's adware. You have adware from Sorftomate, Click Potato, Hotbar and Seekmo. Combofix may remove it- if it doesn't, I'll put it in script for you to run after Combofix:

    It's doing it's job- It is a bad site!
    ==========================================
    Go to ***/Remove Programs and uninstall anything related to the following:
    1Askbar, Ask Mendia Player>>> Ask 'anything
    2.FREEzeFlip
    Then use Windows Explorer to go to the Programs folder> Find each of the program folders and do a right click> Delete.
    =======================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ===========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===========================================
    I will be removing some of the left over entries and other bad entries.
     
  8. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    ComboFix 11-08-09.02 - Tony 08/09/2011 17:00:12.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2549 [GMT -4:00]
    Running from: c:\users\Tony\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Steam\Steam.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-09 21:07 . 2011-08-09 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-08 18:51 . 2011-08-08 18:51 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
    2011-08-08 18:51 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-08 18:51 . 2011-08-08 18:51 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-08 18:51 . 2011-08-08 18:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-08-08 18:51 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-08 16:28 . 2011-08-08 16:28 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
    2011-08-03 23:16 . 2011-08-03 23:17 -------- d-----w- C:\LFS - Copy
    2011-07-30 23:42 . 2011-07-30 23:42 -------- d-----w- c:\program files (x86)\GoldWave
    2011-07-29 18:38 . 2011-07-29 18:38 -------- d-----w- c:\program files\Common Files\Logitech
    2011-07-29 18:32 . 2011-08-09 18:39 -------- d-----w- C:\LFS
    2011-07-25 22:22 . 2011-07-25 22:22 -------- d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)
    2011-07-25 00:10 . 2011-07-25 00:10 -------- d-sh--w- c:\programdata\SecuROM
    2011-07-20 08:11 . 2011-07-20 08:11 -------- d-----w- c:\users\Tony\AppData\Roaming\atitray
    2011-07-20 08:04 . 2011-07-20 08:04 -------- d-----w- c:\programdata\ATI
    2011-07-20 08:03 . 2011-07-20 08:03 -------- d-----w- c:\program files (x86)\AMD APP
    2011-07-20 08:03 . 2011-07-20 08:03 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2011-07-20 08:03 . 2011-07-20 08:03 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
    2011-07-20 08:02 . 2011-07-20 08:02 -------- d-----w- c:\program files (x86)\ATI Technologies
    2011-07-20 08:02 . 2011-07-20 08:03 -------- d-----w- c:\program files\ATI Technologies
    2011-07-19 02:14 . 2011-07-19 02:14 -------- d-----w- c:\program files\AuditionSEA
    2011-07-18 18:12 . 2011-07-18 18:14 -------- d-----w- C:\Downloads
    2011-07-18 18:12 . 2011-07-21 02:07 -------- d-----w- c:\users\Tony\AppData\Roaming\BITS
    2011-07-18 18:12 . 2011-07-18 18:12 -------- d-----w- c:\users\Tony\AppData\Roaming\FlashGet
    2011-07-18 18:12 . 2011-07-18 18:12 -------- d-----w- c:\program files (x86)\FlashGet Network
    2011-07-18 03:48 . 2011-07-18 03:48 -------- d-----w- c:\program files (x86)\uTorrent
    2011-07-18 03:47 . 2011-07-18 03:50 -------- d-----w- c:\users\Tony\AppData\Roaming\uTorrent
    2011-07-18 02:32 . 2011-07-18 02:32 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-07-18 02:32 . 2011-05-04 08:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-07-17 04:10 . 2011-07-31 03:57 -------- d-----w- c:\program files\Core Temp
    2011-07-16 01:47 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-07-16 01:47 . 2011-07-16 01:48 -------- d-----w- c:\windows\system32\drivers\N360x64\0501000.01D
    2011-07-11 02:24 . 2011-07-11 02:25 -------- d-----w- c:\users\Tony\AppData\Local\Rockstar Games
    2011-07-11 02:24 . 2011-07-11 02:24 -------- d--h--r- c:\users\Tony\AppData\Roaming\SecuROM
    2011-07-11 02:24 . 2011-07-11 02:24 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-21 04:13 . 2011-05-01 21:06 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-07-21 04:13 . 2011-05-01 14:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-07-21 04:13 . 2011-05-01 14:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-07-16 01:47 . 2011-04-29 21:23 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-06-03 05:57 . 2011-07-13 11:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-05-28 03:30 . 2011-06-22 18:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-05-28 02:53 . 2011-06-22 18:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-05-25 04:26 . 2011-05-25 04:26 9359872 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-05-25 03:53 . 2011-05-25 03:53 23336960 ----a-w- c:\windows\system32\atio6axx.dll
    2011-05-25 03:44 . 2011-05-25 03:44 61952 ----a-w- c:\windows\system32\OVDecode64.dll
    2011-05-25 03:44 . 2011-05-25 03:44 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2011-05-25 03:44 . 2011-05-25 03:44 16672768 ----a-w- c:\windows\system32\amdocl64.dll
    2011-05-25 03:43 . 2011-05-25 03:43 12798976 ----a-w- c:\windows\SysWow64\amdocl.dll
    2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-05-25 03:07 . 2011-04-06 02:03 688128 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-05-25 03:06 . 2011-05-25 03:06 811008 ----a-w- c:\windows\system32\aticfx64.dll
    2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-05-25 03:04 . 2011-05-25 03:04 485376 ----a-w- c:\windows\system32\atieclxx.exe
    2011-05-25 03:03 . 2011-05-25 03:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-05-25 03:02 . 2011-05-25 03:02 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-05-25 03:02 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-05-25 03:02 . 2011-05-25 03:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-05-25 03:01 . 2011-05-25 03:01 16384 ----a-w- c:\windows\system32\atimuixx.dll
    2011-05-25 03:01 . 2011-05-25 03:01 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-05-25 03:00 . 2011-05-25 03:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-05-25 02:59 . 2011-05-25 02:59 3810816 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-05-25 02:58 . 2011-04-06 01:53 4219904 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-05-25 02:50 . 2011-05-25 02:50 4017152 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-05-25 02:49 . 2011-04-06 01:44 5008384 ----a-w- c:\windows\system32\atidxx64.dll
    2011-05-25 02:47 . 2011-05-25 02:47 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-05-25 02:47 . 2011-05-25 02:47 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-05-25 02:47 . 2011-05-25 02:47 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-05-25 02:47 . 2011-05-25 02:47 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-05-25 02:47 . 2011-05-25 02:47 8489472 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-05-25 02:43 . 2011-05-25 02:43 6847488 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-05-25 02:39 . 2011-05-25 02:39 4330496 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\atimpc64.dll
    2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2011-05-25 02:33 . 2011-05-25 02:33 5486592 ----a-w- c:\windows\system32\atiumd64.dll
    2011-05-25 02:26 . 2011-05-25 02:26 366592 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-05-25 02:26 . 2011-05-25 02:26 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-05-25 02:26 . 2011-05-25 02:26 14848 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-05-25 02:25 . 2011-05-25 02:25 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-05-25 02:25 . 2011-05-25 02:25 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-05-25 02:25 . 2011-05-25 02:25 309760 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-05-25 02:24 . 2011-04-06 01:20 40960 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-05-25 02:24 . 2011-04-06 01:20 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-05-25 02:24 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-05-25 02:24 . 2011-04-06 01:20 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-05-25 02:24 . 2011-05-25 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-05-25 02:19 . 2011-04-06 01:28 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-05-24 11:42 . 2011-06-29 17:25 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-05-24 10:40 . 2011-06-29 17:25 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2011-05-24 10:40 . 2011-06-29 17:25 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2011-05-24 10:39 . 2011-06-29 17:25 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37 . 2011-06-29 17:25 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-30 3077528]
    "tr_winamp"="c:\program files (x86)\Winamp\Winamp.exe" [2011-06-30 1595520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-06-30 74752]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 ALSysIO;ALSysIO;c:\users\Tony\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
    R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 X6va005;X6va005;c:\users\Tony\AppData\Local\Temp\0052F19.tmp [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-07-23 1151096]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110808.030\IDSvia64.sys [2011-08-02 488056]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-25 365568]
    S2 Giraffic;Giraffic Video Accelerator;c:\program files (x86)\Giraffic\GirafficWatchdog.exe [2011-06-27 2211984]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-29 136824]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110704&user_guid=79F4008CF2C64054A2F04EF1A2590E4D&machine_id=6a3b8dc841fb21b650ba48842970d962&browser=IE&os=win&os_version=6.1-x64-SP1
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download all by FlashGet3 - c:\users\Tony\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\users\Tony\AppData\Roaming\FlashGetBHO\GetUrl.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\xe6xjo8q.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110704&user_guid=79F4008CF2C64054A2F04EF1A2590E4D&machine_id=6a3b8dc841fb21b650ba48842970d962&browser=FF&os=win&os_version=6.1-x64-SP1&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\steam.exe
    Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
    AddRemove-Steam App 12210 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 12220 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 1250 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 211 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 240 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 24960 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 440 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 45740 - c:\program files (x86)\Steam\steam.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Tony\AppData\Local\Temp\0052F19.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3831901763-1007124936-4009859920-1000\Software\SecuROM\License information*]
    "datasecu"=hex:2a,32,81,f3,3c,b5,77,06,2b,1f,0f,4f,30,fd,af,70,91,7b,23,a0,40,
    9b,f9,7f,b7,81,9c,2b,da,ee,34,d5,f7,e6,85,4b,61,c2,30,df,29,ff,2a,d4,67,df,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Giraffic\Giraffic.exe
    c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-09 17:15:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-09 21:15
    .
    Pre-Run: 367,746,277,376 bytes free
    Post-Run: 367,261,642,752 bytes free
    .
    - - End Of File - - C9B7241415838AAAFCFBF4AA6D939183

    The online scan show no infected file.

    It seems like combofix deleted steam.exe. A important program for my game.

    Update: I stopped having popups.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Combofix removed the apps that you got through Steam. Regarding that, I'd like you ro run the following:

    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
    =========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    Folder::
    C:\Program Files (x86)\uTorrent
    C:\Users\Tony\AppData\Roaming\uTorrent
    DDS::
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO-X64: StartNowToolbarHelper - No File
    BHO-X64: FlashGetBHO - No File
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [FREEzeFlipSA] "C:\Program Files (x86)\FREEzeFlip\bin\1.0.4.0\FREEzeFlipSA.exe"
    Extra::
    Firefox::
    Firefox-: - Profile - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\xe6xjo8q.default\
    Firefox - prefs.js - Startup.HomepageURL
    Driver::
    Toolbar Updater Service
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    The StartNow toolbar is added by the adware Zugo. It has these characteristics:
    Hosts file modification that may block access to the security web sites.
    Produces outbound traffic.
    Downloads/requests other files from Internet.
    Creates a startup registry entry.
    Registers a 32-bit in-process server DLL.
    Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).
    Contains characteristics of an identified security risk.
    These could well be the reasons fo the popups you're getting.

    You will also need to change the keyword search in Firefox from StartNow:

    • [1]. Open FireFox and instead of a url, type about:config in the Address Bar.
      [2]. Firefox will give you a warning, but go in anyway.
      [3]. Locate the keyword.url line. It should look like the image below.
      [​IMG]
      [4]. Right click on keyword.url, then select Reset
      =================================================
      Since you haave been actively using uTorrent, could it be that Steam or any of the apps were through utorrent?
      ================================================
      Do you know what these are?
     
  10. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    Combofix

    ComboFix 11-08-10.03 - Tony 08/10/2011 23:16:53.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2623 [GMT -4:00]
    Running from: c:\users\Tony\Desktop\ComboFix.exe
    Command switches used :: c:\users\Tony\Desktop\CFScript.txt
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\uTorrent
    c:\program files (x86)\uTorrent\uTorrent.exe
    c:\users\Tony\AppData\Roaming\uTorrent
    c:\users\Tony\AppData\Roaming\uTorrent\ie\ie.1310960889.tmp
    c:\users\Tony\AppData\Roaming\uTorrent\ie\ie.1310960915.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-11 03:20 . 2011-08-11 03:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-10 23:02 . 2011-08-10 23:02 -------- d-----w- c:\users\Tony\AppData\Local\MCEdit-64bit
    2011-08-09 21:23 . 2011-08-09 21:23 -------- d-----w- c:\users\Tony\AppData\Local\ElevatedDiagnostics
    2011-08-08 18:51 . 2011-08-08 18:51 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
    2011-08-08 18:51 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-08 18:51 . 2011-08-08 18:51 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-08 18:51 . 2011-08-08 18:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-08-08 18:51 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-08 16:28 . 2011-08-08 16:28 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
    2011-08-03 23:16 . 2011-08-03 23:17 -------- d-----w- C:\LFS - Copy
    2011-07-30 23:42 . 2011-07-30 23:42 -------- d-----w- c:\program files (x86)\GoldWave
    2011-07-29 18:38 . 2011-07-29 18:38 -------- d-----w- c:\program files\Common Files\Logitech
    2011-07-29 18:32 . 2011-08-10 02:25 -------- d-----w- C:\LFS
    2011-07-25 22:22 . 2011-07-25 22:22 -------- d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)
    2011-07-25 00:10 . 2011-07-25 00:10 -------- d-sh--w- c:\programdata\SecuROM
    2011-07-20 08:11 . 2011-07-20 08:11 -------- d-----w- c:\users\Tony\AppData\Roaming\atitray
    2011-07-20 08:04 . 2011-07-20 08:04 -------- d-----w- c:\programdata\ATI
    2011-07-20 08:03 . 2011-07-20 08:03 -------- d-----w- c:\program files (x86)\AMD APP
    2011-07-20 08:03 . 2011-07-20 08:03 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2011-07-20 08:03 . 2011-07-20 08:03 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
    2011-07-20 08:02 . 2011-07-20 08:02 -------- d-----w- c:\program files (x86)\ATI Technologies
    2011-07-20 08:02 . 2011-07-20 08:03 -------- d-----w- c:\program files\ATI Technologies
    2011-07-19 02:14 . 2011-07-19 02:14 -------- d-----w- c:\program files\AuditionSEA
    2011-07-18 18:12 . 2011-07-18 18:14 -------- d-----w- C:\Downloads
    2011-07-18 18:12 . 2011-07-21 02:07 -------- d-----w- c:\users\Tony\AppData\Roaming\BITS
    2011-07-18 18:12 . 2011-07-18 18:12 -------- d-----w- c:\users\Tony\AppData\Roaming\FlashGet
    2011-07-18 18:12 . 2011-07-18 18:12 -------- d-----w- c:\program files (x86)\FlashGet Network
    2011-07-18 02:32 . 2011-07-18 02:32 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-07-18 02:32 . 2011-05-04 08:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-07-17 04:10 . 2011-07-31 03:57 -------- d-----w- c:\program files\Core Temp
    2011-07-16 01:47 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-07-16 01:47 . 2011-07-16 01:48 -------- d-----w- c:\windows\system32\drivers\N360x64\0501000.01D
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-21 04:13 . 2011-05-01 21:06 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-07-21 04:13 . 2011-05-01 14:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-07-21 04:13 . 2011-05-01 14:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-07-16 01:47 . 2011-04-29 21:23 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-07-11 02:24 . 2011-07-11 02:24 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2011-06-03 05:57 . 2011-07-13 11:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-05-28 03:30 . 2011-06-22 18:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-05-28 02:53 . 2011-06-22 18:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-05-25 04:26 . 2011-05-25 04:26 9359872 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-05-25 03:53 . 2011-05-25 03:53 23336960 ----a-w- c:\windows\system32\atio6axx.dll
    2011-05-25 03:44 . 2011-05-25 03:44 61952 ----a-w- c:\windows\system32\OVDecode64.dll
    2011-05-25 03:44 . 2011-05-25 03:44 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2011-05-25 03:44 . 2011-05-25 03:44 16672768 ----a-w- c:\windows\system32\amdocl64.dll
    2011-05-25 03:43 . 2011-05-25 03:43 12798976 ----a-w- c:\windows\SysWow64\amdocl.dll
    2011-05-25 03:31 . 2011-05-25 03:31 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-05-25 03:07 . 2011-05-25 03:07 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-05-25 03:07 . 2011-04-06 02:03 688128 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-05-25 03:06 . 2011-05-25 03:06 811008 ----a-w- c:\windows\system32\aticfx64.dll
    2011-05-25 03:04 . 2011-05-25 03:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-05-25 03:04 . 2011-05-25 03:04 485376 ----a-w- c:\windows\system32\atieclxx.exe
    2011-05-25 03:03 . 2011-05-25 03:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-05-25 03:02 . 2011-05-25 03:02 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-05-25 03:02 . 2011-05-25 03:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-05-25 03:02 . 2011-05-25 03:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-05-25 03:02 . 2011-05-25 03:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-05-25 03:01 . 2011-05-25 03:01 16384 ----a-w- c:\windows\system32\atimuixx.dll
    2011-05-25 03:01 . 2011-05-25 03:01 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-05-25 03:01 . 2011-05-25 03:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-05-25 03:00 . 2011-05-25 03:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-05-25 02:59 . 2011-05-25 02:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-05-25 02:59 . 2011-05-25 02:59 3810816 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-05-25 02:58 . 2011-04-06 01:53 4219904 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-05-25 02:50 . 2011-05-25 02:50 4017152 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-05-25 02:49 . 2011-04-06 01:44 5008384 ----a-w- c:\windows\system32\atidxx64.dll
    2011-05-25 02:47 . 2011-05-25 02:47 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-05-25 02:47 . 2011-05-25 02:47 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-05-25 02:47 . 2011-05-25 02:47 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-05-25 02:47 . 2011-05-25 02:47 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-05-25 02:47 . 2011-05-25 02:47 8489472 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-05-25 02:43 . 2011-05-25 02:43 6847488 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-05-25 02:39 . 2011-05-25 02:39 4330496 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\atimpc64.dll
    2011-05-25 02:38 . 2011-05-25 02:38 53760 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-05-25 02:38 . 2011-05-25 02:38 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2011-05-25 02:33 . 2011-05-25 02:33 5486592 ----a-w- c:\windows\system32\atiumd64.dll
    2011-05-25 02:26 . 2011-05-25 02:26 366592 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-05-25 02:26 . 2011-05-25 02:26 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-05-25 02:26 . 2011-05-25 02:26 14848 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-05-25 02:26 . 2011-05-25 02:26 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-05-25 02:25 . 2011-05-25 02:25 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-05-25 02:25 . 2011-05-25 02:25 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-05-25 02:25 . 2011-05-25 02:25 309760 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-05-25 02:24 . 2011-04-06 01:20 40960 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-05-25 02:24 . 2011-04-06 01:20 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-05-25 02:24 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-05-25 02:24 . 2011-04-06 01:20 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-05-25 02:24 . 2011-05-25 02:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-05-25 02:19 . 2011-04-06 01:28 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-05-24 11:42 . 2011-06-29 17:25 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-05-24 10:40 . 2011-06-29 17:25 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2011-05-24 10:40 . 2011-06-29 17:25 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2011-05-24 10:39 . 2011-06-29 17:25 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37 . 2011-06-29 17:25 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-08-09_21.09.19 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2011-08-11 03:23 37870 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-08-11 03:23 31262 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-04-29 20:21 . 2011-08-11 03:23 10102 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3831901763-1007124936-4009859920-1000_UserData.bin
    + 2011-04-28 19:02 . 2011-08-10 20:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-28 19:02 . 2011-08-09 20:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-28 19:02 . 2011-08-10 20:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-04-28 19:02 . 2011-08-09 20:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-08-09 20:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-08-10 20:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-29 20:21 . 2011-08-11 03:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-29 20:21 . 2011-08-09 21:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-29 20:21 . 2011-08-09 21:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-04-29 20:21 . 2011-08-11 03:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-04-29 20:21 . 2011-08-09 21:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-29 20:21 . 2011-08-11 03:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-04-29 20:22 . 2011-08-09 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-29 20:22 . 2011-08-11 03:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-29 20:22 . 2011-08-09 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-29 20:22 . 2011-08-11 03:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-08-11 03:21 . 2011-08-11 03:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-08-09 21:08 . 2011-08-09 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-08-09 21:08 . 2011-08-09 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-08-11 03:21 . 2011-08-11 03:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-06-29 18:24 . 2011-08-11 03:21 550016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2011-06-29 18:24 . 2011-08-09 21:08 550016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-07-14 05:01 . 2011-08-11 03:21 230028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-08-09 21:08 230028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-06-29 18:24 . 2011-08-11 03:21 19474608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3831901763-1007124936-4009859920-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-30 3077528]
    "tr_winamp"="c:\program files (x86)\Winamp\Winamp.exe" [2011-06-30 1595520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-06-30 74752]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 ALSysIO;ALSysIO;c:\users\Tony\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
    R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 X6va005;X6va005;c:\users\Tony\AppData\Local\Temp\0052F19.tmp [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-07-23 1151096]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110809.030\IDSvia64.sys [2011-08-02 488056]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-25 365568]
    S2 Giraffic;Giraffic Video Accelerator;c:\program files (x86)\Giraffic\GirafficWatchdog.exe [2011-06-27 2211984]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-29 136824]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110704&user_guid=79F4008CF2C64054A2F04EF1A2590E4D&machine_id=6a3b8dc841fb21b650ba48842970d962&browser=IE&os=win&os_version=6.1-x64-SP1
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download all by FlashGet3 - c:\users\Tony\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\users\Tony\AppData\Roaming\FlashGetBHO\GetUrl.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\xe6xjo8q.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110704&user_guid=79F4008CF2C64054A2F04EF1A2590E4D&machine_id=6a3b8dc841fb21b650ba48842970d962&browser=FF&os=win&os_version=6.1-x64-SP1&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Tony\AppData\Local\Temp\0052F19.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3831901763-1007124936-4009859920-1000\Software\SecuROM\License information*]
    "datasecu"=hex:2a,32,81,f3,3c,b5,77,06,2b,1f,0f,4f,30,fd,af,70,91,7b,23,a0,40,
    9b,f9,7f,b7,81,9c,2b,da,ee,34,d5,f7,e6,85,4b,61,c2,30,df,29,ff,2a,d4,67,df,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Giraffic\Giraffic.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-10 23:27:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-11 03:27
    ComboFix2.txt 2011-08-09 21:15
    .
    Pre-Run: 363,024,338,944 bytes free
    Post-Run: 362,718,187,520 bytes free
    .
    - - End Of File - - 43EACB91438D22F56C1CC445E6DE5461
     
  11. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    CKscanner

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\steam\steamapps\azndrift14\counter-strike source\cstrike\maps\cs_crackhouse.bsp
    c:\program files (x86)\steam\steamapps\azndrift14\counter-strike source\cstrike\maps\cs_crackhouse.nav
    c:\program files (x86)\steam\steamapps\azndrift14\counter-strike source\cstrike\maps\soundcache\cs_crackhouse.cache
    scanner sequence 3.AB.11.BNAABO
    ----- EOF -----
     
  12. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    I've only use uTorrent to download a game called Audition, due to them only allowing downloading it that way. I have not use uTorrent for anything else. After downloading the game Audition, I uninstalled uTorrent, but kept the setup in my download folder.

    Steam has nothing to do with uTorrent. Steam has there own download manager.

    LFS and LFS-copy are a racing game simulator. The copy is the original, and the regular one is one with texture packs for the game.

    BITS, I have no idea.
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    There is another thread running now where Combofix also deleted Steam. Give this a try:

    Please eun this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    
    DEQUARANTINE::
    C:\Qoobox\Quarantine\C\program files\Steam\Steam.exe.vir 
    C:\Qoobox\Quarantine\c:\program files (x86)\Steam\Steam.exe.vir
    QUIT::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Let me know if that restores the program. Strange what's going on- did a Google search and there were many hits for 'Combofix deleted Steam.'
    About the steam.exe[/b[ deletion: If it was a legitimate file, then the explanation could be as simple as a "false positive"
    ====================
    Possibilities for BITS:

    1. http://www.google.com/finance?client=ob&q=NASDAQ:BITS

    2. What it usually means:
    Background Intelligent Transfer Service (BITS) is a component of modern Microsoft Windows operating systems that facilitates prioritized, throttled, and asynchronous transfer of files between machines using idle network bandwidth.BITS 3.0 was introduced with Windows Vista, and is included in all later Windows versions. BITS 2.5 capabilities are also included in Windows Vista and Windows Server 2008.
    http://en.wikipedia.org/wiki/Background_Intelligent_Transfer_Service

    List of non-Microsoft applications that use BITS

    But I haven't seen it in an entry like this: C:\Users\Tony\AppData\Roaming\BITS
     
  14. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    ComboFix 11-08-12.01 - Tony 08/12/2011 22:22:48.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2520 [GMT -4:00]
    Running from: c:\users\Tony\Desktop\ComboFix.exe
    Command switches used :: c:\users\Tony\Desktop\CFScript.txt
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Steam\Steam.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-13 02:32 . 2011-08-13 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-12 17:12 . 2011-08-12 17:12 -------- d-----w- c:\programdata\ATI
    2011-08-12 17:11 . 2011-08-12 17:11 -------- d-----w- c:\program files (x86)\AMD APP
    2011-08-12 17:09 . 2011-08-12 17:09 -------- d-----w- c:\windows\LastGood.Tmp
    2011-08-12 17:06 . 2011-08-12 17:06 15360 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-08-12 17:06 . 2011-08-12 17:06 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-08-12 17:06 . 2011-08-12 17:06 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-08-12 17:06 . 2011-08-12 17:06 16384 ----a-w- c:\windows\system32\atimuixx.dll
    2011-08-12 17:06 . 2011-08-12 17:06 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-08-12 17:06 . 2011-08-12 17:06 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-08-12 17:05 . 2011-08-12 17:06 6740480 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-08-12 17:05 . 2011-08-12 17:05 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-08-12 17:05 . 2011-08-12 17:05 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-08-12 17:05 . 2011-08-12 17:05 307712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-08-12 17:05 . 2011-08-12 17:05 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-08-12 17:05 . 2011-08-12 17:06 23385600 ----a-w- c:\windows\system32\atio6axx.dll
    2011-08-12 17:05 . 2011-08-12 17:05 4039680 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-08-12 17:05 . 2011-08-12 17:05 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-08-12 17:05 . 2011-08-12 17:05 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-08-12 17:05 . 2011-08-12 17:05 5540864 ----a-w- c:\windows\system32\atiumd64.dll
    2011-08-12 17:05 . 2011-08-12 17:05 4275712 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-08-12 17:04 . 2011-08-12 17:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-08-12 17:04 . 2011-08-12 17:04 485376 ----a-w- c:\windows\system32\atieclxx.exe
    2011-08-12 17:04 . 2011-08-12 17:04 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-08-12 17:04 . 2011-08-12 17:04 3848704 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-08-12 17:03 . 2011-08-12 17:03 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-08-12 17:03 . 2011-08-12 17:03 4367360 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-08-12 17:03 . 2011-08-12 17:03 689152 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-08-12 17:03 . 2011-08-12 17:03 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-08-12 17:03 . 2011-08-12 17:03 8134656 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-08-12 17:03 . 2011-08-12 17:03 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-08-12 17:03 . 2011-08-12 17:03 266240 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-08-12 17:03 . 2011-08-12 17:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-08-11 23:38 . 2011-08-13 02:31 -------- d-----w- c:\program files (x86)\Steam
    2011-08-10 23:02 . 2011-08-10 23:02 -------- d-----w- c:\users\Tony\AppData\Local\MCEdit-64bit
    2011-08-09 21:23 . 2011-08-09 21:23 -------- d-----w- c:\users\Tony\AppData\Local\ElevatedDiagnostics
    2011-08-08 18:51 . 2011-08-08 18:51 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
    2011-08-08 18:51 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-08 18:51 . 2011-08-08 18:51 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-08 18:51 . 2011-08-08 18:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-08-08 18:51 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-08 16:28 . 2011-08-08 16:28 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
    2011-08-03 23:16 . 2011-08-03 23:17 -------- d-----w- C:\LFS - Copy
    2011-07-30 23:42 . 2011-07-30 23:42 -------- d-----w- c:\program files (x86)\GoldWave
    2011-07-29 18:38 . 2011-07-29 18:38 -------- d-----w- c:\program files\Common Files\Logitech
    2011-07-29 18:32 . 2011-08-11 19:43 -------- d-----w- C:\LFS
    2011-07-25 22:22 . 2011-07-25 22:22 -------- d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)
    2011-07-25 00:10 . 2011-07-25 00:10 -------- d-sh--w- c:\programdata\SecuROM
    2011-07-20 08:11 . 2011-07-20 08:11 -------- d-----w- c:\users\Tony\AppData\Roaming\atitray
    2011-07-20 08:03 . 2011-07-20 08:03 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2011-07-20 08:03 . 2011-07-20 08:03 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
    2011-07-20 08:02 . 2011-07-20 08:02 -------- d-----w- c:\program files (x86)\ATI Technologies
    2011-07-20 08:02 . 2011-08-12 17:11 -------- d-----w- c:\program files\ATI Technologies
    2011-07-19 02:14 . 2011-07-19 02:14 -------- d-----w- c:\program files\AuditionSEA
    2011-07-18 18:12 . 2011-07-18 18:14 -------- d-----w- C:\Downloads
    2011-07-18 18:12 . 2011-07-21 02:07 -------- d-----w- c:\users\Tony\AppData\Roaming\BITS
    2011-07-18 18:12 . 2011-07-18 18:12 -------- d-----w- c:\users\Tony\AppData\Roaming\FlashGet
    2011-07-18 18:12 . 2011-07-18 18:12 -------- d-----w- c:\program files (x86)\FlashGet Network
    2011-07-18 02:32 . 2011-07-18 02:32 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-07-18 02:32 . 2011-05-04 08:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-07-17 04:10 . 2011-07-31 03:57 -------- d-----w- c:\program files\Core Temp
    2011-07-16 01:47 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-07-16 01:47 . 2011-07-16 01:48 -------- d-----w- c:\windows\system32\drivers\N360x64\0501000.01D
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-12 17:05 . 2011-04-06 01:20 40960 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-08-12 17:05 . 2011-04-06 01:44 5072896 ----a-w- c:\windows\system32\atidxx64.dll
    2011-08-12 17:04 . 2011-04-06 01:28 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-08-12 17:04 . 2011-05-25 03:06 814592 ----a-w- c:\windows\system32\aticfx64.dll
    2011-08-12 17:03 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-08-12 17:03 . 2011-04-06 01:20 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-07-21 04:13 . 2011-05-01 21:06 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-07-21 04:13 . 2011-05-01 14:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-07-21 04:13 . 2011-05-01 14:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-07-16 01:47 . 2011-04-29 21:23 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-07-11 02:24 . 2011-07-11 02:24 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2011-07-08 03:37 . 2011-07-08 03:37 60416 ----a-w- c:\windows\system32\OVDecode64.dll
    2011-07-08 03:36 . 2011-07-08 03:36 16907776 ----a-w- c:\windows\system32\amdocl64.dll
    2011-06-27 20:23 . 2011-06-27 20:23 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2011-06-27 20:22 . 2011-06-27 20:22 13904896 ----a-w- c:\windows\SysWow64\amdocl.dll
    2011-06-16 07:34 . 2011-06-16 07:34 2971648 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
    2011-06-16 07:34 . 2011-06-16 07:34 105984 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
    2011-06-11 03:07 . 2011-07-13 11:24 3137536 ----a-w- c:\windows\system32\win32k.sys
    2011-06-03 06:57 . 2011-07-13 11:24 362496 ----a-w- c:\windows\system32\wow64win.dll
    2011-06-03 06:57 . 2011-07-13 11:24 243200 ----a-w- c:\windows\system32\wow64.dll
    2011-06-03 06:57 . 2011-07-13 11:24 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2011-06-03 06:57 . 2011-07-13 11:24 214528 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-03 06:57 . 2011-07-13 11:24 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2011-06-03 06:56 . 2011-07-13 11:24 421888 ----a-w- c:\windows\system32\KernelBase.dll
    2011-06-03 06:53 . 2011-07-13 11:24 338944 ----a-w- c:\windows\system32\conhost.exe
    2011-06-03 06:44 . 2011-07-13 11:24 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-06-03 06:00 . 2011-07-13 11:24 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2011-06-03 05:57 . 2011-07-13 11:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-06-03 05:57 . 2011-07-13 11:24 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2011-06-03 05:56 . 2011-07-13 11:24 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2011-06-03 05:56 . 2011-07-13 11:24 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2011-06-03 05:47 . 2011-07-13 11:24 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2011-06-03 03:53 . 2011-07-13 11:24 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2011-06-03 03:53 . 2011-07-13 11:24 2048 ----a-w- c:\windows\SysWow64\user.exe
    2011-06-03 03:48 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-03 03:48 . 2011-07-13 11:24 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-06-03 03:48 . 2011-07-13 11:24 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-03 03:48 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-05-28 03:30 . 2011-06-22 18:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-05-28 02:53 . 2011-06-22 18:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-05-24 11:42 . 2011-06-29 17:25 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-05-24 10:40 . 2011-06-29 17:25 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2011-05-24 10:40 . 2011-06-29 17:25 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2011-05-24 10:39 . 2011-06-29 17:25 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37 . 2011-06-29 17:25 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-08-09_21.09.19 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-05-25 02:38 . 2011-05-25 02:38 52736 c:\windows\SysWOW64\atimpc32.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 52736 c:\windows\SysWOW64\atimpc32.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 13312 c:\windows\SysWOW64\atiglpxx.dll
    - 2011-05-25 02:47 . 2011-05-25 02:47 46080 c:\windows\SysWOW64\aticalrt.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 46080 c:\windows\SysWOW64\aticalrt.dll
    - 2011-05-25 02:47 . 2011-05-25 02:47 44032 c:\windows\SysWOW64\aticalcl.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 44032 c:\windows\SysWOW64\aticalcl.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 52736 c:\windows\SysWOW64\amdpcom32.dll
    - 2011-05-25 02:38 . 2011-05-25 02:38 52736 c:\windows\SysWOW64\amdpcom32.dll
    + 2010-11-21 03:09 . 2011-08-12 16:58 37910 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-08-12 16:58 31278 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-04-29 20:21 . 2011-08-12 16:58 10118 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3831901763-1007124936-4009859920-1000_UserData.bin
    - 2009-07-14 05:30 . 2011-08-06 23:35 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30 . 2011-08-12 17:32 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2011-08-12 17:04 . 2011-08-12 17:04 58880 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\coinst.dll
    + 2011-08-12 17:05 . 2011-08-12 17:05 31744 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiuxpag.dll
    + 2011-08-12 17:05 . 2011-08-12 17:05 40960 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiuxp64.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 29184 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiu9pag.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 38912 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiu9p64.dll
    + 2011-08-12 17:05 . 2011-08-12 17:05 51200 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\ATIODCLI.exe
    + 2011-08-12 17:06 . 2011-08-12 17:06 16384 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atimuixx.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 53760 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atimpc64.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 52736 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atimpc32.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 13312 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiglpxx.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 32768 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atigktxx.dll
    + 2011-08-12 17:05 . 2011-08-12 17:05 39936 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atig6txx.dll
    + 2011-08-12 17:06 . 2011-08-12 17:06 15360 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atig6pxx.dll
    + 2011-08-12 17:06 . 2011-08-12 17:06 59392 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiedu64.dll
    + 2011-08-12 17:03 . 2011-08-12 17:04 51200 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\aticalrt64.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 46080 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\aticalrt.dll
    + 2011-08-12 17:06 . 2011-08-12 17:06 44544 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\aticalcl64.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 44032 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\aticalcl.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 53248 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\ati2erec.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 43520 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\ati2edxx.dll
    - 2011-04-28 19:02 . 2011-08-09 20:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-28 19:02 . 2011-08-12 00:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-28 19:02 . 2011-08-09 20:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-04-28 19:02 . 2011-08-12 00:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-08-09 20:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-08-12 00:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-05-25 02:38 . 2011-05-25 02:38 53760 c:\windows\system32\atimpc64.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 53760 c:\windows\system32\atimpc64.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 13312 c:\windows\system32\atiglpxx.dll
    + 2011-08-12 17:03 . 2011-08-12 17:04 51200 c:\windows\system32\aticalrt64.dll
    - 2011-05-25 02:47 . 2011-05-25 02:47 51200 c:\windows\system32\aticalrt64.dll
    - 2011-05-25 02:38 . 2011-05-25 02:38 53760 c:\windows\system32\amdpcom64.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 53760 c:\windows\system32\amdpcom64.dll
    - 2011-04-29 20:21 . 2011-08-09 21:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-29 20:21 . 2011-08-13 02:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-29 20:21 . 2011-08-13 02:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-04-29 20:21 . 2011-08-09 21:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-04-29 20:21 . 2011-08-13 02:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-04-29 20:21 . 2011-08-09 21:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-29 20:22 . 2011-08-13 02:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-29 20:22 . 2011-08-09 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-29 20:22 . 2011-08-09 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-29 20:22 . 2011-08-13 02:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-08-12 17:08 . 2011-08-12 17:08 77542 c:\windows\Installer\{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe
    + 2011-08-12 17:08 . 2011-08-12 17:08 77542 c:\windows\Installer\{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe
    + 2011-08-12 17:08 . 2011-08-12 17:08 77542 c:\windows\Installer\{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe
    + 2011-08-12 17:08 . 2011-08-12 17:08 77542 c:\windows\Installer\{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe
    + 2011-08-12 17:08 . 2011-08-12 17:08 77542 c:\windows\Installer\{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}\ARPPRODUCTICON.exe
    - 2011-07-20 08:03 . 2011-07-20 08:03 10134 c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
    + 2011-08-12 17:11 . 2011-08-12 17:11 10134 c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
    - 2011-07-20 08:03 . 2011-07-20 08:03 10134 c:\windows\Installer\{19A492A0-888F-44A0-9B21-D91700763F62}\ARPPRODUCTICON.exe
    + 2011-08-12 17:11 . 2011-08-12 17:11 10134 c:\windows\Installer\{19A492A0-888F-44A0-9B21-D91700763F62}\ARPPRODUCTICON.exe
    + 2011-08-12 17:32 . 2011-08-12 17:32 9560 c:\windows\system32\NetworkList\Icons\{C4D1052E-57BE-4A34-9683-C29938BED748}_48.bin
    + 2011-08-12 17:32 . 2011-08-12 17:32 4280 c:\windows\system32\NetworkList\Icons\{C4D1052E-57BE-4A34-9683-C29938BED748}_32.bin
    + 2011-08-12 17:32 . 2011-08-12 17:32 2456 c:\windows\system32\NetworkList\Icons\{C4D1052E-57BE-4A34-9683-C29938BED748}_24.bin
    + 2011-08-12 17:05 . 2011-08-12 17:05 3929 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atipblag.dat
    - 2011-08-09 21:08 . 2011-08-09 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-08-13 02:33 . 2011-08-13 02:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-08-13 02:33 . 2011-08-13 02:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-08-09 21:08 . 2011-08-09 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-08-12 17:11 . 2011-08-12 17:11 9158 c:\windows\Installer\{CCF9FABA-FF1F-AA77-60F5-8A6FD53E78E3}\ARPPRODUCTICON.exe
    + 2011-08-12 17:11 . 2011-08-12 17:11 9158 c:\windows\Installer\{BCC08D47-60ED-FA7F-241B-34BC9947D9FF}\ARPPRODUCTICON.exe
    + 2011-08-12 17:11 . 2011-08-12 17:11 4846 c:\windows\Installer\{AFCA7057-581F-9CE2-A1BD-65371995C64F}\ARPPRODUCTICON.exe
    + 2011-08-12 17:11 . 2011-08-12 17:11 9158 c:\windows\Installer\{98890E89-0353-D7BB-594D-26A17055A42B}\ARPPRODUCTICON.exe
    + 2011-08-12 17:11 . 2011-08-12 17:11 9158 c:\windows\Installer\{936783CC-73D3-F125-71A4-BC0697B48167}\ARPPRODUCTICON.exe
    + 2011-08-12 17:08 . 2011-08-12 17:08 9158 c:\windows\Installer\{801EFC7D-AA66-F889-030D-C96E99F884A4}\ARPPRODUCTICON.exe
    + 2011-08-12 17:11 . 2011-08-12 17:11 9158 c:\windows\Installer\{36A5281A-B56F-44AA-23F3-0DD2A37B2825}\ARPPRODUCTICON.exe
    + 2011-05-01 00:55 . 2011-08-12 08:22 178232 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    - 2009-07-14 05:30 . 2011-08-06 23:35 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2011-08-12 17:32 143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2011-07-29 18:38 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2009-07-14 05:30 . 2011-08-12 17:09 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2011-08-12 17:03 . 2011-08-12 17:03 278528 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\Oemdspif.dll
    + 2011-08-12 17:05 . 2011-08-12 17:05 120320 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atitmm64.dll
    + 2011-08-12 17:05 . 2011-08-12 17:05 356352 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atipdlxx.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 423424 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atipdl64.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 332800 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\ATIODE.exe
    + 2011-08-12 17:05 . 2011-08-12 17:05 307712 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atikmpag.sys
    + 2011-08-12 17:05 . 2011-08-12 17:05 234142 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiicdxx.dat
    + 2011-08-12 17:03 . 2011-08-12 17:03 204288 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiesrxx.exe
    + 2011-08-12 17:04 . 2011-08-12 17:04 485376 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atieclxx.exe
    + 2011-08-12 17:04 . 2011-08-12 17:04 462848 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\ATIDEMGX.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 814592 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\aticfx64.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 689152 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\aticfx32.dll
    + 2011-08-12 17:05 . 2011-08-12 17:05 118784 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atibtmon.exe
    + 2011-08-12 17:05 . 2011-08-12 17:05 151552 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiapfxx.exe
    + 2011-08-12 17:03 . 2011-08-12 17:03 266240 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiadlxy.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 375808 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiadlxx.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 423424 c:\windows\system32\atipdl64.dll
    - 2011-05-25 03:02 . 2011-05-25 03:02 423424 c:\windows\system32\atipdl64.dll
    + 2011-08-12 17:05 . 2011-08-12 17:05 234142 c:\windows\system32\atiicdxx.dat
    + 2011-08-12 17:03 . 2011-08-12 17:03 375808 c:\windows\system32\atiadlxx.dll
    + 2011-06-29 18:24 . 2011-08-13 02:32 901792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-07-14 05:01 . 2011-08-13 02:32 230028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-08-09 21:08 230028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-08-12 17:06 . 2011-08-12 17:06 282624 c:\windows\Installer\b6c6c.msi
    + 2011-08-12 17:05 . 2011-08-12 17:05 634880 c:\windows\Installer\b6c67.msi
    + 2011-08-12 17:04 . 2011-08-12 17:04 528896 c:\windows\Installer\b6c57.msi
    + 2011-08-12 17:05 . 2011-08-12 17:05 515072 c:\windows\Installer\b6ac4.msi
    + 2011-08-12 17:05 . 2011-08-12 17:05 4039680 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiumdva.dll
    + 2011-08-12 17:06 . 2011-08-12 17:06 1828864 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiumdmv.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 4367360 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiumdag.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 1113088 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiumd6v.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 3848704 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiumd6a.dll
    + 2011-08-12 17:05 . 2011-08-12 17:05 5540864 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atiumd64.dll
    + 2011-08-12 17:03 . 2011-08-12 17:04 9884672 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atikmdag.sys
    + 2011-08-12 17:05 . 2011-08-12 17:05 5072896 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atidxx64.dll
    + 2011-08-12 17:05 . 2011-08-12 17:05 4275712 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atidxx32.dll
    + 2011-08-12 17:03 . 2011-08-12 17:03 8134656 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\aticaldd64.dll
    + 2011-08-12 17:05 . 2011-08-12 17:06 6740480 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\aticaldd.dll
    + 2011-08-12 17:03 . 2011-08-12 17:04 9884672 c:\windows\system32\drivers\atikmdag.sys
    - 2011-05-25 03:00 . 2011-05-25 03:00 1113088 c:\windows\system32\atiumd6v.dll
    + 2011-08-12 17:04 . 2011-08-12 17:04 1113088 c:\windows\system32\atiumd6v.dll
    + 2011-08-12 17:05 . 2011-08-12 17:05 1707008 c:\windows\Installer\b6c7e.msi
    + 2011-08-12 17:06 . 2011-08-12 17:06 1778688 c:\windows\Installer\b6c62.msi
    + 2011-08-12 17:06 . 2011-08-12 17:06 2326016 c:\windows\Installer\b6c5d.msi
    + 2011-08-12 17:05 . 2011-08-12 17:05 6737920 c:\windows\Installer\b6aca.msi
    + 2011-08-11 23:31 . 2011-08-11 23:31 1606656 c:\windows\Installer\45598a0.msi
    + 2011-08-12 17:06 . 2011-08-12 17:06 17940992 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atioglxx.dll
    + 2011-08-12 17:05 . 2011-08-12 17:06 23385600 c:\windows\system32\DriverStore\FileRepository\c7122569.inf_amd64_neutral_ff56bbbb8f9c4305\B122071\atio6axx.dll
    + 2011-06-29 18:24 . 2011-08-13 02:32 20187480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3831901763-1007124936-4009859920-1000-12288.dat
    + 2011-08-12 17:08 . 2011-08-12 17:08 15139328 c:\windows\Installer\b6c8d.msi
    + 2011-08-12 17:07 . 2011-08-12 17:07 11082240 c:\windows\Installer\b6c72.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-30 3077528]
    "tr_winamp"="c:\program files (x86)\Winamp\Winamp.exe" [2011-06-30 1595520]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-06-30 74752]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    R3 ALSysIO;ALSysIO;c:\users\Tony\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
    R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 X6va005;X6va005;c:\users\Tony\AppData\Local\Temp\0052F19.tmp [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-07-23 1151096]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110812.030\IDSvia64.sys [2011-08-02 488056]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 365568]
    S2 Giraffic;Giraffic Video Accelerator;c:\program files (x86)\Giraffic\GirafficWatchdog.exe [2011-06-27 2211984]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-29 136824]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110704&user_guid=79F4008CF2C64054A2F04EF1A2590E4D&machine_id=6a3b8dc841fb21b650ba48842970d962&browser=IE&os=win&os_version=6.1-x64-SP1
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download all by FlashGet3 - c:\users\Tony\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\users\Tony\AppData\Roaming\FlashGetBHO\GetUrl.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\xe6xjo8q.default\
    FF - prefs.js: browser.startup.homepage - about:home
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-Steam App 500 - c:\program files (x86)\Steam\steam.exe
    AddRemove-Steam App 550 - c:\program files (x86)\Steam\steam.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Tony\AppData\Local\Temp\0052F19.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3831901763-1007124936-4009859920-1000\Software\SecuROM\License information*]
    "datasecu"=hex:2a,32,81,f3,3c,b5,77,06,2b,1f,0f,4f,30,fd,af,70,91,7b,23,a0,40,
    9b,f9,7f,b7,81,9c,2b,da,ee,34,d5,f7,e6,85,4b,61,c2,30,df,29,ff,2a,d4,67,df,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Giraffic\Giraffic.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-12 22:38:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-13 02:38
    ComboFix2.txt 2011-08-11 03:27
    ComboFix3.txt 2011-08-09 21:15
    .
    Pre-Run: 343,306,346,496 bytes free
    Post-Run: 343,396,634,624 bytes free
    .
    - - End Of File - - 66A4D3F8D496E5A0936E0CC05F99B572

    Doesn't matter if steam is deleted. I can always reinstall. I stopped having pop-ups now.
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did you run the script with the Dequarantine?

    Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    FileLook::
    c:\users\Tony\AppData\Roaming\BITS
    DDS::
    uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z095&partner_id=667&product_id=6 36&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_countr y=US&install_date=20110704&user_guid=79F4008CF2C64054A2F04EF1A2590E4D&machi ne_id=6a3b8dc841fb21b650ba48842970d962&browser=IE&os=win&os_version=6.1-x64-SP1
    Extra::
    Firefox::
    Firefox-: - Profile - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\xe6xjo8q.default\
    Firefox-: - prefs.js - STARTUPHOMEPAGE.URL
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
     
  16. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    I did run it with the Dequarantine script.
     
  17. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    ComboFix 11-08-12.01 - Tony 08/13/2011 23:42:39.4.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2431 [GMT -4:00]
    Running from: c:\users\Tony\Desktop\ComboFix.exe
    Command switches used :: c:\users\Tony\Desktop\CFScript.txt
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Steam\Steam.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-14 03:53 . 2011-08-14 03:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-12 17:12 . 2011-08-12 17:12 -------- d-----w- c:\programdata\ATI
    2011-08-12 17:11 . 2011-08-12 17:11 -------- d-----w- c:\program files (x86)\AMD APP
    2011-08-12 17:06 . 2011-08-12 17:06 15360 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-08-12 17:06 . 2011-08-12 17:06 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-08-12 17:06 . 2011-08-12 17:06 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-08-12 17:06 . 2011-08-12 17:06 16384 ----a-w- c:\windows\system32\atimuixx.dll
    2011-08-12 17:06 . 2011-08-12 17:06 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-08-12 17:06 . 2011-08-12 17:06 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-08-12 17:05 . 2011-08-12 17:06 6740480 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-08-12 17:05 . 2011-08-12 17:05 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-08-12 17:05 . 2011-08-12 17:05 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-08-12 17:05 . 2011-08-12 17:05 307712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-08-12 17:05 . 2011-08-12 17:05 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-08-12 17:05 . 2011-08-12 17:06 23385600 ----a-w- c:\windows\system32\atio6axx.dll
    2011-08-12 17:05 . 2011-08-12 17:05 4039680 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-08-12 17:05 . 2011-08-12 17:05 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-08-12 17:05 . 2011-08-12 17:05 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-08-12 17:05 . 2011-08-12 17:05 5540864 ----a-w- c:\windows\system32\atiumd64.dll
    2011-08-12 17:05 . 2011-08-12 17:05 4275712 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-08-12 17:04 . 2011-08-12 17:04 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-08-12 17:04 . 2011-08-12 17:04 485376 ----a-w- c:\windows\system32\atieclxx.exe
    2011-08-12 17:04 . 2011-08-12 17:04 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-08-12 17:04 . 2011-08-12 17:04 3848704 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-08-12 17:03 . 2011-08-12 17:03 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-08-12 17:03 . 2011-08-12 17:03 4367360 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-08-12 17:03 . 2011-08-12 17:03 689152 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-08-12 17:03 . 2011-08-12 17:03 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-08-12 17:03 . 2011-08-12 17:03 8134656 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-08-12 17:03 . 2011-08-12 17:03 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-08-12 17:03 . 2011-08-12 17:03 266240 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-08-12 17:03 . 2011-08-12 17:03 204288 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-08-11 23:38 . 2011-08-14 03:52 -------- d-----w- c:\program files (x86)\Steam
    2011-08-10 23:02 . 2011-08-10 23:02 -------- d-----w- c:\users\Tony\AppData\Local\MCEdit-64bit
    2011-08-09 21:23 . 2011-08-09 21:23 -------- d-----w- c:\users\Tony\AppData\Local\ElevatedDiagnostics
    2011-08-08 18:51 . 2011-08-08 18:51 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
    2011-08-08 18:51 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-08-08 18:51 . 2011-08-08 18:51 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-08 18:51 . 2011-08-08 18:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-08-08 18:51 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-08 16:28 . 2011-08-08 16:28 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
    2011-08-03 23:16 . 2011-08-03 23:17 -------- d-----w- C:\LFS - Copy
    2011-07-30 23:42 . 2011-07-30 23:42 -------- d-----w- c:\program files (x86)\GoldWave
    2011-07-29 18:38 . 2011-07-29 18:38 -------- d-----w- c:\program files\Common Files\Logitech
    2011-07-29 18:32 . 2011-08-13 22:07 -------- d-----w- C:\LFS
    2011-07-25 22:22 . 2011-07-25 22:22 -------- d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)
    2011-07-25 00:10 . 2011-07-25 00:10 -------- d-sh--w- c:\programdata\SecuROM
    2011-07-20 08:11 . 2011-07-20 08:11 -------- d-----w- c:\users\Tony\AppData\Roaming\atitray
    2011-07-20 08:03 . 2011-07-20 08:03 -------- d-----w- c:\program files\Common Files\ATI Technologies
    2011-07-20 08:03 . 2011-07-20 08:03 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
    2011-07-20 08:02 . 2011-07-20 08:02 -------- d-----w- c:\program files (x86)\ATI Technologies
    2011-07-20 08:02 . 2011-08-12 17:11 -------- d-----w- c:\program files\ATI Technologies
    2011-07-19 02:14 . 2011-07-19 02:14 -------- d-----w- c:\program files\AuditionSEA
    2011-07-18 18:12 . 2011-07-18 18:14 -------- d-----w- C:\Downloads
    2011-07-18 18:12 . 2011-07-21 02:07 -------- d-----w- c:\users\Tony\AppData\Roaming\BITS
    2011-07-18 18:12 . 2011-07-18 18:12 -------- d-----w- c:\users\Tony\AppData\Roaming\FlashGet
    2011-07-18 18:12 . 2011-07-18 18:12 -------- d-----w- c:\program files (x86)\FlashGet Network
    2011-07-18 02:32 . 2011-07-18 02:32 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-07-18 02:32 . 2011-05-04 08:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-07-17 04:10 . 2011-07-31 03:57 -------- d-----w- c:\program files\Core Temp
    2011-07-16 01:47 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-07-16 01:47 . 2011-07-16 01:48 -------- d-----w- c:\windows\system32\drivers\N360x64\0501000.01D
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-12 17:05 . 2011-04-06 01:20 40960 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-08-12 17:05 . 2011-04-06 01:44 5072896 ----a-w- c:\windows\system32\atidxx64.dll
    2011-08-12 17:04 . 2011-04-06 01:28 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-08-12 17:04 . 2011-05-25 03:06 814592 ----a-w- c:\windows\system32\aticfx64.dll
    2011-08-12 17:03 . 2011-05-25 02:24 38912 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-08-12 17:03 . 2011-04-06 01:20 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-07-21 04:13 . 2011-05-01 21:06 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-07-21 04:13 . 2011-05-01 14:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-07-21 04:13 . 2011-05-01 14:41 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-07-16 01:47 . 2011-04-29 21:23 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-07-11 02:24 . 2011-07-11 02:24 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2011-07-08 03:37 . 2011-07-08 03:37 60416 ----a-w- c:\windows\system32\OVDecode64.dll
    2011-07-08 03:36 . 2011-07-08 03:36 16907776 ----a-w- c:\windows\system32\amdocl64.dll
    2011-06-27 20:23 . 2011-06-27 20:23 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2011-06-27 20:22 . 2011-06-27 20:22 13904896 ----a-w- c:\windows\SysWow64\amdocl.dll
    2011-06-16 07:34 . 2011-06-16 07:34 2971648 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
    2011-06-16 07:34 . 2011-06-16 07:34 105984 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
    2011-06-11 03:07 . 2011-07-13 11:24 3137536 ----a-w- c:\windows\system32\win32k.sys
    2011-06-03 06:57 . 2011-07-13 11:24 362496 ----a-w- c:\windows\system32\wow64win.dll
    2011-06-03 06:57 . 2011-07-13 11:24 243200 ----a-w- c:\windows\system32\wow64.dll
    2011-06-03 06:57 . 2011-07-13 11:24 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2011-06-03 06:57 . 2011-07-13 11:24 214528 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-03 06:57 . 2011-07-13 11:24 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2011-06-03 06:56 . 2011-07-13 11:24 421888 ----a-w- c:\windows\system32\KernelBase.dll
    2011-06-03 06:53 . 2011-07-13 11:24 338944 ----a-w- c:\windows\system32\conhost.exe
    2011-06-03 06:44 . 2011-07-13 11:24 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-06-03 06:44 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-06-03 06:00 . 2011-07-13 11:24 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2011-06-03 05:57 . 2011-07-13 11:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-06-03 05:57 . 2011-07-13 11:24 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2011-06-03 05:56 . 2011-07-13 11:24 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2011-06-03 05:56 . 2011-07-13 11:24 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2011-06-03 05:47 . 2011-07-13 11:24 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2011-06-03 05:47 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2011-06-03 03:53 . 2011-07-13 11:24 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2011-06-03 03:53 . 2011-07-13 11:24 2048 ----a-w- c:\windows\SysWow64\user.exe
    2011-06-03 03:48 . 2011-07-13 11:24 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-03 03:48 . 2011-07-13 11:24 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-06-03 03:48 . 2011-07-13 11:24 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-03 03:48 . 2011-07-13 11:24 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-05-28 03:30 . 2011-06-22 18:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-05-28 02:53 . 2011-06-22 18:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-05-24 11:42 . 2011-06-29 17:25 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-05-24 10:40 . 2011-06-29 17:25 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2011-05-24 10:40 . 2011-06-29 17:25 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2011-05-24 10:39 . 2011-06-29 17:25 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37 . 2011-06-29 17:25 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-08-13_02.33.55 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2011-08-13 16:36 38072 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-08-13 16:36 31326 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-04-29 20:21 . 2011-08-13 16:36 10442 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3831901763-1007124936-4009859920-1000_UserData.bin
    - 2011-04-29 20:21 . 2011-08-13 02:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-29 20:21 . 2011-08-14 03:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-29 20:21 . 2011-08-14 03:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-04-29 20:21 . 2011-08-13 02:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-04-29 20:21 . 2011-08-14 03:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-04-29 20:21 . 2011-08-13 02:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-29 20:22 . 2011-08-14 03:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-29 20:22 . 2011-08-13 02:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-04-29 20:22 . 2011-08-13 02:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-29 20:22 . 2011-08-14 03:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-08-14 03:55 . 2011-08-14 03:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-08-13 02:33 . 2011-08-13 02:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-08-13 02:33 . 2011-08-13 02:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-08-14 03:55 . 2011-08-14 03:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-06-29 18:24 . 2011-08-13 02:32 901792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-06-29 18:24 . 2011-08-14 03:54 901792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-07-14 05:01 . 2011-08-14 03:54 230028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-08-13 02:32 230028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-03-16 14:42 . 2011-03-16 14:42 407336 c:\windows\Installer\$PatchCache$\Managed\9C8928403D4AB094F99FBA20A329833F\1.0.0\SteamService.exe
    + 2011-04-29 22:31 . 2011-08-14 03:54 11381068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3831901763-1007124936-4009859920-1000-8192.dat
    - 2011-06-29 18:24 . 2011-08-13 02:32 20187480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3831901763-1007124936-4009859920-1000-12288.dat
    + 2011-06-29 18:24 . 2011-08-14 03:54 20187480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3831901763-1007124936-4009859920-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-30 3077528]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-06-30 74752]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    R3 ALSysIO;ALSysIO;c:\users\Tony\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
    R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 X6va005;X6va005;c:\users\Tony\AppData\Local\Temp\0052F19.tmp [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-07-23 1151096]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110812.030\IDSvia64.sys [2011-08-02 488056]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 365568]
    S2 Giraffic;Giraffic Video Accelerator;c:\program files (x86)\Giraffic\GirafficWatchdog.exe [2011-06-27 2211984]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-29 136824]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download all by FlashGet3 - c:\users\Tony\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\users\Tony\AppData\Roaming\FlashGetBHO\GetUrl.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\xe6xjo8q.default\
    FF - prefs.js: browser.startup.homepage - about:home
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Tony\AppData\Local\Temp\0052F19.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3831901763-1007124936-4009859920-1000\Software\SecuROM\License information*]
    "datasecu"=hex:2a,32,81,f3,3c,b5,77,06,2b,1f,0f,4f,30,fd,af,70,91,7b,23,a0,40,
    9b,f9,7f,b7,81,9c,2b,da,ee,34,d5,f7,e6,85,4b,61,c2,30,df,29,ff,2a,d4,67,df,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Giraffic\Giraffic.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-13 23:59:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-14 03:59
    ComboFix2.txt 2011-08-13 02:38
    ComboFix3.txt 2011-08-11 03:27
    ComboFix4.txt 2011-08-09 21:15
    .
    Pre-Run: 349,157,093,376 bytes free
    Post-Run: 349,082,300,416 bytes free
    .
    - - End Of File - - AC79992B052C5C5B4AEE1C47F3ECE87F
     
  18. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    Just found out something weird. It seems like whenever I use combofix, it swaps my internet. Not sure if it's the right term.

    I have steam and LFS that both have servers that I can play on. When I used the first custom script you gave me, it seems like I lost connection to Steam servers, and only have LFS servers. The second script you gave me, I have steam server, but lost LFS servers. The script that you just gave me switched it back to LFS servers only. I'm not sure if it had anything to do, but I had steam servers all day today, till I use combofix and the custom script you gave latest.

    Still have no pop up.
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The problem seems rooted in the use of Steam. With all of the removals of Steam-related entries, I suggest you check your settings in the program. I have no idea why servers and being 'swapped'! If the problem with Steam continues, please start a thread in the Window OS or Software forum regarding the Steam settings. Please mention that we have finished in this forum.
    ===============================================
    One more question> I had this script entry in the last CFFix:
    This instructs Combofix to look into the file and give me information, similar to checking for 'Properties'.

    But I don't see the 'Look' in the current log.
    =========================================
    This still need to be changed:
    FF - prefs.js: browser.startup.homepage - about:home

    Restore the default home page
    1. . Open Firefox> Click on Tools> Options.
    2. . Select the General panel
    3. . In the Startup box, click Restore to Default.
    4. . Close Firefox, then reopen. If about:home has been replaced, stop here.
    5. . If it has not, navigate to a page you would like to have as the homepage.
    6. . Using the same path to open Tools> Options> General Tab> click on Use Current for home page.
    Close Firefox. New home page should be set on reopening.
    [​IMG]
    Image courtesy Mozilla Support.
    ==========================================
    Since the problem has been resolved, after doing the above, go on to the following:
    Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin
     
  20. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    Okay, I finished doing the restore point and disk clean up. I still have problem with steam, so I will be posting in the forum you told me.

    I have no idea why the script didn't give the 'look' of the BITS. I followed your instruction in copying the custom script into notepad and drag it into combofix.
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I have to believe that the problem with Steam has something to do with the version, the compatibility, or some other problem related to the use of it by your system.

    If you check the 1st Combofix log, you'll note this section:
    Regarding the first entry PunkBusterSVC, , I found the following association between this and Steam. You might want to have a look:
    http://forums.steampowered.com/forums/showthread.php?t=1126319
     
  22. azndrift14

    azndrift14 TS Rookie Topic Starter Posts: 16

    Punkbuster is something for Battlefield: Bad Company 2. I currently don't have that game installed. I reinstalled steam, yet I see no servers. It's weird. I can't join any server through friends or steam. Only way of joining server is by doing it manually, typing in console "connect <Server IP>" It's annoying though, because I can't tell how many people are in the server and what map the server is currently on. It also takes awhile to connect to the server. My brother plays right next to me, and is connected to the same wireless router. He has no problem with servers.

    Reinstalling the program should fix all the files that has anything to do with the program. I don't think it's anything wrong with the program. Could be my computer itself. I have reinstall the program 3 times. No fix.
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I think you may have missed my point here:

    For this entry: AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

    I left a reference for you to check- did you do it? It has to do with others who experienced that mass steam deletes in Combofix..Since the popups problem has been resolved, you can go ahead with this:

    Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin

    I'm going t close this thread since the malware has been removed. Suggest you check out possible compatibility problems with Steam. Sometimes an update can cause conflicts. Steam may have updated or you may have gotten Windows update. If you can't resolve the server problem, check the Steam Communities or their support.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...