Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.28.01
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ricky :: RICKY-PC [administrator]
9/27/2012 10:37:14 PM
mbam-log-2012-09-27 (22-37-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205242
Time elapsed: 2 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Ricky\Downloads\ca_setup.exe (PUP.PasswordTool) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-27 23:09:25
Windows 6.1.7600
Running: n6jy1c2u.exe
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00B42.log 1048576 bytes
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ricky at 23:10:23 on 2012-09-27
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8187.6018 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\Ricky\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
C:\Program Files (x86)\COMODO\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\COMODO\GeekBuddy\unit.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\consent.exe
C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Dyyno Launcher] "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe
uRun: [Spotify Web Helper] "C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave
StartupFolder: C:\Users\Ricky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ricky\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Ricky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{191F44B1-EACC-48BD-84A8-0464D388DAEE} : NameServer = 204.101.251.1,205.151.222.251
TCP: Interfaces\{C90CA946-240A-4440-949B-A3CEA0882530} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Ricky\Desktop\PartyPoker.lnk
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe [2012-8-23 70352]
R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-7-18 415072]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-12 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-16 2666880]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe [2012-1-27 828944]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 CFRMD;CFRMD;C:\Windows\system32\DRIVERS\CFRMD.sys --> C:\Windows\system32\DRIVERS\CFRMD.sys [?]
S2 CareMon;CareMon;"C:\Program Files (x86)\Wondershare\WinSuite 2012\PcCheck\CareMon.exe" --> C:\Program Files (x86)\Wondershare\WinSuite 2012\PcCheck\CareMon.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-14 250288]
S3 ESEADriver2;ESEADriver2;C:\Users\Ricky\AppData\Local\Temp\ESEADriver2.sys [2012-9-18 91256]
S3 Gun;Gun;\??\C:\Windows\system32\Gun64.sys --> C:\Windows\system32\Gun64.sys [?]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 MHIKEY10;MHIKEY10;C:\Windows\system32\Drivers\MHIKEY10x64.sys --> C:\Windows\system32\Drivers\MHIKEY10x64.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-28 05:32:59--------d-----w-C:\Program Files (x86)\COMODO
2012-09-28 05:32:59--------d-----w-C:\Program Files (x86)\Common Files\Comodo
2012-09-28 05:31:30--------d-----w-C:\ProgramData\CPA_VA
2012-09-28 05:26:48--------d-----w-C:\Users\Ricky\AppData\Roaming\Malwarebytes
2012-09-28 05:24:53--------d-----w-C:\ProgramData\Malwarebytes
2012-09-28 05:24:5225928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-09-28 05:24:52--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-28 05:22:37--------d-----w-C:\ProgramData\Comodo
2012-09-28 05:22:29--------d-----w-C:\Program Files\COMODO
2012-09-28 05:22:261060864----a-w-C:\Windows\SysWow64\mfc71.dll
2012-09-26 01:45:279308616----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6C4ECBA-50F5-4A88-BDDC-9E9A31858A71}\mpengine.dll
2012-09-22 20:01:51--------d-----w-C:\Program Files (x86)\AMD APP
2012-09-19 01:36:27--------d-----w-C:\Users\Ricky\AppData\Roaming\Mumble
2012-09-19 01:36:07--------d-----w-C:\Program Files (x86)\Mumble
2012-09-19 01:19:41--------d-----w-C:\Program Files\ESEA
2012-09-19 00:57:00--------d-----w-C:\Users\Ricky\AppData\Roaming\Mozilla-Cache
2012-09-19 00:56:49--------d-----w-C:\Users\Ricky\AppData\Roaming\Party
2012-09-19 00:55:58--------d-----w-C:\Programs
2012-09-15 15:41:31--------d-----w-C:\$RECYCLE.BIN
2012-09-15 15:30:45518144----a-w-C:\Windows\SWREG.exe
2012-09-15 15:30:45256000----a-w-C:\Windows\PEV.exe
2012-09-15 15:30:45208896----a-w-C:\Windows\MBR.exe
2012-09-15 15:30:4498816----a-w-C:\Windows\sed.exe
2012-09-12 04:22:24574464----a-w-C:\Windows\System32\d3d10level9.dll
2012-09-12 04:22:23490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
.
==================== Find3M ====================
.
2012-09-21 06:37:0973136----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 06:37:09696240----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-08-03 17:23:2835064----a-w-C:\Windows\System32\drivers\CFRMD.sys
2012-08-03 17:23:2835064----a-w-C:\Windows\inf\lps-ca\cfrmd.sys
2012-07-28 05:47:40187392----a-w-C:\Windows\System32\clinfo.exe
2012-07-28 05:47:2475776----a-w-C:\Windows\System32\OpenVideo64.dll
2012-07-28 05:47:1665024----a-w-C:\Windows\SysWow64\OpenVideo.dll
2012-07-28 05:47:1063488----a-w-C:\Windows\System32\OVDecode64.dll
2012-07-28 05:47:0656320----a-w-C:\Windows\SysWow64\OVDecode.dll
2012-07-28 05:46:5616464896----a-w-C:\Windows\System32\amdocl64.dll
2012-07-28 05:46:0613013504----a-w-C:\Windows\SysWow64\amdocl.dll
2012-07-28 04:09:205538984----a-w-C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:4410278912----a-w-C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:1270144----a-w-C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:3424935424----a-w-C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:1020546560----a-w-C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:15:50163840----a-w-C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42931328----a-w-C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:561100288----a-w-C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40442368----a-w-C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34534528----a-w-C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44239616----a-w-C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20120320----a-w-C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:0421504----a-w-C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:5859392----a-w-C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:5243520----a-w-C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:106430208----a-w-C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:127052288----a-w-C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:324266496----a-w-C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:1051200----a-w-C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:0846080----a-w-C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:0244544----a-w-C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:0044032----a-w-C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:4816034304----a-w-C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:324751872----a-w-C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:1013605888----a-w-C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:526676480----a-w-C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32540160----a-w-C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22368640----a-w-C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:1217920----a-w-C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:0814848----a-w-C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:0814848----a-w-C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:0441984----a-w-C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:5633280----a-w-C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46368640----a-w-C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54129536----a-w-C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48109568----a-w-C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40103936----a-w-C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:3283456----a-w-C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:5453248----a-w-C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:4256320----a-w-C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:4256320----a-w-C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:3656832----a-w-C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:3656832----a-w-C:\Windows\SysWow64\amdpcom32.dll
2012-07-18 17:31:123146752----a-w-C:\Windows\System32\win32k.sys
2012-07-04 22:01:3858880----a-w-C:\Windows\System32\browcli.dll
2012-07-04 22:01:38136704----a-w-C:\Windows\System32\browser.dll
2012-07-04 21:23:5541472----a-w-C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 23:10:37.98 ===============
www.malwarebytes.org
Database version: v2012.09.28.01
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ricky :: RICKY-PC [administrator]
9/27/2012 10:37:14 PM
mbam-log-2012-09-27 (22-37-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205242
Time elapsed: 2 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Ricky\Downloads\ca_setup.exe (PUP.PasswordTool) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-27 23:09:25
Windows 6.1.7600
Running: n6jy1c2u.exe
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00B42.log 1048576 bytes
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ricky at 23:10:23 on 2012-09-27
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8187.6018 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\Ricky\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
C:\Program Files (x86)\COMODO\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\COMODO\GeekBuddy\unit.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\consent.exe
C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Dyyno Launcher] "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe
uRun: [Spotify Web Helper] "C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave
StartupFolder: C:\Users\Ricky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ricky\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Ricky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{191F44B1-EACC-48BD-84A8-0464D388DAEE} : NameServer = 204.101.251.1,205.151.222.251
TCP: Interfaces\{C90CA946-240A-4440-949B-A3CEA0882530} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Ricky\Desktop\PartyPoker.lnk
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe [2012-8-23 70352]
R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-7-18 415072]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-12 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-16 2666880]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe [2012-1-27 828944]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 CFRMD;CFRMD;C:\Windows\system32\DRIVERS\CFRMD.sys --> C:\Windows\system32\DRIVERS\CFRMD.sys [?]
S2 CareMon;CareMon;"C:\Program Files (x86)\Wondershare\WinSuite 2012\PcCheck\CareMon.exe" --> C:\Program Files (x86)\Wondershare\WinSuite 2012\PcCheck\CareMon.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-14 250288]
S3 ESEADriver2;ESEADriver2;C:\Users\Ricky\AppData\Local\Temp\ESEADriver2.sys [2012-9-18 91256]
S3 Gun;Gun;\??\C:\Windows\system32\Gun64.sys --> C:\Windows\system32\Gun64.sys [?]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 MHIKEY10;MHIKEY10;C:\Windows\system32\Drivers\MHIKEY10x64.sys --> C:\Windows\system32\Drivers\MHIKEY10x64.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-28 05:32:59--------d-----w-C:\Program Files (x86)\COMODO
2012-09-28 05:32:59--------d-----w-C:\Program Files (x86)\Common Files\Comodo
2012-09-28 05:31:30--------d-----w-C:\ProgramData\CPA_VA
2012-09-28 05:26:48--------d-----w-C:\Users\Ricky\AppData\Roaming\Malwarebytes
2012-09-28 05:24:53--------d-----w-C:\ProgramData\Malwarebytes
2012-09-28 05:24:5225928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-09-28 05:24:52--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-28 05:22:37--------d-----w-C:\ProgramData\Comodo
2012-09-28 05:22:29--------d-----w-C:\Program Files\COMODO
2012-09-28 05:22:261060864----a-w-C:\Windows\SysWow64\mfc71.dll
2012-09-26 01:45:279308616----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B6C4ECBA-50F5-4A88-BDDC-9E9A31858A71}\mpengine.dll
2012-09-22 20:01:51--------d-----w-C:\Program Files (x86)\AMD APP
2012-09-19 01:36:27--------d-----w-C:\Users\Ricky\AppData\Roaming\Mumble
2012-09-19 01:36:07--------d-----w-C:\Program Files (x86)\Mumble
2012-09-19 01:19:41--------d-----w-C:\Program Files\ESEA
2012-09-19 00:57:00--------d-----w-C:\Users\Ricky\AppData\Roaming\Mozilla-Cache
2012-09-19 00:56:49--------d-----w-C:\Users\Ricky\AppData\Roaming\Party
2012-09-19 00:55:58--------d-----w-C:\Programs
2012-09-15 15:41:31--------d-----w-C:\$RECYCLE.BIN
2012-09-15 15:30:45518144----a-w-C:\Windows\SWREG.exe
2012-09-15 15:30:45256000----a-w-C:\Windows\PEV.exe
2012-09-15 15:30:45208896----a-w-C:\Windows\MBR.exe
2012-09-15 15:30:4498816----a-w-C:\Windows\sed.exe
2012-09-12 04:22:24574464----a-w-C:\Windows\System32\d3d10level9.dll
2012-09-12 04:22:23490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
.
==================== Find3M ====================
.
2012-09-21 06:37:0973136----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 06:37:09696240----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-08-03 17:23:2835064----a-w-C:\Windows\System32\drivers\CFRMD.sys
2012-08-03 17:23:2835064----a-w-C:\Windows\inf\lps-ca\cfrmd.sys
2012-07-28 05:47:40187392----a-w-C:\Windows\System32\clinfo.exe
2012-07-28 05:47:2475776----a-w-C:\Windows\System32\OpenVideo64.dll
2012-07-28 05:47:1665024----a-w-C:\Windows\SysWow64\OpenVideo.dll
2012-07-28 05:47:1063488----a-w-C:\Windows\System32\OVDecode64.dll
2012-07-28 05:47:0656320----a-w-C:\Windows\SysWow64\OVDecode.dll
2012-07-28 05:46:5616464896----a-w-C:\Windows\System32\amdocl64.dll
2012-07-28 05:46:0613013504----a-w-C:\Windows\SysWow64\amdocl.dll
2012-07-28 04:09:205538984----a-w-C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:4410278912----a-w-C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:1270144----a-w-C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:3424935424----a-w-C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:1020546560----a-w-C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:15:50163840----a-w-C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42931328----a-w-C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:561100288----a-w-C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40442368----a-w-C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34534528----a-w-C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44239616----a-w-C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20120320----a-w-C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:0421504----a-w-C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:5859392----a-w-C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:5243520----a-w-C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:106430208----a-w-C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:127052288----a-w-C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:324266496----a-w-C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:1051200----a-w-C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:0846080----a-w-C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:0244544----a-w-C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:0044032----a-w-C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:4816034304----a-w-C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:324751872----a-w-C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:1013605888----a-w-C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:526676480----a-w-C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32540160----a-w-C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22368640----a-w-C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:1217920----a-w-C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:0814848----a-w-C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:0814848----a-w-C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:0441984----a-w-C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:5633280----a-w-C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46368640----a-w-C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54129536----a-w-C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48109568----a-w-C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40103936----a-w-C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:3283456----a-w-C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:5453248----a-w-C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:4256320----a-w-C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:4256320----a-w-C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:3656832----a-w-C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:3656832----a-w-C:\Windows\SysWow64\amdpcom32.dll
2012-07-18 17:31:123146752----a-w-C:\Windows\System32\win32k.sys
2012-07-04 22:01:3858880----a-w-C:\Windows\System32\browcli.dll
2012-07-04 22:01:38136704----a-w-C:\Windows\System32\browser.dll
2012-07-04 21:23:5541472----a-w-C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 23:10:37.98 ===============