Toxi

June 23, 2012

I haven't seen it pop up anytime soon.

June 23, 2012

There's nothing to save. It didn't find anything. took 11 hours to

June 22, 2012

Okay so i did it again and still nothing. Im running it in IE but the first time i ran it it actually found 3 things and cleaned them. The second time it found nothing.

Here are the three things it quarantined

C:\Windows\AutoKMS.exe

C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll

C:\Program Files (x86)\Common Files\ZugoInstaller.exe

June 22, 2012

ill run it again since i don't believe those are the real logs.

June 22, 2012

woah whyd that come out like that?

June 22, 2012

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner64.ocx - registred OK</div>

<div>OnlineScanner.ocx - registred OK</div>

June 22, 2012

Okay it's doing the scan atm, was going to tell you that a little after i signed in, mbam reported the C:\windows\keygen and if i wanted to quarantine. Just thought you should know.

June 22, 2012

Here's the new log

ComboFix 12-06-21.02 - Toxi 06/21/2012 22:22:19.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2465 [GMT -4:00]

Running from: c:\users\Toxi\Desktop\ComboFix.exe

Command switches used :: c:\users\Toxi\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))

.

2012-06-22 02:30 . 2012-06-22 02:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-21 12:58 . 2012-06-21 12:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78B12200-0C97-45D7-9823-D19182E1DFE6}\offreg.dll

2012-06-20 00:31 . 2012-06-20 00:31 -------- d-----w- c:\users\Toxi\AppData\Roaming\SmartFTP

2012-06-20 00:29 . 2012-06-20 00:29 -------- d-----w- c:\program files\SmartFTP Client

2012-06-20 00:28 . 2012-06-20 00:28 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files

2012-06-19 14:36 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78B12200-0C97-45D7-9823-D19182E1DFE6}\mpengine.dll

2012-06-18 00:47 . 2012-06-18 00:47 -------- d-----w- c:\program files\Unlocker

2012-06-17 16:59 . 2012-06-17 16:59 -------- d-----w- c:\program files (x86)\Common Files\Overwolf

2012-06-16 18:35 . 2012-06-16 18:35 -------- d-----w- c:\program files (x86)\7-Zip

2012-06-16 18:23 . 2012-06-16 18:23 -------- d-----w- c:\program files (x86)\GnuWin32

2012-06-14 20:36 . 2012-06-20 17:46 -------- d-----w- c:\users\Toxi\AppData\Roaming\FileZilla

2012-06-14 20:35 . 2012-06-17 14:30 -------- d-----w- c:\program files (x86)\FileZilla FTP Client

2012-06-14 19:48 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 19:48 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 19:48 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 19:48 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 19:48 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-14 19:48 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-14 19:48 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-14 19:48 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 19:48 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 19:48 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll

2012-06-14 19:48 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-14 19:47 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 19:47 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 19:47 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-14 19:47 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 19:47 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-14 19:47 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-14 18:54 . 2012-06-14 18:54 -------- d-----w- c:\users\Toxi\AppData\Roaming\Malwarebytes

2012-06-14 18:53 . 2012-06-14 18:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-14 18:53 . 2012-06-14 18:53 -------- d-----w- c:\programdata\Malwarebytes

2012-06-14 18:53 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-12 22:00 . 2012-06-12 22:04 -------- d-----w- C:\srcds

2012-06-11 16:59 . 2012-06-11 16:59 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll

2012-06-11 16:59 . 2012-06-11 16:59 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

2012-06-09 14:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-09 14:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-09 14:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-09 14:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-09 14:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-09 14:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-09 14:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-09 14:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-09 14:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-09 03:33 . 2012-06-09 03:33 -------- d-----w- c:\program files (x86)\DriverTuner

2012-06-08 00:42 . 2012-06-09 01:03 -------- d-----w- c:\program files (x86)\HmelyoffLabs

2012-06-07 21:19 . 2012-06-09 03:13 -------- d-----w- c:\program files (x86)\SplitMediaLabs

2012-06-07 21:18 . 2012-06-07 21:18 -------- d-----w- c:\users\Toxi\AppData\Roaming\SplitMediaLabs

2012-06-07 20:25 . 2012-06-07 20:25 -------- d-----w- c:\users\Toxi\AppData\Roaming\fltk.org

2012-06-07 20:25 . 2012-06-07 20:25 -------- d-----w- c:\programdata\fltk.org

2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-07 16:07 . 2012-06-07 16:07 -------- d-----w- c:\program files (x86)\QuickTime

2012-06-07 16:05 . 2012-06-07 16:05 -------- d-----w- c:\program files\iPod

2012-06-07 16:05 . 2012-06-07 16:06 -------- d-----w- c:\program files\iTunes

2012-06-07 16:05 . 2012-06-07 16:06 -------- d-----w- c:\program files (x86)\iTunes

2012-06-04 00:57 . 2012-06-04 00:57 -------- d-----w- c:\users\Toxi\AppData\Roaming\Toribash

2012-06-04 00:56 . 2012-06-04 00:56 -------- d-----w- C:\Games

2012-05-28 00:03 . 2012-05-28 00:03 -------- d-----w- c:\program files\Core Temp

2012-05-27 23:59 . 2012-03-09 14:57 23816 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys

2012-05-27 23:59 . 2012-05-27 23:59 -------- d-----w- c:\program files\CPUID

2012-05-27 06:00 . 2012-05-27 06:00 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-27 06:00 . 2012-05-27 06:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-25 00:58 . 2012-05-25 23:00 -------- d-----w- c:\programdata\EA Logs

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-21 12:53 . 2011-06-16 00:09 119296 ----a-w- c:\windows\SysWow64\zlib.dll

2012-06-10 17:26 . 2011-05-23 16:08 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-06-10 17:26 . 2011-05-23 15:57 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-06-10 17:20 . 2011-05-23 15:57 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-05-04 22:58 . 2012-05-04 22:58 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-04 22:58 . 2011-05-16 23:28 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-03-30 11:09 . 2012-05-08 21:28 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-07-22 11:14 . 2011-08-14 21:52 625736 ----a-w- c:\program files (x86)\Common Files\ZugoInstaller.exe

.

((((((((((((((((((((((((((((( SnapShot@2012-06-21_22.17.49 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-06-21 22:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-06-22 02:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-06-21 22:17 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-22 02:34 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-21 22:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-22 02:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-16 04:38 . 2012-06-22 02:35 58258 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-22 02:35 34258 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-16 02:47 . 2012-06-22 02:35 30950 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-629230968-3828035873-1393441361-1000_UserData.bin

- 2011-05-16 02:11 . 2012-06-14 13:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-05-16 02:11 . 2012-06-21 22:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-05-16 02:11 . 2012-06-21 22:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-05-16 02:11 . 2012-06-14 13:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-14 13:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-21 22:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-06-22 02:32 . 2012-06-22 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-21 22:15 . 2012-06-21 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-22 02:32 . 2012-06-22 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-21 22:15 . 2012-06-21 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-06-21 22:14 475024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-22 02:31 475024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 02:34 . 2012-06-21 18:11 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2012-06-22 00:03 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2011-05-17 00:11 . 2012-06-22 02:31 10014040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-629230968-3828035873-1393441361-1000-8192.dat

- 2011-05-17 00:11 . 2012-06-21 22:14 10014040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-629230968-3828035873-1393441361-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-03-24 1242448]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-05-23 3407496]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 ALSysIO;ALSysIO;c:\users\Toxi\AppData\Local\Temp\ALSysIO64.sys [x]

R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]

R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\\OverwolfUpdater.exe [2012-06-11 18360]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 X6va005;X6va005;c:\users\Toxi\AppData\Local\Temp\005DCF7.tmp [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-05 354304]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x]

S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-629230968-3828035873-1393441361-1000Core.job

- c:\users\Toxi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 23:26]

.

2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-629230968-3828035873-1393441361-1000UA.job

- c:\users\Toxi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 23:26]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Toxi\AppData\Local\Temp\005DCF7.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\DAODx.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files (x86)\Common Files\Steam\SteamService.exe

.

**************************************************************************

.

Completion time: 2012-06-21 22:40:18 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-22 02:40

ComboFix2.txt 2012-06-21 23:53

ComboFix3.txt 2012-06-21 22:24

.

Pre-Run: 182,641,373,184 bytes free

Post-Run: 182,593,302,528 bytes free

.

- - End Of File - - 6B8965E27B52EC373F6F6C06B579C65D

June 21, 2012

Heres the log Maniac, Thanks again!

ComboFix 12-06-21.02 - Toxi 06/21/2012 19:37:11.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2180 [GMT -4:00]

Running from: c:\users\Toxi\Desktop\ComboFix.exe

Command switches used :: c:\users\Toxi\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\Keygen.exe"

.

((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))

.

2012-06-21 23:44 . 2012-06-21 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp