Oh Hai

May 23, 2012

Hello there,

I recently was infected with a nasty piece of malware.

I managed to remove it after a bit play around, but thought I'd seek some expert advice to check if there is still more to clean.

Avast let the virus through. It started with a critical Windows update failing a while back. These are all upto date now I believe.

Greatly appreciate your time

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by inkodeR at 11:52:44 on 2012-05-23

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5960 [GMT 12:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

Z:\seo\Caphyon\Advanced Web Ranking\Scheduler.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\XSrvSetup.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Logitech\G35\G35.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

Z:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

uRun: [steam] "Z:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisplayLastLogonInfo = 1 (0x1)

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - Z:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{BDA50580-EDAA-42AC-A8BA-DBD6B737327B} : DhcpNameServer = 10.1.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

mRun-x64: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Z:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\inkodeR\AppData\Roaming\Mozilla\Firefox\Profiles\vljdodp4.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.co.nz

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd51a8729-3a27-4613-b704-68a8c980a03b%7D&mid=9376e7b6947447d0b351cd262377a87a-14ce6f5d77707746194d7e5735a9581ea0f44cd5&ds=AVG&v=11.0.0.9〈=en&pr=fr&d=2012-05-21%2001%3A23%3A48&sap=ku&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-4 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 AWRScheduler;Advanced Web Ranking Scheduler;Z:\SEO\Caphyon\Advanced Web Ranking\Scheduler.exe [2011-9-29 119904]

R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2011-5-9 68136]

R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-11-19 72304]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-19 363856]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-5-21 932736]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys --> C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [?]

R3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys --> C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-26 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 257696]

S3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2010-3-12 52280]

S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;z:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe --> z:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-11-21 25640]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-26 136176]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-11-19 30528]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-20 129976]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-05-21 08:49:34 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe

2012-05-20 13:33:54 -------- d-----w- C:\Users\inkodeR\AppData\Roaming\AVG

2012-05-20 13:24:56 -------- d-----w- C:\Users\inkodeR\AppData\Roaming\AVG2012

2012-05-20 13:23:44 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

2012-05-20 13:22:53 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2012-05-20 13:22:06 -------- d-----w- C:\Windows\System32\drivers\AVG

2012-05-20 13:21:47 -------- d-----w- C:\Program Files (x86)\AVG

2012-05-20 12:30:15 -------- d-----w- C:\Program Files\COMODO

2012-05-20 12:06:30 -------- d-----w- C:\ProgramData\CPA_VA

2012-05-20 11:48:33 -------- d-----w- C:\Users\inkodeR\AppData\Local\Diagnostics

2012-05-20 11:38:23 -------- d-----w- C:\Users\inkodeR\AppData\Local\Comodo

2012-05-20 11:23:50 -------- d-----w- C:\Users\inkodeR\AppData\Local\Fallout3

2012-05-20 11:18:19 -------- d-----w- C:\Users\inkodeR\AppData\Local\AVG Secure Search

2012-05-20 11:17:40 -------- d-----w- C:\ProgramData\AVG Secure Search

2012-05-20 11:17:37 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2012-05-20 11:16:39 -------- d--h--w- C:\ProgramData\Common Files

2012-05-20 11:16:06 -------- d--h--w- C:\$AVG

2012-05-20 11:16:06 -------- d-----w- C:\ProgramData\AVG2012

2012-05-20 11:05:47 -------- d-----w- C:\ProgramData\MFAData

2012-05-20 10:41:02 -------- d-----w- C:\ProgramData\Comodo

2012-05-20 10:26:44 -------- d-----w- C:\Program Files (x86)\NT Registry Optimizer

2012-05-20 10:23:20 -------- d-----w- C:\Program Files\Soluto

2012-05-20 10:10:06 -------- d-----w- C:\Program Files (x86)\CS Fire Monitor

2012-05-20 10:02:30 81984 ----a-w- C:\Windows\System32\bdod.bin

2012-05-20 09:36:22 -------- d-----w- C:\Users\inkodeR\AppData\Roaming\BitDefender

2012-05-20 09:36:13 -------- d-----w- C:\ProgramData\BitDefender

2012-05-20 09:36:13 -------- d-----w- C:\Program Files\Common Files\BitDefender

2012-05-20 09:36:13 -------- d-----w- C:\Program Files\BitDefender

2012-05-20 09:35:34 -------- d-----w- C:\Program Files (x86)\Common Files\BitDefender

2012-05-20 09:10:00 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-20 07:45:24 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-05-20 07:45:23 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-05-20 07:45:19 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2012-05-20 07:45:19 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2012-05-20 07:44:12 -------- d-----w- C:\Program Files\ATI Technologies

2012-05-20 07:38:57 -------- d-----w- C:\Users\inkodeR\AppData\Local\CrashDumps

2012-05-20 06:25:47 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-05-20 06:25:45 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-20 06:25:45 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-05-20 06:03:16 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-05-20 03:50:05 -------- d-----w- C:\Program Files (x86)\Oracle

2012-05-20 03:49:46 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-05-20 03:30:58 -------- d-----w- C:\Program Files (x86)\ESET

2012-05-20 03:11:59 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll

2012-05-20 03:11:59 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll

2012-05-19 04:35:03 38352 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2012-05-19 04:34:58 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-19 04:34:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-19 02:52:53 -------- d-----w- C:\ITTeam

2012-05-19 02:43:37 135168 ----a-w- C:\Windows\SysWow64\KaseyaSP.dll

2012-05-19 02:43:37 -------- d-----w- C:\Program Files (x86)\Kaseya

2012-05-18 06:50:16 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CB934017-FB8D-4C3A-83C8-9807029DFE97}\mpengine.dll

2012-05-17 08:21:25 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys

2012-05-16 07:13:12 -------- d-----w- C:\Windows\SysWow64\xlive

2012-05-16 07:13:06 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2012-05-14 09:05:34 -------- d-----w- C:\Program Files\iTunes

2012-05-14 09:05:34 -------- d-----w- C:\Program Files\iPod

2012-05-14 09:05:34 -------- d-----w- C:\Program Files (x86)\iTunes

2012-05-14 09:03:44 -------- d-----w- C:\Program Files\Bonjour

2012-05-14 09:03:44 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-05-12 05:42:35 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-12 05:42:34 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-12 05:42:32 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-12 05:42:31 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-12 05:42:30 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-12 05:42:29 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-12 05:41:08 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-12 05:40:40 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-12 05:40:37 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-12 05:40:37 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-12 05:40:37 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-12 05:40:37 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-12 05:40:36 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-04 22:46:02 -------- d--h--w- C:\Users\inkodeR\AppData\Local\Ubisoft Game Launcher

2012-04-24 09:21:46 -------- d-----w- C:\ProgramData\DivX

.

==================== Find3M ====================

.

2012-05-22 22:41:48 25640 ----a-w- C:\Windows\gdrv.sys

2012-05-20 02:43:37 30528 ----a-w- C:\Windows\GVTDrv64.sys

2012-05-18 12:39:59 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-05-18 12:39:59 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-05-18 12:39:44 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-05-05 08:44:47 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 08:44:47 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-05 08:44:40 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-18 16:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-04-10 07:47:18 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2012-04-10 07:47:18 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll

2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe

2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll

2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll

2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll

2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll

2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-04-05 10:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-04-05 10:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-04-05 10:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-04-05 10:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-04-05 10:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-04-05 10:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll

2012-04-05 10:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-04-04 06:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-18 17:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-03-11 09:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2012-03-11 09:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2012-03-11 09:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2012-03-11 09:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll

2012-03-11 09:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll

2012-03-11 09:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll

2012-03-09 02:07:04 29184 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-03-09 02:06:14 24576 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 11:53:21.27 ===============

.

ATTACH.txt

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 19-Nov-10 10:16:59 PM

System Uptime: 23-May-12 10:41:14 AM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-890GPA-UD3H

Processor: AMD Phenom™ II X6 1090T Processor | Socket M2 | 3200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 80 GiB total, 15.928 GiB free.

Z: is FIXED (NTFS) - 851 GiB total, 692.174 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMASUS_DRW-22B2ST_________________________1.00____\5&71CDF3E&0&0.0.0

Manufacturer: (Standard CD-ROM drives)

Name: ASUS DRW-22B2ST ATA Device

PNP Device ID: IDE\CDROMASUS_DRW-22B2ST_________________________1.00____\5&71CDF3E&0&0.0.0

Service: cdrom

.

Class GUID:

Description:

Device ID: NUSB3\ROOT_HUB30\5&36E53261&1

Manufacturer:

Name:

PNP Device ID: NUSB3\ROOT_HUB30\5&36E53261&1

Service:

.

Class GUID: {4d36e980-e325-11ce-bfc1-08002be10318}

Description: Floppy disk drive

Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&160DDD18&0&0

Manufacturer: (Standard floppy disk drives)

Name: Floppy disk drive

PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&160DDD18&0&0

Service: flpydisk

.

==== System Restore Points ===================

.

RP570: 21-May-12 3:42:39 AM - Scheduled Checkpoint

RP571: 21-May-12 9:57:55 PM - Device Driver Package Install: COMODO Network Service

RP572: 22-May-12 6:23:07 PM - Removed Steam

RP573: 23-May-12 11:15:05 AM - Installed Steam

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

@BIOS

Adobe AIR

Adobe Community Help

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.1.3)

Advanced Web Ranking

AMD VISION Engine Control Center

Apple Application Support

Apple Software Update

AutoGreen B10.0517.1

Battlefield 3™

Battlelog Web Plugins

BulletStorm

Cashbook Complete

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Comodo Dragon

Crysis® 2

Digsby

Dropbox

Easy Tune 6 B10.0516.1

EasySaver B9.1214.1

ESET Online Scanner v3

ESN Sonar

Evernote v. 4.5.6

FileZilla Client 3.5.0

Gigabyte Raid Configurer

Google AdWords Editor

Google Update Helper

HijackThis 1.99.1

Java Auto Updater

Java™ 6 Update 31

Java™ 7 Update 4

JavaFX 2.1.0

Malwarebytes' Anti-Malware

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NEC Electronics USB 3.0 Host Controller Driver

NVIDIA PhysX

ON_OFF Charge B10.0427.1

Origin

PDF Settings CS5

PunkBuster Services

QuickTime

Realtek Ethernet Controller Driver

Realtek HDMI Audio Driver for ATI

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype™ 5.8

Spybot - Search & Destroy

Steam

Toggl Desktop 2.6.4.1

TweetDeck

Ubisoft Game Launcher

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Visual Studio 2008 x64 Redistributables

VLC media player 1.1.5

Yammer

.

==== Event Viewer Messages From Past Week ========

.

23-May-12 11:52:57 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.

23-May-12 11:17:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

23-May-12 11:17:44 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

23-May-12 10:42:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

23-May-12 10:42:03 AM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.

22-May-12 6:27:32 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

22-May-12 2:21:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

22-May-12 2:20:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

21-May-12 9:57:50 PM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

21-May-12 12:33:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

21-May-12 12:33:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

21-May-12 12:33:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

21-May-12 12:33:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

21-May-12 12:33:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger cdrom discache Soluto spldr Wanarpv6

21-May-12 12:31:55 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

21-May-12 12:28:43 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

21-May-12 12:27:33 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

21-May-12 12:27:33 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

21-May-12 12:27:33 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

21-May-12 12:27:33 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

21-May-12 12:26:04 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

21-May-12 12:26:04 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

21-May-12 12:26:04 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

21-May-12 12:26:04 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

21-May-12 12:26:04 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

21-May-12 12:26:04 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

21-May-12 12:26:04 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

21-May-12 12:26:04 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

21-May-12 12:26:04 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

21-May-12 12:26:04 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

21-May-12 1:56:22 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

21-May-12 1:48:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

21-May-12 1:12:02 AM, Error: Service Control Manager [7000] - The Soluto service failed to start due to the following error: A device attached to the system is not functioning.

21-May-12 1:11:39 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

21-May-12 1:11:09 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

21-May-12 1:11:09 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

21-May-12 1:10:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom Soluto

20-May-12 9:57:25 PM, Error: Service Control Manager [7000] - The BDSelfPr service failed to start due to the following error: The system cannot find the file specified.

20-May-12 9:57:25 PM, Error: Service Control Manager [7000] - The bdfm service failed to start due to the following error: Access is denied.

20-May-12 9:26:54 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

20-May-12 9:16:11 PM, Error: Service Control Manager [7031] - The Kaseya Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

20-May-12 8:30:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger cdrom discache spldr Wanarpv6

20-May-12 7:51:38 PM, Error: Service Control Manager [7034] - The AODService service terminated unexpectedly. It has done this 1 time(s).

20-May-12 7:44:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.

20-May-12 7:44:41 PM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

20-May-12 6:44:13 PM, Error: Service Control Manager [7030] - The AODService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

20-May-12 6:17:02 PM, Error: Service Control Manager [7034] - The Advanced Web Ranking Scheduler service terminated unexpectedly. It has done this 1 time(s).

20-May-12 12:56:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: ATI Technologies Inc. - Display - ATI Radeon HD 4290.

17-May-12 8:15:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035255d7, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051712-16551-01.

.

==== End Of File ===========================

Thanks

Elise · May 24, 2012

Hello and :welcome:

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

May 25, 2012

Hi - I get multiple error opening file for writing messages when it tries to install when it tries to extract

C:\32788R22FWJFW\AWF.cmd

May 25, 2012

ok got it to extract - now getting:

windows cannont find c"\combofix\cf21503.3xe make sure you typed the name correctly

same for:

NIRCMD

Elise · May 26, 2012

Please delete your current copy of combofix and download a new one. Do not run it yet, but reboot in Safe Mode first and try to run it from there.

To access Safe Mode, reboot your computer and tap F8 until the Advanced Boot Options menu comes up. Select Safe Mode and press enter.

May 26, 2012

ok done that - now getting:

ComboFix has detected the following real time scanners to be active

antivirus: avg anti-virus free editiion 2012

antispyware: avg anti-virus free editiion 2012

antispyare: Comodo defense+

Please disable these before clicking ok.

I'm in safemode and noting to disable in the system tray?

Elise · May 26, 2012

In that case just continue and ignore the warning.

May 27, 2012

Ok thanks will continue now. Also just FYI I've noticed some strange user security and file permissions on the PC.

May 27, 2012

F^%^ - I ran combofix as you suggested - left it running went and made a coffee. Came back and my computer was shutting down. It just stayed there with a blank screen forever. NOW it won't even boot to POST?!

May 27, 2012

Is this common? Or is it pure coincidence that some hardware has failure?

May 27, 2012

Also (when I first started noticing this last year when I think I got infected) I noticed a strange message on bootup - i didnt catch it all - only the word 'Propaganda'...

I've managed to get the PC booting. It's running Startup Repair at the moment. Wasn't sure whether to do that or restore to previous. Went with the startup repair so I can hopefully retrieve the combofix file.

May 27, 2012

Ok can only boot into safe mode now. Here is the combo fix file:

ComboFix 12-05-26.02 - inkodeR 27-May-12 16:54:41.1.6 - x64 NETWORK

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6933 [GMT 12:00]

Running from: c:\users\inkodeR\Desktop\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\ntuser.dat

c:\windows\SysWow64\muzapp.exe

Z:\install.exe

.

((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))

.

2012-05-27 05:01 . 2012-05-27 05:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-26 06:54 . 2012-05-26 06:54 -------- d-----w- c:\users\inkodeR\AppData\Local\ElevatedDiagnostics

2012-05-26 01:42 . 2012-05-26 01:42 -------- d-----w- c:\users\inkodeR\AppData\Roaming\tor

2012-05-24 02:06 . 2012-05-24 02:06 -------- d-----w- c:\program files (x86)\Yammer

2012-05-23 22:34 . 2012-05-23 22:34 -------- d-----w- C:\VritualRoot

2012-05-23 01:54 . 2012-05-23 01:54 -------- d-----w- c:\users\inkodeR\AppData\Roaming\tinySpell

2012-05-23 01:54 . 2012-05-23 01:54 -------- d-----w- c:\program files (x86)\tinySpell

2012-05-21 08:49 . 2012-05-22 23:42 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2012-05-20 13:33 . 2012-05-20 13:35 -------- d-----w- c:\users\inkodeR\AppData\Roaming\AVG

2012-05-20 13:23 . 2012-05-20 13:23 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-05-20 11:16 . 2012-05-20 11:16 -------- d-----w- C:\$AVG

2012-05-20 11:05 . 2012-05-26 22:18 -------- d-----w- c:\programdata\MFAData

2012-05-20 10:41 . 2012-05-23 03:38 -------- d-----w- c:\programdata\Comodo

2012-05-20 10:26 . 2012-05-20 13:14 -------- d-----w- c:\program files (x86)\NT Registry Optimizer

2012-05-20 10:23 . 2012-05-20 13:25 -------- d-----w- c:\program files\Soluto

2012-05-20 10:10 . 2012-05-20 10:10 -------- d-----w- c:\program files (x86)\CS Fire Monitor

2012-05-20 10:02 . 2012-05-20 10:02 81984 ----a-w- c:\windows\system32\bdod.bin

2012-05-20 09:36 . 2012-05-20 09:36 -------- d-----w- c:\users\inkodeR\AppData\Roaming\BitDefender

2012-05-20 09:36 . 2012-05-20 10:03 -------- d-----w- c:\program files\Common Files\BitDefender

2012-05-20 09:36 . 2012-05-20 09:41 -------- d-----w- c:\programdata\BitDefender

2012-05-20 09:36 . 2012-05-20 09:36 -------- d-----w- c:\program files\BitDefender

2012-05-20 09:35 . 2012-05-20 09:35 -------- d-----w- c:\program files (x86)\Common Files\BitDefender

2012-05-20 09:10 . 2012-05-20 09:10 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-20 07:45 . 2012-05-20 07:45 -------- d-----w- c:\programdata\ATI

2012-05-20 07:45 . 2012-05-20 07:45 -------- d-----w- c:\program files (x86)\AMD AVT

2012-05-20 07:45 . 2012-05-20 07:45 -------- d-----w- c:\program files (x86)\AMD APP

2012-05-20 07:45 . 2012-05-20 07:45 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-05-20 07:45 . 2012-05-20 07:45 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-05-20 07:44 . 2012-05-20 07:45 -------- d-----w- c:\program files\ATI Technologies

2012-05-20 07:38 . 2012-05-20 07:52 -------- d-----w- c:\users\inkodeR\AppData\Local\CrashDumps

2012-05-20 06:25 . 2012-05-20 06:25 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-05-20 06:25 . 2012-05-20 06:25 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-20 06:25 . 2012-05-20 06:25 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-05-20 06:03 . 2012-05-20 06:03 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-05-20 03:50 . 2012-05-20 03:50 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-05-20 03:50 . 2012-05-20 03:50 -------- d-----w- c:\program files (x86)\Oracle

2012-05-20 03:49 . 2012-04-04 06:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-05-20 03:30 . 2012-05-20 03:30 -------- d-----w- c:\program files (x86)\ESET

2012-05-20 03:11 . 2012-05-20 03:11 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll

2012-05-20 03:11 . 2012-05-20 03:11 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll

2012-05-19 04:35 . 2010-12-28 23:21 38352 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2012-05-19 04:34 . 2010-12-28 23:21 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-19 04:34 . 2012-05-19 04:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-19 02:52 . 2012-05-19 02:52 -------- d-----w- C:\ITTeam

2012-05-19 02:43 . 2012-05-22 23:33 -------- d-----w- c:\program files (x86)\Kaseya

2012-05-19 02:43 . 2011-08-23 22:00 135168 ----a-w- c:\windows\SysWow64\KaseyaSP.dll

2012-05-18 06:50 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB934017-FB8D-4C3A-83C8-9807029DFE97}\mpengine.dll

2012-05-17 08:21 . 2012-05-20 08:50 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys

2012-05-16 07:13 . 2012-05-16 07:13 -------- d-----w- c:\windows\SysWow64\xlive

2012-05-16 07:13 . 2012-05-16 07:13 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2012-05-14 09:05 . 2012-05-14 09:05 -------- d-----w- c:\program files\iTunes

2012-05-14 09:05 . 2012-05-14 09:05 -------- d-----w- c:\program files (x86)\iTunes

2012-05-14 09:05 . 2012-05-14 09:05 -------- d-----w- c:\program files\iPod

2012-05-14 09:03 . 2012-05-14 09:03 -------- d-----w- c:\program files\Bonjour

2012-05-14 09:03 . 2012-05-14 09:03 -------- d-----w- c:\program files (x86)\Bonjour

2012-05-13 05:02 . 2012-05-13 05:02 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-13 05:02 . 2012-05-13 05:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-12 05:42 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-12 05:42 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-12 05:42 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-12 05:42 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-12 05:42 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-12 05:42 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-12 05:41 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-12 05:40 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-12 05:40 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-12 05:40 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-12 05:40 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-12 05:40 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-12 05:40 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-04 22:46 . 2012-05-04 22:53 -------- d--h--w- c:\users\inkodeR\AppData\Local\Ubisoft Game Launcher

2012-05-04 15:40 . 2012-05-04 15:40 -------- d-----w- c:\programdata\Ubisoft

2012-05-04 15:39 . 2012-05-04 15:39 -------- d-----w- c:\program files (x86)\Ubisoft

2012-05-04 09:04 . 2012-05-04 09:04 -------- d-----w- c:\program files (x86)\Common Files\Skype

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-27 04:47 . 2011-05-08 22:36 25640 ----a-w- c:\windows\gdrv.sys

2012-05-20 02:43 . 2010-11-19 11:28 30528 ----a-w- c:\windows\GVTDrv64.sys

2012-05-18 12:39 . 2010-11-19 12:13 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-05-18 12:39 . 2010-11-19 12:12 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-05-18 12:39 . 2010-11-19 12:12 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-05-05 08:44 . 2012-04-08 23:16 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 08:44 . 2011-05-20 09:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 08:44 . 2012-04-08 23:44 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-18 16:50 . 2012-04-18 16:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-04-10 07:47 . 2012-04-10 07:47 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2012-04-10 07:47 . 2012-04-10 07:47 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-04-06 02:21 . 2012-02-15 03:18 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-04-06 02:20 . 2010-10-26 13:54 1067520 ----a-w- c:\windows\system32\aticfx64.dll

2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe

2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe

2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll

2012-04-06 02:00 . 2010-10-26 13:15 64000 ----a-w- c:\windows\system32\coinst.dll

2012-04-06 01:54 . 2010-10-26 13:38 7479296 ----a-w- c:\windows\system32\atidxx64.dll

2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll

2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll

2012-04-06 01:34 . 2012-03-09 04:23 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll

2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll

2012-04-06 01:22 . 2012-03-09 04:23 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-04-06 01:11 . 2012-02-15 02:14 514560 ----a-w- c:\windows\system32\atiadlxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-04-06 01:09 . 2011-10-26 01:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll

2012-04-06 01:09 . 2011-10-26 01:20 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-04-05 10:34 . 2012-04-05 10:34 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-04-05 10:34 . 2012-04-05 10:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-04-05 10:34 . 2012-04-05 10:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-04-05 10:33 . 2012-04-05 10:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-04-05 10:33 . 2012-04-05 10:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-04-05 10:33 . 2012-04-05 10:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll

2012-04-05 10:32 . 2012-04-05 10:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-04-04 06:47 . 2010-11-19 09:46 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-18 17:17 . 2012-03-18 17:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-03-11 09:13 . 2012-03-11 09:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2012-03-11 09:13 . 2012-03-11 09:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-03-11 09:13 . 2012-03-11 09:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-03-11 09:13 . 2012-03-11 09:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll

2012-03-11 09:13 . 2012-03-11 09:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll

2012-03-11 09:13 . 2012-03-11 09:13 389840 ----a-w- c:\windows\system32\guard64.dll

2012-03-09 06:48 . 2012-03-09 06:48 576536 ---ha-w- c:\users\inkodeR\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe

2012-03-09 02:07 . 2012-03-09 02:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-03-09 02:06 . 2012-03-09 02:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2012-03-07 01:15 . 2011-12-30 00:07 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-01 06:46 . 2012-04-12 10:04 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-12 10:03 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-12 10:04 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-12 10:03 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-12 10:03 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-12 10:04 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-12 10:03 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-12 10:08 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-12 10:08 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-12 10:08 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-12 10:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-12 10:08 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-12 10:08 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 10:08 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-12 10:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-05-20 13:23 2067328 ----a-w- c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-20 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ---ha-w- c:\users\inkodeR\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ---ha-w- c:\users\inkodeR\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ---ha-w- c:\users\inkodeR\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ---ha-w- c:\users\inkodeR\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-04 1811800]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-28 443728]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-16 252296]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-05-20 1116544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisplayLastLogonInfo"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]

R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-29 5106744]

R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-13 193288]

R2 AWRScheduler;Advanced Web Ranking Scheduler;z:\seo\Caphyon\Advanced Web Ranking\Scheduler.exe [2011-09-29 119904]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 136176]

R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-28 363856]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-28 158856]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-05-20 932736]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2010-03-11 52280]

R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]

R3 BlackBox;BlackBox SR2; [x]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-30 25640]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 136176]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-05-20 30528]

R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.SYS [x]

R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [x]

R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-20 129976]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 08:44]

.

2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3834514231-3379799334-224701663-1001Core.job

- c:\users\inkodeR\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 05:10]

.

2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3834514231-3379799334-224701663-1001UA.job

- c:\users\inkodeR\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 05:10]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ---ha-w- c:\users\inkodeR\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ---ha-w- c:\users\inkodeR\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ---ha-w- c:\users\inkodeR\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ---ha-w- c:\users\inkodeR\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll

TCP: DhcpNameServer = 10.1.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

FF - ProfilePath - c:\users\inkodeR\AppData\Roaming\Mozilla\Firefox\Profiles\vljdodp4.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.co.nz

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd51a8729-3a27-4613-b704-68a8c980a03b%7D&mid=9376e7b6947447d0b351cd262377a87a-14ce6f5d77707746194d7e5735a9581ea0f44cd5&ds=AVG&v=11.0.0.9〈=en&pr=fr&d=2012-05-21%2001%3A23%3A48&sap=ku&q=

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-KAITTMHL90641826993510

SafeBoot-SolutoService

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3834514231-3379799334-224701663-1001\Software\SecuROM\License information*]

"datasecu"=hex:9c,49,ea,6d,81,c9,d7,00,51,ee,23,ca,0d,b7,25,d4,18,04,94,d4,a4,

60,16,f5,91,2e,0f,fe,5d,2b,e6,a1,65,99,2f,a0,e1,94,e2,cb,06,76,c2,a8,bf,e4,\

"rkeysecu"=hex:d3,36,f3,bf,49,0d,04,08,35,30,2b,25,68,38,6c,97

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-27 18:38:42 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-27 06:38

.

Pre-Run: 14,743,625,728 bytes free

Post-Run: 14,313,607,168 bytes free

.

- - End Of File - - CE7E76F3A3185197F3135F6A2317C53B

Elise · May 27, 2012

POST is purely a hardware check; if the computer does not pass it, the cause is always a hardware problem, not something that combofix can possibly cause.

What happens at this point when you boot in normal mode?

May 27, 2012

Ok cool figured as much . Back in normal mode now. What would you like me to do next?

Elise · May 27, 2012

Please let me know how things are running at this point and what problems you are still experiencing.

May 27, 2012

Besides it reindexing everything - nothing seems bad expect for the security permissions. For example I can open some of my own folders. Yet I'm the admin and only user of this PC?

Elise · May 27, 2012

Which folders is this about and what exactly is the error message you get (note that in windows 7 you have no admin permissions for example for the application data folder, this is done for security reasons).

May 27, 2012

Actually I found the file I was looking for so don't worry about that. So nothing nasty left in the scans?

Elise · May 27, 2012

Everything looks good, but lets just do one last scan to be sure.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the
  icon on your desktop.
4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:
  - Scan potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

May 28, 2012

C:\Documents and Settings\inkodeR\Desktop\Downloads\cnet2_12-4_vista_win7_64_dd_ccc_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Documents and Settings\inkodeR\Local Settings\Temp\ICReinstall\cnet2_12-4_vista_win7_64_dd_ccc_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

All good boss?

Elise · May 28, 2012

Yes, all looks good.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

Delete the tools used during the disinfection:
- Press windows key + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.
- This will remove Combofix and other tools we used from your computer.
[*]You can delete any other tool or log by simply deleting them.

Please read the following advice on how to prevent reinfecting your PC:

Install and update the following programs regularly:
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
  A comprehensive tutorial and a list of possible firewalls can be found here.
- an AntiVirus Software
  It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
- an Anti-Spyware program
  Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
  SUPERAntiSpyware is another good scanner with high detection and removal rates.
  Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
- Spyware Blaster
  A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Miekies' prevention suggestions
So How did I get infected?
Microsoft - 'Security at home'
Calendar of Updates: See which updates have been released.
How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

May 29, 2012

Thank you so much Elise - you guys rock!!! Really appreciate your time

Elise · May 29, 2012

You are most welcome!

I will request this topic to be closed.

LDTate · May 29, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Oh Hai

Recommended Posts

Guest aidanR

Link to post

Share on other sites

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Link to post

Share on other sites

Guest aidanR

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information