computer desktop icons moved, cpu usage high

codee7777 · July 14, 2012

DDS

_______________________________________________________________________________

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by CoDee at 12:31:04 on 2012-07-14

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4029.2624 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com/?l=dis&o=15486

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [AdobeBridge]

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"

mRun: [Conime] %windir%\system32\conime.exe

mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8A6C91B0-9854-423E-9F81-B8044F5E4CBD} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8A6C91B0-9854-423E-9F81-B8044F5E4CBD}\B4E696768647 : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76 192.168.2.1

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO-X64: StartNow Toolbar Helper - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

BHO-X64: uTorrentBar - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB-X64: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"

mRun-x64: [Conime] %windir%\system32\conime.exe

mRun-x64: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [(Default)]

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\CoDee\AppData\Roaming\Mozilla\Firefox\Profiles\j1avgjq7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15486

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-7 44808]

R2 AxiomAudioDevMon;Axiom Audio Device Monitor;C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe [2010-2-19 1632776]

R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys --> C:\Windows\system32\DRIVERS\diginet.sys [?]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-11 655944]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-3 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250056]

S3 AXIOM;Service for M-Audio Axiom;C:\Windows\system32\DRIVERS\MAudioAxiom.sys --> C:\Windows\system32\DRIVERS\MAudioAxiom.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-3 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-12 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-14 04:46:56 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{144E3583-1C98-4935-97B8-72F15B4DE5A8}\mpengine.dll

2012-07-13 20:22:29 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-07-13 20:08:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-07-13 20:08:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2012-07-13 20:08:57 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll

2012-07-13 20:08:57 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll

2012-07-13 02:39:14 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2F534DF8-152C-4F80-A70D-15BFA6D01921}\gapaengine.dll

2012-07-13 02:39:04 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-13 02:30:46 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-07-13 02:30:17 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-07-13 02:29:28 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-07-12 03:57:12 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-12 03:57:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-12 03:43:00 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-12 03:41:31 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EFFFEB31-D328-48EC-B815-E67818ACF4FF}\mpengine.dll

2012-07-07 23:34:00 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-07-06 21:16:48 -------- d-----w- C:\Users\CoDee\AppData\Roaming\Antares

2012-07-06 01:16:45 303616 ----a-w- C:\Windows\IsUninst.exe

2012-07-06 01:11:26 -------- d-----w- C:\Program Files (x86)\US122_Install

2012-07-05 16:47:33 -------- d-----w- C:\Windows\System32\SPReview

2012-07-05 16:44:49 -------- d-----w- C:\Windows\System32\EventProviders

2012-07-04 03:40:34 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-07-04 03:40:34 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-28 23:03:22 -------- d-----w- C:\Users\CoDee\AppData\Roaming\iZotope

2012-06-23 19:19:07 -------- d-----w- C:\Users\CoDee\AppData\Local\Macromedia

2012-06-22 14:21:49 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 14:21:14 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-22 14:20:51 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-22 14:20:51 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 22:13:34 -------- d-----w- C:\Program Files (x86)\IK Multimedia

2012-06-21 22:00:00 -------- d-----w- C:\Program Files (x86)\iZotope

2012-06-21 21:59:28 -------- d-----w- C:\Program Files\Common Files\VST3

2012-06-19 01:08:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-19 01:08:59 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-19 01:08:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

==================== Find3M ====================

.

2012-07-12 04:45:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 04:45:36 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr

2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-23 06:53:39 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-10-23 19:04:12 27306624 ----a-w- C:\Program Files (x86)\RunSanDiskSecureAccess_Win.exe

2010-08-16 23:00:58 105472 ----a-w- C:\Program Files (x86)\RunClubSanDisk.exe

2010-07-06 00:11:02 397984 ----a-w- C:\Program Files (x86)\WidgetLib.dll

2010-07-06 00:11:00 606368 ----a-w- C:\Program Files (x86)\GUILib.dll

2010-07-06 00:11:00 267936 ----a-w- C:\Program Files (x86)\FileLib.dll

2010-07-06 00:11:00 189600 ----a-w- C:\Program Files (x86)\PixelLib.dll

2010-07-06 00:11:00 163488 ----a-w- C:\Program Files (x86)\AIFFLib.dll

2010-07-06 00:11:00 156320 ----a-w- C:\Program Files (x86)\WAVELib.dll

2010-07-06 00:11:00 154784 ----a-w- C:\Program Files (x86)\JPEGLib.dll

2010-07-06 00:10:58 23010976 ----a-w- C:\Program Files (x86)\Reason.exe

2010-07-06 00:10:56 3055264 ----a-w- C:\Program Files (x86)\Reason Engine.dll

2010-07-06 00:10:56 236192 ----a-w- C:\Program Files (x86)\TIFFLib.dll

2010-07-06 00:10:56 204448 ----a-w- C:\Program Files (x86)\MIDILib.dll

2010-07-06 00:10:56 180896 ----a-w- C:\Program Files (x86)\PNGLib.dll

2010-07-06 00:10:56 1328288 ----a-w- C:\Program Files (x86)\Remote.dll

2010-07-06 00:10:54 380576 ----a-w- C:\Program Files (x86)\AudioCardLib.dll

.

============= FINISH: 12:34:34.58 ===============

Maniac · July 14, 2012

Hello codee7777! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Where is the content of Attach.txt?

codee7777 · July 15, 2012

hi, thanks for the help. i am a customer but ill just take your guidence.

heres the attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: A\Device\HarddiskVolume2

Install Date: 11/2/2011 11:00:29 PM

System Uptime: 7/14/2012 12:20:22 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0D176M

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | U2E1 | 2200/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 21.367 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Audition 3.0

Adobe Community Help

Adobe Content Viewer

Adobe Creative Suite 5.5 Master Collection

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Story

Adobe Widget Browser

AdobeColorCommonSetRGB

aioscnnr

Apple Application Support

Apple Software Update

ASIO4ALL

avast! Free Antivirus

AVS Audio Converter version 6.1

C4USelfUpdater

center

Driver Detective

Enigma

essentials

FL Studio 10

Free DigiRack Plug-Ins 8.0

Google Toolbar for Internet Explorer

Google Update Helper

IL Download Manager

ISO Image Burner 1.1

ISODisk 1.1

Java Auto Updater

Java™ 6 Update 31

K-Lite Codec Pack 8.1.0 (Basic)

KODAK AiO Software

ksDIP

M-Audio Axiom DirectLink for Reason 1.0.0 (x86)

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Native Instruments Absynth 4

Notepad++

ocr

PCM Native Reverb VST Plug-in

PDF Settings CS5

PreReq

PreSonus Studio One

PSP VintageMeter 32bit

PSP VintageWarmer 2.0.0

PxMergeModule

QuickTime

ReCycle 2.1.2

ReCycle v2.1

RICOH Media Driver ver.2.07.01.04

Rob Papen Albino 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Sonnox Oxford R3 EQ PowerCore VST v1.6.1

SoundToys Native Effects VST RTAS v3.1.2

StartNow Toolbar

Super Winspy v4.0

T-RackS 3 Deluxe

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

uTorrentBar Toolbar

Visual Studio 2008 x64 Redistributables

VLC

VLC media player 1.1.5

Waves API Collection

Waves Diamond Bundle v5.0

Waves Diamond Bundle v5.2

Waves GTR 3

Waves IRx v5.2

Waves L3 v5.2

Waves Mercury Bundle

Waves Q-Clone v5.2

Waves Restoration 3.6

Waves SSL Collection v1.2

Waves Vocal Bundle v1.1

Waves Znoise v1.0

Windows Movie Maker 2.6

.

==== Event Viewer Messages From Past Week ========

.

7/8/2012 2:30:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

7/8/2012 2:30:59 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/7/2012 4:01:43 PM, Error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).

7/14/2012 8:57:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Update for Windows 7 for x64-based Systems (KB2679255).

7/14/2012 12:22:00 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

7/14/2012 12:21:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ISODisk

7/14/2012 12:21:18 PM, Error: Service Control Manager [7000] - The Digidesign MME Refresh Service service failed to start due to the following error: The system cannot find the file specified.

7/14/2012 12:20:30 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ISODisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/14/2012 12:15:42 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

7/14/2012 10:38:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

7/14/2012 10:37:03 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

7/13/2012 5:35:26 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

7/13/2012 5:35:21 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Updater Service for StartNow Toolbar service to connect.

7/13/2012 12:52:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.

7/13/2012 12:51:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

7/12/2012 7:27:41 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/12/2012 7:27:41 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/12/2012 7:27:41 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

7/12/2012 7:27:41 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/12/2012 7:27:41 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/12/2012 7:27:41 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

7/12/2012 10:49:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

7/11/2012 9:31:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.

7/11/2012 9:30:15 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

Maniac · July 15, 2012

Step 1

Please uninstall the following applications:

µTorrent

StartNow Toolbar

uTorrentBar Toolbar

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
aswMBR log

codee7777 · July 15, 2012

items deleted, heres the logs. PS (i have avast as my virus protection, should i disable it when following these actions.)

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.15.08

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

CoDee :: CODEE-PC [administrator]

Protection: Enabled

7/15/2012 8:39:07 AM

mbam-log-2012-07-15 (08-39-07).txt

Scan type: Quick scan

Scan options enabled: File System | PUP | PUM

Objects scanned: 9690

Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

___________________________________________________________________________________________

Run date: 2012-07-15 08:48:04

-----------------------------

08:48:04.829 OS Version: Windows x64 6.1.7600

08:48:04.830 Number of processors: 2 586 0x170A

08:48:04.831 ComputerName: CODEE-PC UserName: CoDee

08:48:08.422 Initialize success

08:48:10.634 AVAST engine defs: 12071500

08:48:40.816 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

08:48:40.821 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 11

08:48:40.843 Disk 0 MBR read successfully

08:48:40.848 Disk 0 MBR scan

08:48:40.856 Disk 0 Windows 7 default MBR code

08:48:40.862 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

08:48:40.874 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325

08:48:40.895 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325

08:48:40.946 Disk 0 scanning C:\Windows\system32\drivers

08:48:56.745 Service scanning

08:49:19.414 Modules scanning

08:49:19.432 Disk 0 trace - called modules:

08:49:19.497 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

08:49:19.510 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c38060]

08:49:19.522 3 CLASSPNP.SYS[fffff8800192643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046c1060]

08:49:20.517 AVAST engine scan C:\Windows

08:49:22.741 AVAST engine scan C:\Windows\system32

08:53:27.600 AVAST engine scan C:\Windows\system32\drivers

08:53:41.398 AVAST engine scan C:\Users\CoDee

08:54:40.528 Disk 0 MBR has been saved successfully to "C:\Users\CoDee\Desktop\MBR.dat"

08:54:40.544 The log file has been saved successfully to "C:\Users\CoDee\Desktop\aswMBR.txt"

Maniac · July 16, 2012

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

codee7777 · July 19, 2012

it deleted my recycle program for some reason? it dosent look like it deleted my files though, atleast i hope because they are very important.

thanks for your help btw

______________________________________________________________________________

ComboFix 12-07-18.04 - CoDee 07/18/2012 19:09:42.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4029.2618 [GMT -7:00]

Running from: c:\users\CoDee\Desktop\12345.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Propellerhead Software\ReCycle

c:\programdata\Propellerhead Software\ReCycle\ReCycle210.dat

c:\programdata\Propellerhead Software\ReCycle\ReCycle212.dat

c:\users\CoDee\AppData\Roaming\Propellerhead Software\ReCycle

c:\users\CoDee\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle Preferences File.prf

.

((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))

.

2012-07-19 02:25 . 2012-07-19 02:25 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0B1E7BB-94FC-428E-BB2A-C31DF6C33043}\offreg.dll

2012-07-18 03:37 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0B1E7BB-94FC-428E-BB2A-C31DF6C33043}\mpengine.dll

2012-07-15 14:53 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-13 20:22 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-07-13 20:08 . 2012-06-02 12:00 818688 ----a-w- c:\windows\system32\jscript.dll

2012-07-13 20:08 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-07-13 20:08 . 2012-06-02 12:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-07-13 20:08 . 2012-06-02 08:27 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-07-13 20:08 . 2012-06-02 08:26 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll

2012-07-13 20:08 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-07-13 20:08 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-07-13 02:39 . 2012-07-13 02:38 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F534DF8-152C-4F80-A70D-15BFA6D01921}\gapaengine.dll

2012-07-13 02:30 . 2012-07-13 02:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-07-13 02:30 . 2012-07-13 02:31 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-13 02:29 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2012-07-12 03:57 . 2012-07-12 03:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-12 03:57 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-12 03:43 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll

2012-07-12 03:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFFFEB31-D328-48EC-B815-E67818ACF4FF}\mpengine.dll

2012-07-07 23:34 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-07-06 21:16 . 2012-07-06 21:16 -------- d-----w- c:\users\CoDee\AppData\Roaming\Antares

2012-07-06 14:37 . 2012-07-13 20:13 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-06 01:16 . 1997-11-19 22:49 303616 ----a-w- c:\windows\IsUninst.exe

2012-07-06 01:11 . 2012-07-06 19:48 -------- d-----w- c:\program files (x86)\US122_Install

2012-07-05 16:47 . 2012-07-05 16:47 -------- d-----w- c:\windows\system32\SPReview

2012-07-05 16:44 . 2012-07-05 16:44 -------- d-----w- c:\windows\system32\EventProviders

2012-07-04 03:40 . 2012-07-04 03:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-07-04 03:40 . 2012-07-04 03:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-28 23:03 . 2012-06-28 23:08 -------- d-----w- c:\users\CoDee\AppData\Roaming\iZotope

2012-06-23 19:19 . 2012-06-23 19:19 -------- d-----w- c:\users\CoDee\AppData\Local\Macromedia

2012-06-22 14:21 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 14:21 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 14:21 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 14:21 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 14:21 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-22 14:21 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 14:21 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 14:20 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 14:20 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 22:13 . 2012-06-21 22:13 -------- d-----w- c:\program files (x86)\IK Multimedia

2012-06-21 22:13 . 2012-06-21 22:13 -------- d-----w- c:\users\CoDee\AppData\Roaming\InstallShield

2012-06-21 22:00 . 2012-06-21 22:00 -------- d-----w- c:\program files (x86)\iZotope

2012-06-21 21:59 . 2012-06-21 21:59 -------- d-----w- c:\program files\Common Files\VST3

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 04:45 . 2012-04-03 00:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 04:45 . 2011-11-03 18:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 16:21 . 2012-01-29 22:22 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2012-01-29 22:22 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2012-01-29 22:22 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2012-01-29 22:22 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-03 16:21 . 2012-01-29 22:22 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2012-01-29 22:21 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2012-01-29 22:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-07-03 16:21 . 2012-01-29 22:22 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-05-04 10:52 . 2012-06-19 01:09 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:08 . 2012-06-19 01:09 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08 . 2012-06-19 01:09 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32 . 2012-06-19 01:09 208896 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:50 . 2012-06-19 01:09 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:34 . 2012-06-19 01:09 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:34 . 2012-06-19 01:09 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:28 . 2012-06-19 01:09 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:59 . 2012-06-19 01:09 182272 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:59 . 2012-06-19 01:09 1460224 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 05:59 . 2012-06-19 01:08 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 04:47 . 2012-06-19 01:08 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:47 . 2012-06-19 01:08 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-04-24 04:47 . 2012-06-19 01:09 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-23 06:53 . 2012-04-23 06:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-10-23 19:04 . 2011-11-03 18:13 27306624 ----a-w- c:\program files (x86)\RunSanDiskSecureAccess_Win.exe

2010-08-16 23:00 . 2011-11-03 18:13 105472 ----a-w- c:\program files (x86)\RunClubSanDisk.exe

2010-07-06 00:11 . 2011-11-03 18:13 397984 ----a-w- c:\program files (x86)\WidgetLib.dll

2010-07-06 00:11 . 2011-11-03 18:13 156320 ----a-w- c:\program files (x86)\WAVELib.dll

2010-07-06 00:11 . 2011-11-03 18:13 189600 ----a-w- c:\program files (x86)\PixelLib.dll

2010-07-06 00:11 . 2011-11-03 18:12 606368 ----a-w- c:\program files (x86)\GUILib.dll

2010-07-06 00:11 . 2011-11-03 18:12 267936 ----a-w- c:\program files (x86)\FileLib.dll

2010-07-06 00:11 . 2011-11-03 18:12 154784 ----a-w- c:\program files (x86)\JPEGLib.dll

2010-07-06 00:11 . 2011-11-03 18:11 163488 ----a-w- c:\program files (x86)\AIFFLib.dll

2010-07-06 00:10 . 2011-11-03 18:13 23010976 ----a-w- c:\program files (x86)\Reason.exe

2010-07-06 00:10 . 2011-11-03 18:13 236192 ----a-w- c:\program files (x86)\TIFFLib.dll

2010-07-06 00:10 . 2011-11-03 18:13 1328288 ----a-w- c:\program files (x86)\Remote.dll

2010-07-06 00:10 . 2011-11-03 18:13 3055264 ----a-w- c:\program files (x86)\Reason Engine.dll

2010-07-06 00:10 . 2011-11-03 18:13 180896 ----a-w- c:\program files (x86)\PNGLib.dll

2010-07-06 00:10 . 2011-11-03 18:12 204448 ----a-w- c:\program files (x86)\MIDILib.dll

2010-07-06 00:10 . 2011-11-03 18:11 380576 ----a-w- c:\program files (x86)\AudioCardLib.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 ISODisk;ISODisk; [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-03 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 AXIOM;Service for M-Audio Axiom;c:\windows\system32\DRIVERS\MAudioAxiom.sys [2010-02-19 137736]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-03 136176]

R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2010-12-07 187912]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]

S2 AxiomAudioDevMon;Axiom Audio Device Monitor;c:\program files (x86)\M-Audio\Axiom\AudioDevMon.exe [2010-02-19 1632776]

S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-20 394672]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 04:45]

.

2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-03 18:20]

.

2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-03 18:20]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-17 2922496]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.ask.com/?l=dis&o=15486

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76 192.168.2.1

FF - ProfilePath - c:\users\CoDee\AppData\Roaming\Mozilla\Firefox\Profiles\j1avgjq7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15486

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe

Wow6432Node-HKLM-Run-DigidesignMMERefresh - c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2012-07-18 19:33:52 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-19 02:33

.

Pre-Run: 20,641,812,480 bytes free

Post-Run: 22,728,814,592 bytes free

.

- - End Of File - - A2F09DD102049FCC2FC88A54E7526409

Maniac · July 19, 2012

it deleted my recycle program for some reason? it dosent look like it deleted my files though, atleast i hope because they are very important.

In this case, I will recover them.

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Please locate to C:\Qoobox\ComboFix-quarantined-files.txt and post its content.

In your next reply, post the following log files:

ComboFix log
Quarantined files log

codee7777 · July 20, 2012

here you go, i believe i did this correctcly.

ComboFix 12-07-18.04 - CoDee 07/19/2012 17:04:42.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4029.2653 [GMT -7:00]

Running from: c:\users\CoDee\Desktop\12345.exe

Command switches used :: c:\users\CoDee\Desktop\CFscript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Propellerhead Software\ReCycle

c:\users\CoDee\AppData\Roaming\Propellerhead Software\ReCycle

.

((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))

.

2012-07-20 00:17 . 2012-07-20 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-20 00:17 . 2012-07-20 00:17 -------- d-----w- c:\users\Cody\AppData\Local\temp

2012-07-19 23:49 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43A0E60E-2B52-4F03-86A8-EA28028EACE7}\mpengine.dll

2012-07-18 03:37 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll