Cheers Broni, you are a Soldier!
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.19.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Mat :: MAT-PC [administrator]
Protection: Enabled
4/19/2013 9:12:07 PM
mbam-log-2013-04-19 (21-12-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212608
Time elapsed: 2 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Mat at 21:17:35 on 2013-04-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.712 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Mat\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Mat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mat\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://
www.yahoo.com/
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Mat\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mat\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3AF40BDE-25E7-49F4-861C-9E3EB7F43B99} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-22 65336]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-5 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-2-5 377920]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-2-5 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-5 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-22 45248]
R2 MBAMScheduler;MBAMScheduler;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-19 418376]
R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-19 701512]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-12 76912]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-19 25928]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-12-12 1320048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-22 178624]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-13 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-13 1255736]
.
=============== Created Last 30 ================
.
2013-04-20 01:10:3325928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-04-17 06:21:2076232----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9ECE8C83-745E-4EBA-BBFB-8128518E7DF2}\offreg.dll
2013-04-16 18:47:459311288----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9ECE8C83-745E-4EBA-BBFB-8128518E7DF2}\mpengine.dll
2013-04-12 11:29:263717632----a-w-C:\Windows\System32\mstscax.dll
2013-04-12 11:29:253217408----a-w-C:\Windows\SysWow64\mstscax.dll
2013-04-12 11:29:17131584----a-w-C:\Windows\SysWow64\aaclient.dll
2013-04-12 11:29:15158720----a-w-C:\Windows\System32\aaclient.dll
2013-04-12 11:29:1244032----a-w-C:\Windows\System32\tsgqec.dll
2013-04-12 11:29:0936864----a-w-C:\Windows\SysWow64\tsgqec.dll
2013-04-12 11:28:083153408----a-w-C:\Windows\System32\win32k.sys
2013-04-12 11:28:015550424----a-w-C:\Windows\System32\ntoskrnl.exe
2013-04-12 11:27:593968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-12 11:27:593913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-04-12 11:27:5743520----a-w-C:\Windows\System32\csrsrv.dll
2013-04-12 11:27:57112640----a-w-C:\Windows\System32\smss.exe
2013-04-12 11:27:566656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-03-23 12:59:03--------d-sh--w-C:\$RECYCLE.BIN
2013-03-23 12:31:57--------d-----w-C:\ComboFix
2013-03-23 12:21:3198816----a-w-C:\Windows\sed.exe
2013-03-23 12:21:31256000----a-w-C:\Windows\PEV.exe
2013-03-23 12:21:31208896----a-w-C:\Windows\MBR.exe
2013-03-23 00:22:049728---ha-w-C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-23 00:19:0319968----a-w-C:\Windows\System32\drivers\usb8023.sys
2013-03-22 14:41:48178624----a-w-C:\Windows\System32\drivers\aswVmm.sys
2013-03-22 14:41:4765336----a-w-C:\Windows\System32\drivers\aswRvrt.sys
2013-03-22 13:48:17--------d-----w-C:\Users\Mat\AppData\Roaming\Malwarebytes
2013-03-22 13:48:06--------d-----w-C:\ProgramData\Malwarebytes
2013-03-22 13:47:45--------d-----w-C:\Users\Mat\AppData\Local\Programs
2013-03-21 16:38:5568608----a-w-C:\Windows\System32\taskhost.exe
.
==================== Find3M ====================
.
2013-03-23 00:22:049728---ha-w-C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 17:18:2973432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-22 17:18:29693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-20 11:47:55175616----a-w-C:\Windows\System32\msclmd.dll
2013-03-20 11:47:55152576----a-w-C:\Windows\SysWow64\msclmd.dll
2013-03-12 05:10:56282744------w-C:\Windows\System32\MpSigStub.exe
2013-03-06 22:33:2170992----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 22:33:211025808----a-w-C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 22:33:2080816----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 22:32:5141664----a-w-C:\Windows\avastSS.scr
2013-02-23 02:19:54103736----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2013-02-23 02:19:45669184----a-w-C:\Windows\SysWow64\pbsvc.exe
2013-02-21 10:30:161766912----a-w-C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:392877440----a-w-C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:3761440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:072240512----a-w-C:\Windows\System32\wininet.dll
2013-02-21 10:14:093958784----a-w-C:\Windows\System32\jscript9.dll
2013-02-21 10:14:0567072----a-w-C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05136704----a-w-C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:032706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:142706432----a-w-C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:5371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:1889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-19 01:05:54215128----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
.
============= FINISH: 21:18:07.88 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/11/2012 9:18:25 PM
System Uptime: 4/16/2013 7:23:38 PM (74 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | G41M-Combo
Processor: Pentium(R) Dual-Core CPU E6500 @ 2.93GHz | Socket 775 | 2933/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 59.744 GiB free.
D: is FIXED (NTFS) - 499 GiB total, 307.247 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&2BCCD040&0&2
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&2BCCD040&0&2
Service:
.
==== System Restore Points ===================
.
RP52: 3/26/2013 2:10:55 AM - Windows Update
RP53: 3/29/2013 10:58:21 AM - Windows Update
RP54: 4/12/2013 7:26:44 AM - Windows Update
RP55: 4/13/2013 3:00:56 AM - Windows Update
RP56: 4/16/2013 2:47:20 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
ASUS Wireless Router WL-520GU Utilities
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Battlefield: Bad Company 2
Canon Inkjet Printer Driver Add-On Module
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Crysis
Dark Souls: Prepare to Die Edition
Dropbox
eReg
GameSpy Comrade
Google Chrome
HD Tune 2.55
Logitech Gaming Software 8.40
Logitech SetPoint 6.51
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Platform
PunkBuster Services
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Steam
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
VIA Platform Device Manager
.
==== Event Viewer Messages From Past Week ========
.
4/12/2013 7:21:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
4/12/2013 7:21:34 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/12/2013 7:18:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
4/12/2013 7:17:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
.
==== End Of File ===========================