jim_123
2010-11-28, 20:27
Hello,
I am having an issue fully-removing CoolWWWSearch.olehelp, I believe it to be an identical problem as brought up in this thread: http://forums.spybot.info/showthread.php?t=60500 .
In short, Spybot S&D will recognize and "fix" the infection, but said infection is present after rebooting. Since the aforementioned thread involved the use of combofix, I will hold off on following the procedure listed until I get confirmation from an admin.
**Note: For the time being, I have removed the executable responsible from the startup list via Spybot S&D.
Attached is the DDS log, please let me know if you require any more information. Thank you in advance for your help.
DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Chris at 13:11:16.36 on Sun 11/28/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8190.6801 [GMT -6:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Windows\system32\taskhost.exe
C:\Users\Chris\AppData\Local\Temp\dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
"C:\Users\Chris\AppData\Roaming\Microsoft\svchost.exe"
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
D:\Downloads\Malware\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyServer = http=127.0.0.1:50370
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=explorer.exe,C:\Users\Chris\AppData\Roaming\Microsoft\Windows\shell.exe
uWindows: Load=C:\Users\Chris\AppData\Local\Temp\dwm.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\l98yjwzc.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\l98yjwzc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\l98yjwzc.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
============= SERVICES / DRIVERS ===============
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-28 203264]
R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-11-10 21480]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-28 7883264]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-28 285696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-8-16 116240]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736]
=============== Created Last 30 ================
2010-11-28 18:43:00 118272 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\svchost.exe
2010-11-28 00:57:08 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3E884016-40D9-4D9B-919B-4847585597B7}\mpengine.dll
2010-11-24 21:31:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\FLVPlayer4Free
2010-11-23 02:44:06 136192 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\shell.exe
2010-11-19 22:54:42 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2010-11-19 22:54:25 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-11-19 22:14:21 -------- d--h--w- C:\PROGRA~3\Common Files
2010-11-19 22:14:09 -------- d-----w- C:\PROGRA~3\AVG10
2010-11-19 22:13:54 -------- d-----w- C:\Program Files (x86)\AVG
2010-11-19 22:08:35 -------- d-----w- C:\PROGRA~3\MFAData
2010-11-12 22:58:15 -------- d-----w- C:\Users\Chris\AppData\Local\Apple Computer
2010-11-10 22:41:40 21480 ----a-w- C:\Windows\System32\drivers\cpuz134_x64.sys
2010-11-10 22:41:40 -------- d-----w- C:\Program Files\CPUID
2010-11-10 02:22:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2010-11-10 02:22:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2010-11-10 02:22:12 -------- d-----w- C:\Program Files (x86)\ATI
2010-11-09 22:17:37 -------- d-----w- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
==================== Find3M ====================
2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-29 02:26:12 7883264 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-09-29 02:13:38 21344256 ----a-w- C:\Windows\System32\atio6axx.dll
2010-09-29 01:56:14 16201728 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-09-29 01:55:12 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-09-29 01:55:02 536576 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-09-29 01:54:02 628224 ----a-w- C:\Windows\System32\aticfx64.dll
2010-09-29 01:51:52 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-09-29 01:51:46 462336 ----a-w- C:\Windows\System32\atieclxx.exe
2010-09-29 01:51:08 203264 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-09-29 01:49:58 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-09-29 01:49:42 421376 ----a-w- C:\Windows\System32\atipdl64.dll
2010-09-29 01:49:34 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-09-29 01:49:24 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-09-29 01:49:18 12288 ----a-w- C:\Windows\System32\atimuixx.dll
2010-09-29 01:49:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-09-29 01:49:08 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-09-29 01:46:06 3953152 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-09-29 01:37:28 4660224 ----a-w- C:\Windows\System32\atidxx64.dll
2010-09-29 01:30:02 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-09-29 01:28:00 4077568 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-09-29 01:27:22 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-09-29 01:27:20 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-09-29 01:27:12 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-09-29 01:27:10 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-09-29 01:27:00 5470720 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-09-29 01:26:04 4407808 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-09-29 01:23:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-09-29 01:22:56 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-09-29 01:21:54 5240832 ----a-w- C:\Windows\System32\atiumd64.dll
2010-09-29 01:15:20 340480 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-09-29 01:15:12 241664 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-09-29 01:15:02 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-09-29 01:14:58 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-09-29 01:14:58 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-09-29 01:14:56 21504 ----a-w- C:\Windows\System32\atig6txx.dll
2010-09-29 01:14:52 19968 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-09-29 01:14:48 285696 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-09-29 01:14:06 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-09-29 01:14:00 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-09-29 01:13:54 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-09-29 01:13:44 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-09-29 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-09-29 01:09:32 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-09-29 01:09:32 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-09-29 01:09:24 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-09-29 01:09:24 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
============= FINISH: 13:11:47.58 ===============
I am having an issue fully-removing CoolWWWSearch.olehelp, I believe it to be an identical problem as brought up in this thread: http://forums.spybot.info/showthread.php?t=60500 .
In short, Spybot S&D will recognize and "fix" the infection, but said infection is present after rebooting. Since the aforementioned thread involved the use of combofix, I will hold off on following the procedure listed until I get confirmation from an admin.
**Note: For the time being, I have removed the executable responsible from the startup list via Spybot S&D.
Attached is the DDS log, please let me know if you require any more information. Thank you in advance for your help.
DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Chris at 13:11:16.36 on Sun 11/28/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8190.6801 [GMT -6:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Chris\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Windows\system32\taskhost.exe
C:\Users\Chris\AppData\Local\Temp\dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
"C:\Users\Chris\AppData\Roaming\Microsoft\svchost.exe"
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
D:\Downloads\Malware\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyServer = http=127.0.0.1:50370
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=explorer.exe,C:\Users\Chris\AppData\Roaming\Microsoft\Windows\shell.exe
uWindows: Load=C:\Users\Chris\AppData\Local\Temp\dwm.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\l98yjwzc.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\l98yjwzc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\l98yjwzc.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
============= SERVICES / DRIVERS ===============
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-28 203264]
R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-11-10 21480]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-28 7883264]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-28 285696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-8-16 116240]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736]
=============== Created Last 30 ================
2010-11-28 18:43:00 118272 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\svchost.exe
2010-11-28 00:57:08 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3E884016-40D9-4D9B-919B-4847585597B7}\mpengine.dll
2010-11-24 21:31:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\FLVPlayer4Free
2010-11-23 02:44:06 136192 ----a-w- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\shell.exe
2010-11-19 22:54:42 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2010-11-19 22:54:25 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-11-19 22:14:21 -------- d--h--w- C:\PROGRA~3\Common Files
2010-11-19 22:14:09 -------- d-----w- C:\PROGRA~3\AVG10
2010-11-19 22:13:54 -------- d-----w- C:\Program Files (x86)\AVG
2010-11-19 22:08:35 -------- d-----w- C:\PROGRA~3\MFAData
2010-11-12 22:58:15 -------- d-----w- C:\Users\Chris\AppData\Local\Apple Computer
2010-11-10 22:41:40 21480 ----a-w- C:\Windows\System32\drivers\cpuz134_x64.sys
2010-11-10 22:41:40 -------- d-----w- C:\Program Files\CPUID
2010-11-10 02:22:13 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2010-11-10 02:22:13 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2010-11-10 02:22:12 -------- d-----w- C:\Program Files (x86)\ATI
2010-11-09 22:17:37 -------- d-----w- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
==================== Find3M ====================
2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-29 02:26:12 7883264 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-09-29 02:13:38 21344256 ----a-w- C:\Windows\System32\atio6axx.dll
2010-09-29 01:56:14 16201728 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-09-29 01:55:12 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-09-29 01:55:02 536576 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-09-29 01:54:02 628224 ----a-w- C:\Windows\System32\aticfx64.dll
2010-09-29 01:51:52 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-09-29 01:51:46 462336 ----a-w- C:\Windows\System32\atieclxx.exe
2010-09-29 01:51:08 203264 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-09-29 01:49:58 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-09-29 01:49:42 421376 ----a-w- C:\Windows\System32\atipdl64.dll
2010-09-29 01:49:34 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-09-29 01:49:24 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-09-29 01:49:18 12288 ----a-w- C:\Windows\System32\atimuixx.dll
2010-09-29 01:49:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-09-29 01:49:08 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-09-29 01:46:06 3953152 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-09-29 01:37:28 4660224 ----a-w- C:\Windows\System32\atidxx64.dll
2010-09-29 01:30:02 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-09-29 01:28:00 4077568 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-09-29 01:27:22 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-09-29 01:27:20 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-09-29 01:27:12 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-09-29 01:27:10 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-09-29 01:27:00 5470720 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-09-29 01:26:04 4407808 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-09-29 01:23:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-09-29 01:22:56 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-09-29 01:21:54 5240832 ----a-w- C:\Windows\System32\atiumd64.dll
2010-09-29 01:15:20 340480 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-09-29 01:15:12 241664 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-09-29 01:15:02 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-09-29 01:14:58 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-09-29 01:14:58 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-09-29 01:14:56 21504 ----a-w- C:\Windows\System32\atig6txx.dll
2010-09-29 01:14:52 19968 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-09-29 01:14:48 285696 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-09-29 01:14:06 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-09-29 01:14:00 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-09-29 01:13:54 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-09-29 01:13:44 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-09-29 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-09-29 01:09:32 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-09-29 01:09:32 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-09-29 01:09:24 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-09-29 01:09:24 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
============= FINISH: 13:11:47.58 ===============