Security Shield Help Please.

[jahjaylee]

ComboFix 12-06-04.02 - Jay Lee 06/04/2012 21:56:48.4.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2879 [GMT -4:00]

Running from: c:\users\Jay Lee\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))

.

.

2071-07-25 13:13 . 2006-11-22 00:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2012-06-05 02:30 . 2012-06-05 02:30 -------- d-----w- C:\found.000

2012-06-05 02:06 . 2012-06-05 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-04 23:16 . 2012-06-05 00:57 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Mumble

2012-06-04 23:16 . 2012-06-04 23:16 -------- d-----w- c:\program files (x86)\Mumble

2012-06-03 22:33 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BB305EC-3C06-460E-A6D6-4242B196E608}\mpengine.dll

2012-05-31 22:27 . 2012-05-31 22:27 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\LolClient2

2012-05-24 23:51 . 2012-05-24 23:51 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Malwarebytes

2012-05-24 23:47 . 2012-05-24 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-24 23:47 . 2012-05-24 23:47 -------- d-----w- c:\programdata\Malwarebytes

2012-05-24 23:47 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A58CEF-A548-11E1-8270-B8AC6F996F26}

2012-05-24 02:28 . 2012-05-24 02:28 -------- d-----w- c:\users\Jay Lee\AppData\Local\{27A55A5A-A548-11E1-8270-B8AC6F996F26}

2012-05-16 04:44 . 2012-05-31 21:56 -------- d-----w- c:\program files (x86)\Diablo III

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\programdata\AMD

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD AVT

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\AMD APP

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-05-16 04:00 . 2012-05-16 04:00 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-05-16 03:50 . 2012-05-16 03:51 -------- d-----w- c:\programdata\DriverGenius

2012-05-16 00:49 . 2012-05-16 07:37 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment

2012-05-16 00:36 . 2012-05-16 00:37 -------- d-----w- c:\programdata\Battle.net

2012-05-14 07:18 . 2012-05-14 07:18 -------- d-----w- c:\users\Jay Lee\AppData\Roaming\Trine2

2012-05-10 06:55 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll

2012-05-10 06:55 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-05-10 06:55 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2012-05-10 06:55 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll

2012-05-10 06:55 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-05-10 06:55 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-10 06:55 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2012-05-10 06:55 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-05-10 06:55 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2012-05-10 06:55 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2012-05-10 06:54 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-10 06:54 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-10 06:54 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-10 06:54 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys

2012-05-10 06:54 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-10 06:54 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-10 06:54 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-10 06:54 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 06:54 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 06:54 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-10 06:54 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-06 05:34 . 2012-04-06 05:34 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-04-06 05:34 . 2012-04-06 05:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-04-06 05:34 . 2012-04-06 05:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-04-06 05:33 . 2012-04-06 05:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-04-06 05:33 . 2012-04-06 05:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-04-06 05:33 . 2012-04-06 05:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll

2012-04-06 05:32 . 2012-04-06 05:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-04-06 05:32 . 2012-04-06 05:32 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-04-06 05:32 . 2012-04-06 05:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll

2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll

2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll

2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll

2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-04-05 19:13 . 2012-04-05 19:13 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-05 19:13 . 2011-06-25 08:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 21:07 . 2012-03-09 21:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-03-09 21:06 . 2012-03-09 21:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2012-03-07 09:04 . 2012-03-07 09:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-07 09:04 . 2012-03-07 09:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-07 09:04 . 2012-03-07 09:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-03-07 09:04 . 2012-03-07 09:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-03-07 09:04 . 2012-03-07 09:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-03-07 09:04 . 2012-03-07 09:04 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-03-07 09:04 . 2012-03-07 09:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-03-07 09:04 . 2012-03-07 09:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-03-07 09:04 . 2012-03-07 09:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-07 09:04 . 2012-03-07 09:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-03-07 09:04 . 2012-03-07 09:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-03-07 09:04 . 2012-03-07 09:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-03-07 09:04 . 2012-03-07 09:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-03-07 09:04 . 2012-03-07 09:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-03-07 09:04 . 2012-03-07 09:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-03-07 09:04 . 2012-03-07 09:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-07 09:04 . 2012-03-07 09:04 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-03-07 09:04 . 2012-03-07 09:04 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-03-07 09:04 . 2012-03-07 09:04 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-03-07 09:04 . 2012-03-07 09:04 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-03-07 09:04 . 2012-03-07 09:04 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-07 09:04 . 2012-03-07 09:04 448512 ----a-w- c:\windows\system32\html.iec

2012-03-07 09:04 . 2012-03-07 09:04 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-07 09:04 . 2012-03-07 09:04 222208 ----a-w- c:\windows\system32\msls31.dll

2012-03-07 09:04 . 2012-03-07 09:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-07 09:04 . 2012-03-07 09:04 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-03-07 09:04 . 2012-03-07 09:04 160256 ----a-w- c:\windows\system32\wextract.exe

2012-03-07 09:04 . 2012-03-07 09:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-07 09:04 . 2012-03-07 09:04 12288 ----a-w- c:\windows\system32\mshta.exe

2012-03-07 09:04 . 2012-03-07 09:04 114176 ----a-w- c:\windows\system32\admparse.dll

2012-03-07 09:04 . 2012-03-07 09:04 111616 ----a-w- c:\windows\system32\iesysprep.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-29_21.26.02 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-05-29 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-06-05 02:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-29 21:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-05 02:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-29 21:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-05 02:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-06 20:24 . 2012-06-05 02:38 37644 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-05 02:38 38396 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-01-07 21:17 . 2012-06-05 02:38 16808 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2937579301-1935991548-1390105095-1000_UserData.bin

- 2011-01-06 20:25 . 2012-05-17 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-06 20:25 . 2012-05-29 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-06 20:25 . 2012-05-29 22:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-01-06 20:25 . 2012-05-17 04:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-17 04:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-29 22:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-05-29 21:24 . 2012-05-29 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-05 02:36 . 2012-06-05 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-05 02:36 . 2012-06-05 02:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-29 21:24 . 2012-05-29 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-03-18 13:15 . 2010-03-18 13:15 770384 c:\windows\SysWOW64\msvcr100.dll

- 2011-06-11 06:58 . 2011-06-11 06:58 421200 c:\windows\SysWOW64\msvcp100.dll

+ 2010-03-18 13:15 . 2010-03-18 13:15 421200 c:\windows\SysWOW64\msvcp100.dll

+ 2011-01-07 14:22 . 2012-06-04 01:40 310878 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-01-07 02:58 . 2012-05-31 06:36 322116 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-05-29 21:07 660530 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-04 21:44 660530 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-05-29 21:07 121426 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-06-04 21:44 121426 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-05-29 21:23 254628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-05 02:07 254628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-01-11 00:32 . 2012-06-05 02:07 5408296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2937579301-1935991548-1390105095-1000-8192.dat

- 2011-01-11 00:32 . 2012-05-29 21:23 5408296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2937579301-1935991548-1390105095-1000-8192.dat

+ 2009-07-14 02:34 . 2012-06-04 21:54 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2012-05-29 21:23 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2012-06-04 23:14 . 2012-06-04 23:14 17904640 c:\windows\Installer\5a5bdc.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [x]

R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 07:40]

.

2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:13]

.

2012-06-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job

- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]

.

2012-06-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job

- c:\users\Jay Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-12 04:18]

.

2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000Core.job

- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]

.

2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2937579301-1935991548-1390105095-1000UA.job

- c:\users\Jay Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 01:42]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Jay Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = my.daemon-search.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{D50D39E0-253B-4CF2-8E66-59204F2EE0B8}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Jay Lee\AppData\Roaming\Mozilla\Firefox\Profiles\ibc9ucvw.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2012-06-04 22:43:39 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-05 02:43

ComboFix2.txt 2012-06-01 00:44

ComboFix3.txt 2012-05-31 02:03

ComboFix4.txt 2012-05-29 21:31

.

Pre-Run: 21,320,785,920 bytes free

Post-Run: 20,794,404,864 bytes free

.

- - End Of File - - C50594E54D57D40E532569094A4D8D26

[D-FRED-BROWN]

My apologies for the delay.

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::

c:\users\Jay Lee\AppData\Local\{27A55A5A-A548-11E1-8270-B8AC6F996F26}

c:\users\Jay Lee\AppData\Local\{27A58CEF-A548-11E1-8270-B8AC6F996F26}

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

[jahjaylee]

Computer slowing down significantly. I'm having trouble even running combo fix. I've started in safe mode to run it

[D-FRED-BROWN]

See if you can get me the ComboFix report. If not, post back here and we'll go about a different method.

[jahjaylee]

Combofix has run and is trying to form the log report but I don't know if it is gonna be able to make the report

[jahjaylee]

Any Idea where the combofix logs are saved? It finished the Combofix run and the log opened but my computer froze as I tried to open firefox.

Also there is a found.000 file in my /c directory. I know this isnt malware but due to other issues with my computer just thought I should let you know. I am annoyed cause this really wasn't a huge deal until today. Prior to this my computer ran fine but just had annoying redirections when i tried to use google. Getting a little desperate now, I'll try and get you that combofix log.

[jahjaylee]

Can't find the combofix log. Any thoughts?

[D-FRED-BROWN]

Try running it another time in Safe Mode. Keep me posted.

[jahjaylee]

I think its kicked the bucket. Can't even start into safe mode anymore. I get a blue screen error on start and it instantly restarts. Trying to run a windows auto repair but so far it seems just to be idling. Pretty sure its gone but you got any more thoughts?

[D-FRED-BROWN]

Can you access the System Recovery options? See if you can perform a Systen Restore:

http://www.sevenforums.com/tutorials/700-system-restore.html

[jahjaylee]

goes straight to a start up repair window prior to launch and give me two options, either launch startup repair or start the computer. If i start the computer, it will not let me boot into safe mode, if I pick startup repair, nothing happens and it just idles.

[jahjaylee]

Is there anyway to avoid the startup repair and try and boot into safe mode?

[jahjaylee]

Best I can do at this point is get up to the setup utility page.

[jahjaylee]

I take that back I got to the advanced boot options page safe mode does not work

[jahjaylee]

Repair your Computer page shows up blank even after sitting for two hours. Safe mode does nt work .Last Known Good Configuration did not work. Any options left?

[D-FRED-BROWN]

Let's give this a shot:

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.
  

On the System Recovery Options menu you will get the following options:

• 
  
  • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    

  [*]Select Command Prompt

  [*]In the command window type in notepad and press Enter.

  [*]The notepad opens. Under File menu select Open.

  [*]Select "Computer" and find your flash drive letter and close the notepad.

  [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

  Note: Replace letter e with the drive letter of your flash drive.

  [*]The tool will start to run.

  [*]When the tool opens click Yes to disclaimer.

  [*]Press Scan button.

  [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[jahjaylee]

I'm at work, but is there anyway to do this without using system recovery? The repair your Computer page shows up blank. There are no options just a some background.

[D-FRED-BROWN]

I suspect the reason your computer chocked is because ComboFix accidentally deleted a critical system file. We'll attempt to recover that and restore your computer to a working state.

Please do the following. You will need a USB drive with no less than 64 mb of space.

• Insert your USB drive.
  
• Press Start > My Computer > right click your USB drive > choose Format > Quick format
  
• Download xPUD 0.9.2 iso, saving the file to your Desktop.
  
• Download UNetbootin and save it to your Desktop as well.
  
• Double click the unetbootin-windows-latest.exe that you just downloaded.
  
• Select the DiskImage option then click the browse button located on the right side of the textbox field.
  
• Browse to and select the xpud-0.9.2.iso file you downloaded
  
• Verify the correct drive letter is selected for your USB device then click OK
  
• It will write files to your USB device and make it bootable
  
• Once the files have been written to the device you will be prompted to reboot ~ do NOT reboot and instead just Exit the UNetbootin interface
  
• Next, download dumpit and save it to the same flash drive where you installed xPUD.
  
• Remove the USB and insert it in the ailing computer
  
• Power on the computer and press F12 then choose to boot from the USB
  
• After selecting a language and readying the system, a Welcome to xPUD screen will appear
  
• Click the File tab
  
• Expand mnt by clicking the plus sign to it's left
  
• sda1,2...usually corresponds to your HDD
  
• sdb1 is likely your USB
  
• Double click dumpit.
  
• It will create some MBR copies on the USB drive.
  
• When it completes press Enter to exit the Terminal window.
  
• Remove the USB drive, then locate on it an mbr.zip file, and upload that here as an attachment please.
  

mbr.zip should be created on your flash drive, please attach it to your next reply.

[jahjaylee]

--------------. Ok, I'll try this as soon as possible.

Profanity removed -screen317

Edited June 14, 2012 by screen317
Profanity

[D-FRED-BROWN]

Please keep in mind this is a family forum. Foul language is not appreciated.

Let me know how things go. If you need any help, I'm here to assist you.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[jahjaylee]

Hey Sorry. I've been swamped with work. I'm gonna try this out tonight and I'll get back to you. Sorry about the silence.

[jahjaylee]

Is this the correct dumpit?

http://www.downloadcrew.com/article/23854-dumpit

[D-FRED-BROWN]

The correct link is in my post along with the xPUD instructions.

[jahjaylee]

for me that just shows up as a txt file. Is that what it should be?