[Persistent Google redirect malware]

Also, some time between my reply at 8:02 PM yesterday and now, my computer has become extremely slow. The boot process is normal up until Windows loads, which now takes 15-20 minutes, and programs are taking about four times as long to load as they would before. If this is expected and the cleanup process you mentioned deals with this, then disregard.

[Persistent Google redirect malware]

I don't know what this securitycheck program is finding with Firefox, but I'm sure my Firefox is 15.0.1.

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Ad-Aware

Malwarebytes Anti-Malware version 1.65.0.1400

Java 6 Update 22

Java 7 Update 7

Adobe Flash Player 11.4.402.278

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox 13.0.1 Firefox out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

````````Process Check: objlist.exe by Laurent````````

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe

AVG avgwdsvc.exe

AVG avgtray.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

[Persistent Google redirect malware]

I went ahead and enabled most of what I had before, and the problem didn't reappear. I think the issue occurred when I switched from Opera to Firefox, and used the java plugin for a while without realizing that it was severly outdated, and there was a listed security vulnerability.

[Persistent Google redirect malware]

I don't see anything suspicious in any of my browsers after the resets. Although I'll be on high alert while I re-enable extensions and use the machine over the next few days, I can tentatively say that the problem is fixed. Thank you much for your help.

[Persistent Google redirect malware]

# AdwCleaner v2.005 - Logfile created 10/15/2012 at 21:27:41

# Updated 14/10/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Dan - KATRINA

# Boot Mode : Normal

# Running from : C:\Users\Dan\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default

File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\axirir3c.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [unable to get version]

File : C:\Users\Dan\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : application/vnd.unity=6,,C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll,Unity [...]

*************************

AdwCleaner[R1].txt - [3015 octets] - [15/10/2012 21:17:57]

AdwCleaner[s1].txt - [2846 octets] - [15/10/2012 21:27:41]

########## EOF - C:\AdwCleaner[s1].txt - [2906 octets] ##########

[Persistent Google redirect malware]

# AdwCleaner v2.005 - Logfile created 10/15/2012 at 21:17:57

# Updated 14/10/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Dan - KATRINA

# Boot Mode : Normal

# Running from : C:\Users\Dan\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Found : HKLM\SOFTWARE\Classes\dnUpdate

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKU\S-1-5-21-1206569-3984615700-1114235121-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default

File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\axirir3c.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [unable to get version]

File : C:\Users\Dan\AppData\Roaming\Opera\Opera\operaprefs.ini

Found : application/vnd.unity=6,,C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll,Unity [...]

*************************

AdwCleaner[R1].txt - [2894 octets] - [15/10/2012 21:17:57]

########## EOF - C:\AdwCleaner[R1].txt - [2954 octets] ##########

[Persistent Google redirect malware]

MBAM detects nothing, and yet google results are still redirecting in all three browsers I tested. I have noted that Windows is loading slightly faster when I reboot though.

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.15.13

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Dan :: KATRINA [administrator]

10/15/2012 8:53:29 PM

mbam-log-2012-10-15 (20-53-29).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201271

Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[Persistent Google redirect malware]

ComboFix 12-10-15.01 - Dan 10/15/2012 20:00:20.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6134.4426 [GMT -4:00]

Running from: c:\users\Dan\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\Microsoft\Windows\DRM\6C9A.tmp

c:\users\Dan\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))

.

.

2012-10-16 00:07 . 2012-10-16 00:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-09 07:02 . 2012-10-09 07:02 -------- d-----w- c:\program files\SAMSUNG

2012-10-09 07:02 . 2010-04-27 02:25 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys

2012-10-09 07:02 . 2010-04-27 02:25 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys

2012-10-09 07:02 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys

2012-10-09 07:02 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys

2012-10-09 07:02 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys

2012-10-09 07:02 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys

2012-10-09 07:02 . 2010-04-27 02:25 141384 ----a-w- c:\windows\system32\drivers\sscdserd.sys

2012-10-09 07:02 . 2010-04-27 02:25 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys

2012-10-09 07:02 . 2012-10-09 07:02 -------- d-----w- c:\programdata\Samsung

2012-10-09 07:02 . 2012-10-09 07:02 53248 ----a-r- c:\users\Dan\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe

2012-10-09 07:02 . 2012-10-09 07:02 -------- d-----w- c:\users\Dan\AppData\Roaming\Verizon

2012-10-07 20:12 . 2012-10-10 22:30 -------- d-----w- c:\users\Dan\AppData\Roaming\Audacity

2012-09-27 09:32 . 2012-09-27 09:32 -------- d-----w- c:\users\Dan\AppData\Roaming\Apple Computer

2012-09-27 09:24 . 2012-09-27 09:24 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes

2012-09-27 09:24 . 2012-09-27 09:24 -------- d-----w- c:\programdata\Malwarebytes

2012-09-27 09:24 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-27 04:23 . 2012-09-27 04:23 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-09-27 04:18 . 2012-09-27 04:18 -------- d-----w- c:\program files (x86)\QuickTime

2012-09-27 04:18 . 2012-09-27 04:18 -------- d-----w- c:\programdata\Apple Computer

2012-09-27 04:16 . 2012-09-27 04:16 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-09-16 20:01 . 2012-09-16 20:02 -------- d-----w- C:\b7ea368fe0283c743fa8f8fce2864e8f

2012-09-16 20:00 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-16 20:00 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-16 20:00 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-16 20:00 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-16 20:00 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-16 20:00 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-16 20:00 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-27 04:27 . 2012-04-04 18:41 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-27 04:27 . 2011-05-18 15:40 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-27 04:23 . 2012-06-12 04:54 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-27 04:23 . 2010-05-15 20:52 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-16 20:01 . 2010-12-04 21:21 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-07-18 18:15 . 2012-08-16 17:28 3148800 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]

"VolPanel"="c:\program files (x86)\Creative\Volume Panel\VolPanlu.exe" [2009-07-07 241789]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]

R3 cpuz134;cpuz134;c:\program flies\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-06-04 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-09 79360]

R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2011-06-04 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-04-30 6377496]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-04 1255736]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-01-26 69152]

S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-07-15 269904]

S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-09-12 35664]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776]

S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-08-26 1181328]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-21 240232]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 287232]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-04-30 30232]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-06-01 33160]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 26982122

*NewlyCreated* - 38160382

*Deregistered* - 26982122

*Deregistered* - 38160382

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206569-3984615700-1114235121-1001Core.job

- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 02:19]

.

2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206569-3984615700-1114235121-1001UA.job

- c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 02:19]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\avgrssta.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\axirir3c.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-38160382.sys

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-CamStudio - c:\games\CamStudio\uninstall.exe

AddRemove-GoldenEye: Source - c:\games\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe

AddRemove-Opera 11.11.2109 - c:\program files (x86)\Opera\Opera.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-RPTools MapTool - c:\windows\system32\javaws.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1206569-3984615700-1114235121-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C11B4CAE-AFF4-6585-6F80-252FB512753E}*]

"habnjdamjdplgnao"=hex:61,61,00,00

"ianaamciinbhncdekg"=hex:69,61,65,6a,64,6c,6d,61,66,67,70,64,6f,68,69,69,70,62,

00,b1

"hahaonoikmnecndc"=hex:69,61,65,6a,64,6c,6d,61,66,67,70,64,6f,68,69,69,70,62,

00,ff

"habnjdamhbkknaep"=hex:61,61,00,00

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-15 20:10:03

ComboFix-quarantined-files.txt 2012-10-16 00:10

.

Pre-Run: 159,931,912,192 bytes free

Post-Run: 162,383,974,400 bytes free

.

- - End Of File - - 39EE76493509A0A683AFDB6590CAD6B5

[Persistent Google redirect malware]

You did not instruct me to include the reports from RogueKiller, but I have posted them here because of the line

[sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Dan\LOCALS~1\Temp\msqekizo.com) -> NOT REMOVED, USE PROXYFIX

If this is expected, please disregard; the attachmends for tdsskiller are below. Also, the tdsskiller did not find any malicious objects, and required no reboot after the scan.

TDSSKiller.2.8.13.0_15.10.2012_18.51.52_log.txt

TDSSKiller.2.8.13.0_15.10.2012_18.55.09_log.txt

RogueKiller V8.1.0 [09/28/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Website: http://tigzy.geeksto...roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Dan [Admin rights]

Mode : Remove -- Date : 10/15/2012 18:49:54

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Dan\LOCALS~1\Temp\msqekizo.com) -> NOT REMOVED, USE PROXYFIX

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\@ --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\U --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00A7B0 ATA Device +++++

--- User ---

[MBR] d0e90eb80994bf396ff3b77ce31b01e1

[bSP] d50bf80ecf2c50163e0a345de78802e0 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

RogueKiller V8.1.0 [09/28/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Website: http://tigzy.geeksto...roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Dan [Admin rights]

Mode : Remove -- Date : 10/15/2012 18:51:09

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00A7B0 ATA Device +++++

--- User ---

[MBR] d0e90eb80994bf396ff3b77ce31b01e1

[bSP] d50bf80ecf2c50163e0a345de78802e0 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

[Persistent Google redirect malware]

RogueKiller V8.1.0 [09/28/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Dan [Admin rights]

Mode : Scan -- Date : 10/15/2012 16:36:21

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Dan\LOCALS~1\Temp\msqekizo.com) -> FOUND

[sHELL][sUSP PATH] HKUS\S-1-5-21-1206569-3984615700-1114235121-1001[...]\Windows : Load (C:\Users\Dan\LOCALS~1\Temp\msqekizo.com) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00A7B0 ATA Device +++++

--- User ---

[MBR] d0e90eb80994bf396ff3b77ce31b01e1

[bSP] d50bf80ecf2c50163e0a345de78802e0 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[Persistent Google redirect malware]

A few weeks ago I began to encounter an issue where Google search links began to redirect to what I'm fairly sure were attack sites. Every time I run MBAM or another virus/adware/malware scan, it detects a registry virus and supposedly deletes it, but when my computer restarts the issue appears again. I thought the issue was mostly benign if I just stopped clicking google links, but earlier tonight while playing a game my computer froze and on reboot would not get past the Windows loading screen. A system restore got me past that issue, but the virus persists and is clearly more a threat than I thought. Any help would be appreciated.

The second line on dds.txt under the subheading "Pseudo HJT Report" seems to be part of the virus since the registry key in question points at that file, but that file doesn't seem to exist on my computer.

dds.txt

DDS (Ver_2012-10-14.05) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2

Run by Dan at 1:52:20 on 2012-10-15

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6134.3851 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Windows\system32\lsm.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\lkads.exe

C:\Windows\SysWOW64\lktsrv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\School\National Instruments\Shared\Security\nidmsrv.exe

C:\Windows\SysWOW64\nisvcloc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Flies\pirch\pirch98.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Flies\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uWindows: Load = C:\Users\Dan\LOCALS~1\Temp\msqekizo.com

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [Google Update] "C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly

mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab

TCP: NameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{9CA39918-4F04-4704-AEBF-F9A681D6E21C} : DHCPNameServer = 65.32.5.111 65.32.5.112

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\axirir3c.default\

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-1-26 69152]

R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-1-26 269904]

R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-1-26 35664]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-27 203776]

R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-12-2 1181328]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-4-30 190488]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-4-30 30232]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 cpuz134;cpuz134;C:\Program Flies\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-6-4 21480]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-6-4 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-9 79360]

S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2011-6-4 79360]

S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]

S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-6 25832]

S3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-1-19 6377496]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-12 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-9 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-4 1255736]

.

=============== Created Last 30 ================

.

2012-10-09 07:02:20 19016 ----a-w- C:\Windows\System32\drivers\sscdmdfl.sys

2012-10-09 07:02:20 172104 ----a-w- C:\Windows\System32\drivers\sscdmdm.sys

2012-10-09 07:02:20 15944 ----a-w- C:\Windows\System32\drivers\sscdwhnt.sys

2012-10-09 07:02:20 15944 ----a-w- C:\Windows\System32\drivers\sscdwh.sys

2012-10-09 07:02:20 15432 ----a-w- C:\Windows\System32\drivers\sscdcmnt.sys

2012-10-09 07:02:20 15432 ----a-w- C:\Windows\System32\drivers\sscdcm.sys

2012-10-09 07:02:20 141384 ----a-w- C:\Windows\System32\drivers\sscdserd.sys

2012-10-09 07:02:20 136264 ----a-w- C:\Windows\System32\drivers\sscdbus.sys

2012-10-09 07:02:20 -------- d-----w- C:\Program Files\SAMSUNG

2012-10-09 07:02:15 -------- d-----w- C:\ProgramData\Samsung

2012-10-09 07:02:06 53248 ----a-r- C:\Users\Dan\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe

2012-10-09 07:02:06 -------- d-----w- C:\Users\Dan\AppData\Roaming\Verizon

2012-10-07 20:09:58 -------- d-----w- C:\Users\Dan\AppData\Local\{DFCAF6EF-0FF5-4D4F-9E96-7E59A73424A1}

2012-09-27 09:24:49 -------- d-----w- C:\Users\Dan\AppData\Roaming\Malwarebytes

2012-09-27 09:24:41 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-27 09:24:40 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-27 04:23:46 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-09-16 20:01:06 -------- d-----w- C:\b7ea368fe0283c743fa8f8fce2864e8f

2012-09-16 20:00:24 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-16 20:00:24 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-16 20:00:23 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-16 20:00:23 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-16 20:00:16 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-16 20:00:16 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-16 20:00:15 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

==================== Find3M ====================

.

2012-09-27 04:27:09 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-27 04:27:09 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-27 04:23:41 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-09-27 04:23:41 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 1:52:38.55 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-14.05)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/14/2009 2:05:49 PM

System Uptime: 10/15/2012 12:30:06 AM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P6T

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 150.305 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP255: 10/5/2012 5:45:52 PM - Scheduled Checkpoint

RP256: 10/12/2012 6:21:21 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

'PTC Places' Namespace Shell Extension

AAC Decoder

Activation Assistant for the 2007 Microsoft Office suites

Ad-Aware

Adobe Flash Player 11 ActiveX 64-bit

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Adobe Shockwave Player 11.5

AIM 7

Alpha Protocol

AMD Drag and Drop Transcoding

Apple Application Support

Apple Software Update

ATI AVIVO64 Codecs

ATI Catalyst Install Manager

Audacity 2.0.2

AutoUpdate

AVG Free 9.0

Bastion

Belarc Advisor 8.2

Borderlands

Braid

Call of Duty: Modern Warfare 2

CamStudio

CamStudio Lossless Codec v1.4

CamStudio OSS Desktop Recorder

Canon Easy-WebPrint EX

Canon MP Navigator EX 3.0

Canon MP490 series MP Drivers

Canon MP490 series User Registration

Canon Utilities My Printer

Caster

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cheat Engine 5.5

ConverterLite 0.1

Creative ALchemy

Creative Audio Control Panel

Creative AutoMode Switcher

Creative Console Launcher

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

Creative System Information

Crysis®

D3DX10

DDL and DTS Connect License Activation

DEFCON

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Deus Ex: Game of the Year Edition

Deus Ex: Invisible War

Dia (remove only)

Divine Divinity

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Version Checker

Dolby Digital Live Pack

Download Updater (AOL LLC)

Dragon Age: Origins

Dropbox

DTS Connect Pack

Dundjinni

EAGLE 5.11.0

Far Cry (Patch 1.32 AMD64)

Far Cry 2

FLV Player 2.0 (build 25)

Fraps (remove only)

GameSpy Comrade

GoldenEye: Source - HalfLife 2 Mod

Google Chrome

Greed Corp

Guild Wars

H.264 Decoder

Half-Life 2

Half-Life 2: Episode One

Half-Life 2: Episode Two

Half-Life: Source

Heroes of Might and Magic® IV The Gathering Storm

HI-TECH C51-lite V9.60PL0

HI-TECH PICC lite V9.60PL0

HydraVision

Java 7 Update 7

Java Auto Updater

Java™ 6 Update 22

Just Cause

Just Cause 2

LAME v3.99.3 (for Windows)

Legend of Grimrock

Logitech Vid

Logitech Webcam Software

Logitech Webcam Software Driver Package

LTspice IV

Magicka

Majesty 2

Malwarebytes Anti-Malware version 1.65.0.1400

MapleStory

Mass Effect

Mass Effect 2

Mathcad 15 F000

Mathcad PDSi viewable support

MATLAB R2011a Student Version

MATLAB Student R2010a

Medieval II Total War

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft IntelliPoint 7.0

Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Office 64-bit Components 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Visio 2010

Microsoft Office Visio MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visio 2010 Service Pack 1 (SP1)

Microsoft Visio Professional 2010

Microsoft Visual Basic PowerPacks 10.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# .NET Redistributable Package 1.1

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

MKV Splitter

Morrowind

Mount & Blade

Mount and Blade: Warband

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MuseScore 1.2 MuseScore score typesetter

National Instruments Software

Nexon Game Manager

NI Circuit Design Suite 11.0 Core

NI Circuit Design Suite 11.0 Edu Licenses

NI Circuit Design Suite 11.0 Education

NI EULA Depot

NI Example Finder 9.0

NI Help Assistant

NI Help Assistant (64bit)

NI LabVIEW Real-Time NBFifo

NI LabVIEW Run-Time Engine 2009

NI LabVIEW Run-Time Engine 8.6.1

NI LabVIEW Run-Time Engine Interop 2009

NI LabVIEW Run-Time Engine Web Services

NI LabVIEW Web Server for Run-Time Engine

NI LabVIEW Web Services Runtime

NI LabWindows/CVI 9.0.1 Run-Time Engine

NI License Manager

NI Logos 5.1

NI Logos XT Support

NI Logos64 5.1

NI Logos64 XT Support

NI Math Kernel Libraries

NI Math Kernel Libraries (64-bit)

NI MDF Support

NI MetaSuite Installer

NI Service Locator

NI TDMS

NI TDMS (64-bit)

NI Trace Engine

NI Trace Engine (64-bit)

NI Uninstaller

NI Update Service 1.0

NI Update Service Extras 1.0

NI USI 1.7.0

NI USI 1.7.0 64-Bit

NI VC2005MSMs x64

NI VC2005MSMs x86

NI VC2008MSMs x64

NI VC2008MSMs x86

NI Web Pipeline 2.0.1

NI Web Pipeline 2.0.1 64-bit support

NVIDIA Drivers

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OpenAL

OpenOffice.org 3.3

Opera 11.11

Opera 12.00

Pando Media Booster

PC Wizard 2010.1.96

Portal

Psychonauts

PunkBuster Services

QuickTime

Railroad Tycoon 2: Platinum

RPTools MapTool

SAMSUNG USB Driver for Mobile Phones

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition

Sequence

Sid Meier's Civilization III: Complete

Skype™ 4.1

Solar 2

SoundFont Bank Manager

Space Pirates and Zombies

SpaceChem

SpeedFan (remove only)

Steam

SteamLink

Team Fortress 2

TeamSpeak 2 RC2

TeamSpeak 2 Server RC2

Terraria

TES Construction Set

The Elder Scrolls V: Skyrim

The Guild II

THX Setup Console

Ticket to Ride

Trillian

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

VC80CRTRedist - 8.0.50727.4053

Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Visual C++ 8.0 Runtime Setup Package (x64)

VLC media player 1.0.3

Volume Panel

Windchill ProductPoint Client Manager

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR archiver

WinZip 14.0

World of Goo

Xvid 1.2.2 final uninstall

.

==== End Of File ===========================