Malwarebytes blocking access to 91.218.121.57 on Firefox

[chandnat]

Hi,

I recently was infected with Sireref. I believe I have removed most of it utilising malwarebytes, TDSSkiller and various pieces of advice, if not all of it, however I am currently being presented with attempted browser hijack attempts to the IP 91.218.121.57, which Malwarebytes is blocking. It does not appear to be happening in Internet Explorer. I have seen a few topics like this where the person's computer becomes clean and would be very grateful for help doing the same.

Attached are the DDS and attach logs. Any help would be greatly appreciated.

DDS.txt

Attach.txt

[Maniac]

Hello chandnat and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall DAEMON Tools Toolbar

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• aswMBR log
  
• a new fresh DDS log

[chandnat]

Hi, thank you very much for replying. I understand that the computer may never be truly cleaned, and one day will probably reinstall windows but for now I'd like to at least try.

MBAM log:

-Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.12.04

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Nathaniel :: NATPC [administrator]

Protection: Enabled

12/08/2012 11:50:26 PM

mbam-log-2012-08-12 (23-50-26).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205822

Time elapsed: 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-12 23:49:24

-----------------------------

23:49:24.740 OS Version: Windows x64 6.1.7600

23:49:24.740 Number of processors: 6 586 0xA00

23:49:24.741 ComputerName: NATPC UserName:

23:49:26.099 Initialize success

23:49:40.184 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

23:49:40.185 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953868MB BusType: 3

23:49:40.195 Disk 0 MBR read successfully

23:49:40.197 Disk 0 MBR scan

23:49:40.198 Disk 0 Windows 7 default MBR code

23:49:40.209 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

23:49:40.215 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953766 MB offset 206848

23:49:40.231 Disk 0 scanning C:\Windows\system32\drivers

23:49:45.629 Service scanning

23:49:56.930 Modules scanning

23:49:56.968 Disk 0 trace - called modules:

23:49:56.986 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

23:49:56.988 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e17060]

23:49:56.991 3 CLASSPNP.SYS[fffff880019b143f] -> nt!IofCallDriver -> [0xfffffa8007b2b520]

23:49:56.995 5 ACPI.sys[fffff88000f29781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007b2d060]

23:49:56.998 Scan finished successfully

23:50:19.857 Disk 0 MBR has been saved successfully to "C:\Users\Nathaniel\Desktop\MBR.dat"

23:50:19.861 The log file has been saved successfully to "C:\Users\Nathaniel\Desktop\aswMBR.txt"

New DDS log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Nathaniel at 0:05:56 on 2012-08-13

Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.8190.4863 [GMT 10:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe

C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe

C:\Windows\DAODx.exe

C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe

C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\ASUS\EPU\EPU.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Program Files (x86)\TriDef 3D\TriDef\Common\TriDefControlPanel.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft Mathematics\MathApp.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Users\Nathaniel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Nathaniel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Nathaniel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Nathaniel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Nathaniel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2535291

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

uURLSearchHooks: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll

mURLSearchHooks: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll

TB: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [Google Update] "C:\Users\Nathaniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"

mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [TriDefControlPanel] "C:\Program Files (x86)\TriDef 3D\TriDef\Common\TriDefControlPanel.exe" M

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{15CEFA21-0C73-4129-A88B-F3E42DD1FF64} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{183BFEC5-D3DF-491A-8D0A-2E266E40044A} : DhcpNameServer = 10.1.1.1

TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23} : NameServer = 192.168.0.1

TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23}\E416478616E69656C62E08993702960586F6E656 : DhcpNameServer = 211.29.132.12 61.88.88.88

TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23}\F407475737344433F5333326534323 : DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12

TCP: Interfaces\{4E18973C-6C36-4A59-B20A-348DBC3E8B1F} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4E18973C-6C36-4A59-B20A-348DBC3E8B1F}\24967607F6E646F594E6475627E65647 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4E18973C-6C36-4A59-B20A-348DBC3E8B1F}\E416478616E69656C62E08993702960586F6E656 : DhcpNameServer = 211.29.132.12 61.88.88.88

TCP: Interfaces\{4E18973C-6C36-4A59-B20A-348DBC3E8B1F}\E4544574541425 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4E18973C-6C36-4A59-B20A-348DBC3E8B1F}\F40545553514635323436423 : DhcpNameServer = 10.1.1.1

TCP: Interfaces\{D7917D21-74F2-47FF-9873-C88738B909C3} : DhcpNameServer = 211.29.132.12 61.88.88.88

TCP: Interfaces\{E33291E0-A26A-4B65-A71B-A267C9C58C1C} : DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12

TCP: Interfaces\{F4220CED-1B92-4544-A996-1F9BDBC21C5C} : DhcpNameServer = 10.1.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO-X64: AMD SteadyVideo BHO - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll

BHO-X64: Messenger Plus Live Australia - No File

TB-X64: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - C:\Program Files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"

mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [TriDefControlPanel] "C:\Program Files (x86)\TriDef 3D\TriDef\Common\TriDefControlPanel.exe" M

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\wriwcifs.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535291&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535291&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Nathaniel\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\Nathaniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\wriwcifs.default\extensions\{ea0969b3-6e12-4ac0-b6c9-148e81247954}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2011-12-28 43704]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-4-14 140160]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-11-30 96896]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-6-15 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-6-15 128512]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-11 655944]

R2 S3DSvc32;S3D Service (Win32);C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe [2011-12-28 360960]

R2 S3DSvc64;S3D Service (Win64);C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe [2011-12-28 480768]

R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-5-19 641464]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/28 21:51:09;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-5-14 246256]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AMD FusionUtility Service;AMD FusionUtility Service;C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-4-14 275832]

S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-7-28 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-28 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-3-9 25832]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-12 113120]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-5-27 24176]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-12 13:45:41 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{3B198094-BB1A-4F0D-8DD8-6CFF3FDA86BE}

2012-08-12 13:45:29 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{DB076A27-AF37-4A94-A2CD-BBBB7D4B0E68}

2012-08-12 04:09:43 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-12 03:57:41 -------- d-----w- C:\Program Files\Microsoft Mathematics

2012-08-11 16:18:12 -------- d-----w- C:\Users\Nathaniel\AppData\Local\Google

2012-08-11 15:08:55 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-11 00:38:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-10 17:45:10 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3B93F487-5379-4427-A47F-D6033667DC5D}\mpengine.dll

2012-08-03 08:29:55 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{623DDC0D-DD45-11E1-8270-B8AC6F996F26}

2012-07-30 13:02:28 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{E05B792C-93F1-4FC8-B52B-9D05596C88E8}

2012-07-30 13:02:10 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{1946E4F4-20A7-4FC7-82B8-6CED62BF23CC}

2012-07-20 07:32:19 -------- d-----w- C:\usb

2012-07-17 10:03:34 -------- d-----w- C:\Users\Nathaniel\AppData\Local\etax2012

2012-07-17 10:03:02 -------- d-----w- C:\Program Files (x86)\etax2012

2012-07-16 22:56:12 -------- d-----w- C:\Users\Nathaniel\AppData\Local\FalloutNV

2012-07-16 10:30:07 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{C2285E2A-D3F8-4CCF-801A-918ACF0ABCE2}

2012-07-16 10:26:47 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{FB56FC66-578A-45C1-B56F-3BE827974B6B}

2012-07-14 10:56:22 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{EE3CF8BE-2D92-4273-A536-9EECC71EF775}

2012-07-14 10:56:06 -------- d-----w- C:\Users\Nathaniel\AppData\Local\{0E3F17FF-5B1E-46FC-A5B8-58DD2552DACD}

.

==================== Find3M ====================

.

2012-08-12 11:45:35 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-08-12 11:45:35 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-08-12 11:45:22 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-07-03 03:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-29 04:05:35 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-06-27 23:02:49 3166792 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll

2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll

2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll

2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe

2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll

2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll

2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-06-11 03:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 03:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 03:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 03:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 03:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 03:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 03:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 05:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 05:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 02:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 0:06:49.24 ===============

New attach log

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/11/2010 9:35:05 PM

System Uptime: 12/08/2012 2:08:58 PM (10 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M4A89GTD-PRO/USB3

Processor: AMD Phenom II X6 1090T Processor | AM3 | 3200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 92.864 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: Realtek High Definition Audio

Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_104383C0&REV_1003\4&1DDE902D&0&0001

Manufacturer: Realtek

Name: Realtek High Definition Audio

PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_104383C0&REV_1003\4&1DDE902D&0&0001

Service: IntcAzAudAddService

.

==== System Restore Points ===================

.

RP425: 12/08/2012 1:59:59 AM - ComboFix created restore point

RP426: 12/08/2012 1:46:19 PM - Removed Microsoft Mathematics (64-bit)

RP427: 12/08/2012 1:47:02 PM - Installed Microsoft Mathematics (64-bit)

RP428: 12/08/2012 1:47:49 PM - Installed DirectX

RP429: 12/08/2012 1:56:51 PM - Removed Microsoft Mathematics (64-bit)

RP430: 12/08/2012 1:57:31 PM - Installed Microsoft Mathematics (64-bit)

RP431: 12/08/2012 1:57:47 PM - Installed DirectX

.

==== Installed Programs ======================

.

3DMark Vantage

ABBYY FineReader 9.0 Sprint

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.5

Age of Empires Online

Age of Empires® III: Complete Collection

Alpha Protocol

AMD Fusion Utility

AMD VISION Engine Control Center

Amnesia: The Dark Descent

Anno 1701

Anno 2070

Apple Application Support

Apple Software Update

Application Profiles

Arcanum

ArcSoft PhotoStudio 5.5

ArmA 2 Free Uninstall

Baldur's Gate

Battlefield 3™

Battlefield: Bad Company 2

Battlelog Web Plugins

BattlEye (A2Free) Uninstall

BattlEye for OA Uninstall

Beneath a Steel Sky

Bing Bar

Braid

Browser Configuration Utility

Call of Duty 4: Modern Warfare

Call of Duty: Black Ops

Call of Duty: Black Ops - Multiplayer

Call of Duty: Modern Warfare 2

Call of Duty: Modern Warfare 2 - Multiplayer

Call of Duty: Modern Warfare 3

Call of Duty: Modern Warfare 3 - Dedicated Server

Call of Duty: Modern Warfare 3 - Multiplayer

Call of Duty: World at War

Capsule

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco AnyConnect VPN Client

Codename Gordon

Cogs

Content Manager Assistant for PlayStation®

Counter-Strike: Source

Creative Audio Control Panel

Creative Diagnostics

Creative MediaSource 5

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

Creative System Information

Creative WaveStudio 7

Crysis WARHEAD®

Crysis WARHEAD® Patch

Crysis®

Crysis® 2

CyberLink BD Advisor 2.0

CyberLink Blu-ray Disc Suite

CyberLink LabelPrint

CyberLink LG Burning Tool

CyberLink MediaShow

CyberLink PowerDVD 9

CyberLink PowerProducer

CyberLink YouCam

D3DX10

Day of Defeat: Source

Dead Island

Dead Space™

Defcon

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Descent and Descent 2

Deus Ex - HDTP

Deus Ex: Game of the Year Edition

Deus Ex: Human Revolution

Deus Ex: Human Revolution - The Missing Link

DiRT 3

DNA

Dolby Digital Live Pack

Dragon Age: Origins

Dropbox

DTS Connect Pack

e-tax 2011

e-tax 2012

EasyBits GO

Eclipse - Pydev 1.6.3

Eclipse - QtEclipse 1.5.2

Eclipse - StartExplorer 0.5.0

Empire Earth III

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Event Manager

EPSON Scan

EPU

eReg

ESN Sonar

Fallout

Fallout 2 Unofficial Patch 1.02.27.3

Fallout: New Vegas

Fallout2

Far Cry 2

ffdshow [rev 3154] [2009-12-09]

Fraps

From Dust

Futuremark SystemInfo

GameSpy Comrade

Google Chrome

GPU Boost Driver

Graphmatica

Guild Wars

Half-Life

Half-Life 2

Half-Life 2: Episode One

Half-Life 2: Episode Two

Half-Life 2: Lost Coast

Half-Life: Blue Shift

Half-Life: Opposing Force

HandBrake 0.9.5

HardwareOC Crysis Warhead Benchmark v1.1.1.0

HiJackThis

HxD Hex Editor version 1.7.7.0

iZ3D Driver Remove

Java Auto Updater

Java 6 Update 31

JMicron JMB36X Driver

Junk Mail filter update

Just Cause 2

Kaiba Corp Virtual Duel System 1.28

Killing Floor

Left 4 Dead 2

LG Tool Kit

LibUSB-Win32-0.1.10.1

LightScribe System Software

Malwarebytes Anti-Malware version 1.62.0.1300

Mass Effect

Mass Effect 2

Mass Effect™ 3

Mesh Runtime

Messenger Companion

Messenger Plus Live Australia Toolbar

Messenger Plus! Live

Microsoft .NET Framework 1.1

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

NEC Electronics USB 3.0 Host Controller Driver

NVIDIA PhysX

Oddworld: Abe's Exoddus

Oddworld: Abe's Oddysee

Oddworld: Stranger's Wrath

OmniPage SE 2.0

OpenAL

OpenOffice.org 3.3

Origin

PAYDAY: The Heist

Planescape Torment

Plants vs. Zombies

Poker Night at the Inventory

Portal

PowerISO

PunkBuster Services

PyQt4 - QtHelp 4.7.1

PyQt4 - Qwt5 5.2.1

Python 2.6 - docutils 0.7

Python 2.6 - formlayout 1.0.9

Python 2.6 - Gnuplot 1.8

Python 2.6 - guidata 1.3.0

Python 2.6 - guiqwt 2.1.0

Python 2.6 - h5py 1.3.1

Python 2.6 - IPython 0.10.1

Python 2.6 - jinja2 2.5.5

Python 2.6 - matplotlib 1.0.1

Python 2.6 - nose 1.0.0

Python 2.6 - numexpr 1.4.2

Python 2.6 - numpy 1.5.1

Python 2.6 - PIL 1.1.7.1

Python 2.6 - py2exe 0.6.9

Python 2.6 - pygments 1.4.0

Python 2.6 - pylint 0.23.0

Python 2.6 - PyQt4 4.8.3

Python 2.6 - pyreadline 1.6

Python 2.6 - pywin32 2.16

Python 2.6 - reportlab 2.5

Python 2.6 - scipy 0.9.0

Python 2.6 - setuptools 0.6.11

Python 2.6 - sphinx 1.0.7

Python 2.6 - spyder 2.0.10

Python 2.6 - tables 2.2.1

Python 2.6 - vitables 2.1

Python 2.6 - vtk 5.6.1.1

Python 2.6 - xy 1.2.5

Python 2.6.6

Python(x,y)

Python(x,y) - console 2.0.147.1

Python(x,y) - eclipse 3.5.2

Python(x,y) - mingw 4.5.2

Python(x,y) - SciTE 2.25

Python(x,y) - Veusz 1.10

Python(x,y) - WinMerge 2.12.4

Python(x,y) - xydoc 1.0.4

Quantum Conundrum

QuickTime

Raptor - Call of the Shadows

Ray Adams ATI Tray Tools

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

RollerCoaster Tycoon 2 Triple Thrill Pack

Samsung SyncMaster 3D Game Launcher (TriDef 3D) 1.1.6

Samsung_MonSetup

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Shank

Shank 2

Sid Meier's Civilization V

Sid Meier's Civilization V SDK

SimCity 4

SimCity 4 Deluxe

Skype Click to Call

Skype™ 5.8

Sound Blaster X-Fi

SPORE™

Star Wars: Knights of the Old Republic

Star Wars: The Old Republic

Steam

Strand7 Release 2.4 Demo

Super Meat Boy

Synergy

System Requirements Lab

System Requirements Lab CYRI

Tag - IGF Professional 2008

Team Fortress 2

Terraria

The Elder Scrolls V: Skyrim

Thief: Deadly Shadows

Tom Clancy's Ghost Recon Future Soldier

Tom Clancy's Ghost Recon: Advanced Warfighter

Tom Clancy's Ghost Recon: Advanced Warfighter 2

Total War: SHOGUN 2

TriDef Photo Builder 2.1.6

TriDef Photo Samples 1.8.1

TriDef Photo Transformer 1.10.6

TriDef Photo Transformer Bundle 1.10.5

TriDef Photo Viewer 1.10.4

Tropico 4

TurboV EVO

TVersity Codec Pack 1.4

TVersity Media Server 1.9.3

Ubisoft Game Launcher

Unity Web Player

Universe Sandbox

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

User's Guide EPSON NX130 TX130 Series

WeGame Client 2.2.2

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinSCP 4.2.9

Zeno Clash

.

==== Event Viewer Messages From Past Week ========

.

9/08/2012 5:04:07 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

9/08/2012 5:04:07 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

12/08/2012 2:09:32 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.

12/08/2012 2:09:30 PM, Error: Service Control Manager [7000] - The lirsgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

12/08/2012 2:09:29 PM, Error: Service Control Manager [7000] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error: The system cannot find the file specified.

12/08/2012 2:09:29 PM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

12/08/2012 12:08:15 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

12/08/2012 1:34:39 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

12/08/2012 1:33:32 AM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

12/08/2012 1:33:25 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/08/2012 1:32:50 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

11/08/2012 8:19:29 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.5. The computer with the IP address 192.168.0.6 did not allow the name to be claimed by this computer.

10/08/2012 9:32:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

10/08/2012 9:32:23 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

[Maniac]

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[chandnat]

Hi, here is my combofix log. I appreciate your help. Please be advised that skype.exe at one point was blocked from contacting a website by MBAM. Only happened once.

ComboFix 12-08-13.01 - Nathaniel 14/08/2012 19:56:43.2.6 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.8190.5898 [GMT 10:00]

Running from: c:\users\Nathaniel\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))

.

.

2012-08-14 10:05 . 2012-08-14 10:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-13 22:29 . 2012-08-13 22:29 -------- d-----w- c:\program files\CPUID

2012-08-12 03:57 . 2012-08-12 03:57 -------- d-----w- c:\program files\Microsoft Mathematics

2012-08-11 16:18 . 2012-08-11 16:19 -------- d-----w- c:\users\Nathaniel\AppData\Local\Google

2012-08-11 15:08 . 2012-08-11 15:08 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-11 00:38 . 2012-08-11 00:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-10 17:45 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B93F487-5379-4427-A47F-D6033667DC5D}\mpengine.dll

2012-08-03 08:29 . 2012-08-03 08:29 -------- d-----w- c:\users\Nathaniel\AppData\Local\{623DDC0D-DD45-11E1-8270-B8AC6F996F26}

2012-07-20 07:32 . 2012-07-20 07:32 -------- d-----w- C:\usb

2012-07-17 10:03 . 2012-07-17 10:03 -------- d-----w- c:\users\Nathaniel\AppData\Local\etax2012

2012-07-17 10:03 . 2012-07-17 10:03 -------- d-----w- c:\program files (x86)\etax2012

2012-07-16 22:56 . 2012-07-16 22:56 -------- d-----w- c:\users\Nathaniel\AppData\Local\FalloutNV

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-12 11:45 . 2011-05-10 05:06 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-08-12 11:45 . 2010-12-01 05:45 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-08-12 11:45 . 2010-12-01 05:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-07-03 03:46 . 2011-12-08 10:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-29 04:05 . 2010-12-01 05:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-06-27 23:02 . 2010-12-01 05:45 3166792 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-06-12 03:02 . 2012-07-11 17:04 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2011-11-10 03:16 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2011-09-24 02:01 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2012-02-15 03:07 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2011-09-24 01:43 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2012-02-15 02:12 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2011-11-10 02:11 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2011-11-10 02:11 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-06-11 03:50 . 2012-06-11 03:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 03:50 . 2012-06-11 03:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 03:50 . 2012-06-11 03:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 03:50 . 2012-06-11 03:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 03:50 . 2012-06-11 03:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 03:50 . 2012-06-11 03:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 03:49 . 2012-06-11 03:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-09 05:30 . 2012-07-10 22:48 14165504 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 18:59 . 2012-06-06 18:59 388096 ----a-r- c:\users\Nathaniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-06 05:50 . 2012-07-10 22:48 2003968 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:50 . 2012-07-10 22:48 1880064 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:09 . 2012-07-10 22:48 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:09 . 2012-07-10 22:48 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-02 22:19 . 2012-06-21 22:01 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 22:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 22:01 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 22:01 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 22:01 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 22:01 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 22:01 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 12:49 . 2012-07-11 17:02 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-11 17:02 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-11 17:02 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-11 17:02 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-11 17:02 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-11 17:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-11 17:02 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-11 17:02 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-11 17:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-11 17:02 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-11 17:02 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-11 17:02 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-11 17:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-11 17:02 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-11 17:02 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-11 17:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-11 17:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-11 17:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-11 17:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:38 . 2012-07-10 22:48 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:38 . 2012-07-10 22:48 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:37 . 2012-07-10 22:48 459216 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:27 . 2012-07-10 22:48 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:27 . 2012-07-10 22:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 05:19 . 2012-06-21 22:01 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 05:15 . 2012-06-21 22:01 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:48 . 2012-07-10 22:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:48 . 2012-07-10 22:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:47 . 2012-07-10 22:48 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:42 . 2012-07-10 22:48 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ea0969b3-6e12-4ac0-b6c9-148e81247954}"= "c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ea0969b3-6e12-4ac0-b6c9-148e81247954}"= "c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-10 1353080]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]

"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-07-28 557056]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]

"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"TriDefControlPanel"="c:\program files (x86)\TriDef 3D\TriDef\Common\TriDefControlPanel.exe" [2007-09-05 2827264]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-08-29 979328]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/28 21:51;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-28 158856]

R3 ALSysIO;ALSysIO;c:\users\NATHAN~1\AppData\Local\Temp\ALSysIO64.sys [x]

R3 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]

R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 cpuz130;cpuz130;c:\users\NATHAN~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-07-28 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-07-28 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-25 25832]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-21 97552]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-06 24176]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-07 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2010-10-06 43704]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 S3DSvc32;S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-10-24 360960]

S2 S3DSvc64;S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-10-24 480768]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-05-18 641464]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-17 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-23 726816]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_9EC60124

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-04-22 03:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2162705529-2246650070-4213155456-1000Core.job

- c:\users\Nathaniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 16:18]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2162705529-2246650070-4213155456-1000UA.job

- c:\users\Nathaniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 16:18]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2535291

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23}: NameServer = 192.168.0.1

TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23}\E416478616E69656C62E08993702960586F6E656: DhcpNameServer = 211.29.132.12 61.88.88.88

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - c:\users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\wriwcifs.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535291&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535291&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{EA0969B3-6E12-4AC0-B6C9-148E81247954} - (no file)

AddRemove-ArmA 2 - c:\program files (x86)\Bohemia Interactive\ArmA 2 Free\UnInstall.exe

AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe

AddRemove-BattlEye for OA - c:\program files (x86)\CapsuleGames\ARMA II Operation Arrowhead - PCExpansion\BattlEye\UnInstallBE.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:57,83,e7,09,2f,c3,57,99,5c,12,de,bd,53,5a,43,67,09,d1,a0,b0,44,09,21,

50,d0,46,bb,ef,0d,37,0b,14,c9,8e,b1,ec,77,4e,8d,78,1b,05,59,db,18,b6,a9,37,\

"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

.

[HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:3c,5c,fa,00,d8,f4,be,9f,4d,ea,f2,1b,55,5c,38,a8,71,ec,4e,23,b8,

1e,ac,9f,84,f1,43,4b,e2,81,87,dd,9c,8c,e2,e3,0d,e9,cd,33,f5,75,a6,5f,06,8c,\

"rkeysecu"=hex:f1,d9,9d,8b,02,06,2e,ce,93,84,64,58,b3,32,76,12

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe

c:\windows\DAODx.exe

c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe

c:\program files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe

c:\windows\SysWOW64\CTXFISPI.EXE

.

**************************************************************************

.

Completion time: 2012-08-14 20:13:05 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-14 10:13

ComboFix2.txt 2012-08-11 15:47

.

Pre-Run: 96,184,209,408 bytes free

Post-Run: 95,750,660,096 bytes free

.

- - End Of File - - FB77B2EECD6AF24D7DB915ABF7A2DBDD

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files (x86)\Messenger_Plus_Live_Australia

Registry::
[-HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ea0969b3-6e12-4ac0-b6c9-148e81247954}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ea0969b3-6e12-4ac0-b6c9-148e81247954}"=-
[-HKEY_CLASSES_ROOT\clsid\{ea0969b3-6e12-4ac0-b6c9-148e81247954}]

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2535291

FireFox::
FF - ProfilePath - c:\users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\wriwcifs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535291&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535291&q=

JavaClearaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[chandnat]

Hi, here is the new combofix log.

ComboFix 12-08-16.01 - Nathaniel 16/08/2012 23:44:06.3.6 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.8190.5745 [GMT 10:00]

Running from: c:\users\Nathaniel\Downloads\ComboFix.exe

Command switches used :: c:\users\Nathaniel\Downloads\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Messenger_Plus_Live_Australia

c:\program files (x86)\Messenger_Plus_Live_Australia\INSTALL.LOG

c:\program files (x86)\Messenger_Plus_Live_Australia\ldrtbMes0.dll

c:\program files (x86)\Messenger_Plus_Live_Australia\Messenger_Plus_Live_AustraliaToolbarHelper.exe

c:\program files (x86)\Messenger_Plus_Live_Australia\Messenger_Plus_Live_AustraliaToolbarHelper1.exe

c:\program files (x86)\Messenger_Plus_Live_Australia\prxtbMes0.dll

c:\program files (x86)\Messenger_Plus_Live_Australia\tbMes0.dll

c:\program files (x86)\Messenger_Plus_Live_Australia\tbMes1.dll

c:\program files (x86)\Messenger_Plus_Live_Australia\tbMess.dll

c:\program files (x86)\Messenger_Plus_Live_Australia\toolbar.cfg

c:\program files (x86)\Messenger_Plus_Live_Australia\uninstall.exe

c:\program files (x86)\Messenger_Plus_Live_Australia\UNWISE.EXE

.

.

((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))

.

.

2012-08-16 13:51 . 2012-08-16 13:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-14 22:42 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-14 22:42 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-14 22:42 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-14 22:42 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-14 22:42 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe

2012-08-14 22:42 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-14 22:42 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-14 22:42 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll

2012-08-14 22:42 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-14 22:42 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-14 22:41 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-08-14 22:41 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll

2012-08-14 18:50 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B0D30CD-65A7-45CE-BD55-8B9F89C97F77}\mpengine.dll

2012-08-13 22:29 . 2012-08-13 22:29 -------- d-----w- c:\program files\CPUID

2012-08-12 03:57 . 2012-08-12 03:57 -------- d-----w- c:\program files\Microsoft Mathematics

2012-08-11 16:18 . 2012-08-11 16:19 -------- d-----w- c:\users\Nathaniel\AppData\Local\Google

2012-08-11 15:08 . 2012-08-11 15:08 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-11 00:38 . 2012-08-11 00:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-03 08:29 . 2012-08-03 08:29 -------- d-----w- c:\users\Nathaniel\AppData\Local\{623DDC0D-DD45-11E1-8270-B8AC6F996F26}

2012-07-20 07:32 . 2012-07-20 07:32 -------- d-----w- C:\usb

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-16 13:16 . 2011-05-10 05:06 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-08-16 13:16 . 2010-12-01 05:45 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-08-16 13:15 . 2010-12-01 05:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-07-03 03:46 . 2011-12-08 10:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-29 04:05 . 2010-12-01 05:45 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-06-27 23:02 . 2010-12-01 05:45 3166792 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2011-11-10 03:16 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2011-09-24 02:01 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2012-02-15 03:07 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2011-09-24 01:43 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2012-02-15 02:12 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2011-11-10 02:11 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2011-11-10 02:11 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-06-11 03:50 . 2012-06-11 03:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 03:50 . 2012-06-11 03:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 03:50 . 2012-06-11 03:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 03:50 . 2012-06-11 03:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 03:50 . 2012-06-11 03:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 03:50 . 2012-06-11 03:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 03:49 . 2012-06-11 03:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-09 05:30 . 2012-07-10 22:48 14165504 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 18:59 . 2012-06-06 18:59 388096 ----a-r- c:\users\Nathaniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-06 05:50 . 2012-07-10 22:48 2003968 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:50 . 2012-07-10 22:48 1880064 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:09 . 2012-07-10 22:48 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:09 . 2012-07-10 22:48 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-05 22:49 . 2012-06-05 22:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-02 22:19 . 2012-06-21 22:01 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 22:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 22:01 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 22:01 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 22:01 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 22:01 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 22:01 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 05:38 . 2012-07-10 22:48 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:38 . 2012-07-10 22:48 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:37 . 2012-07-10 22:48 459216 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:27 . 2012-07-10 22:48 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:27 . 2012-07-10 22:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 05:19 . 2012-06-21 22:01 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 05:15 . 2012-06-21 22:01 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:48 . 2012-07-10 22:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:48 . 2012-07-10 22:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:47 . 2012-07-10 22:48 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:42 . 2012-07-10 22:48 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 02:25 . 2010-11-01 11:51 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-14_10.07.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-14 22:42 . 2012-07-04 21:26 57344 c:\windows\SysWOW64\netapi32.dll

+ 2012-08-15 17:01 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll

- 2012-07-11 17:02 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll

- 2012-07-11 17:02 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

+ 2012-08-15 17:01 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

+ 2012-08-15 17:01 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll

- 2012-07-11 17:02 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll

+ 2010-11-01 14:04 . 2012-08-16 13:55 95768 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-16 13:55 45322 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-11-01 12:24 . 2012-08-16 13:55 27956 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2162705529-2246650070-4213155456-1000_UserData.bin

- 2012-07-11 17:02 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll

+ 2012-08-15 17:01 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll

- 2012-07-11 17:02 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll

+ 2012-08-15 17:01 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll

+ 2012-08-15 17:01 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll

- 2012-07-11 17:02 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll

- 2009-07-14 05:30 . 2012-06-29 05:07 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2012-08-15 17:18 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2011-07-13 05:08 . 2011-04-28 03:58 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_b39fd144c3c86206\BTHUSB.SYS

+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_b39fd144c3c86206\bthenum.sys

- 2010-11-01 10:31 . 2012-08-10 15:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-01 10:31 . 2012-08-15 01:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-01 10:31 . 2012-08-15 01:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-11-01 10:31 . 2012-08-10 15:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-10 15:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-15 01:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-08-15 17:22 85432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2012-05-05 07:32 . 2012-08-12 04:06 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe

+ 2012-05-05 07:32 . 2012-08-15 17:02 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe

+ 2012-05-05 07:32 . 2012-08-15 17:02 43608 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe

- 2012-05-05 07:32 . 2012-08-12 04:06 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-05-05 07:32 . 2012-08-15 17:02 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe

+ 2012-08-15 03:25 . 2012-08-15 03:25 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2012-08-16 13:53 . 2012-08-16 13:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-14 10:06 . 2012-08-14 10:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-16 13:53 . 2012-08-16 13:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-14 10:06 . 2012-08-14 10:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-11 17:02 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll

+ 2012-08-15 17:01 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll

+ 2012-08-15 17:01 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll

- 2012-07-11 17:02 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe

+ 2012-08-15 17:01 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe

+ 2012-08-15 17:01 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll

- 2012-07-11 17:02 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll

+ 2012-08-15 17:01 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll

- 2012-07-11 17:02 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll

+ 2012-08-15 17:01 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll

+ 2012-08-15 17:01 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe

- 2012-07-11 17:02 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe

- 2012-07-11 17:02 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll

+ 2012-08-15 17:01 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll

- 2009-07-14 04:45 . 2012-07-11 17:23 378824 c:\windows\system32\FNTCACHE.DAT

+ 2009-07-14 04:45 . 2012-08-15 17:20 378824 c:\windows\system32\FNTCACHE.DAT

- 2009-07-14 05:30 . 2012-06-29 05:07 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2012-08-15 17:18 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2012-08-15 17:18 143360 c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:30 . 2012-06-29 05:03 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 00:06 . 2009-07-14 01:39 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_b39fd144c3c86206\fsquirt.exe

+ 2012-08-15 17:02 . 2012-07-06 19:58 552448 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_b39fd144c3c86206\bthport.sys

- 2009-07-14 05:31 . 2011-07-13 17:22 399360 c:\windows\system32\DriverStore\drvindex.dat

+ 2009-07-14 05:31 . 2012-08-15 17:18 399360 c:\windows\system32\DriverStore\drvindex.dat

+ 2009-07-14 05:01 . 2012-08-16 13:52 370744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-07-03 21:59 . 2012-07-03 21:59 261120 c:\windows\Installer\697746a.msp

+ 2012-05-05 07:32 . 2012-08-15 17:02 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe

- 2012-05-05 07:32 . 2012-08-12 04:06 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe

- 2012-05-05 07:32 . 2012-08-12 04:06 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe

+ 2012-05-05 07:32 . 2012-08-15 17:02 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe

+ 2012-05-05 07:32 . 2012-08-15 17:02 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe

- 2012-05-05 07:32 . 2012-08-12 04:06 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe

- 2012-05-05 07:32 . 2012-08-12 04:06 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe

+ 2012-05-05 07:32 . 2012-08-15 17:02 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe

+ 2011-01-07 00:38 . 2011-01-07 00:38 121208 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\MSCONV97.DLL

- 2012-08-10 08:09 . 2012-08-10 08:09 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

- 2012-07-11 17:02 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll

+ 2012-08-15 17:01 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll

+ 2012-08-15 17:01 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll

- 2012-07-11 17:02 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll

+ 2012-08-15 17:01 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll

+ 2012-08-15 17:01 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll

- 2012-07-11 17:02 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll

+ 2012-08-15 17:01 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll

- 2012-07-11 17:02 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll

- 2012-07-11 17:02 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll

+ 2012-08-15 17:01 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll

+ 2012-08-15 17:01 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll

- 2012-07-11 17:02 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll

+ 2012-08-15 17:01 . 2012-06-29 03:56 2312704 c:\windows\system32\jscript9.dll

+ 2012-08-15 17:01 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll

- 2012-07-11 17:02 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll

- 2009-07-14 04:45 . 2012-07-11 17:25 3955892 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-08-15 17:22 3955892 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2012-05-06 04:44 . 2012-08-16 13:52 1672192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-07-18 16:45 . 2012-07-18 16:45 3464704 c:\windows\Installer\69774e5.msp

+ 2012-07-03 22:04 . 2012-07-03 22:04 1292288 c:\windows\Installer\69774d0.msp

+ 2012-07-03 22:12 . 2012-07-03 22:12 4772352 c:\windows\Installer\69774c7.msp

+ 2012-07-03 22:09 . 2012-07-03 22:09 1284096 c:\windows\Installer\69774b1.msp

+ 2012-07-03 22:01 . 2012-07-03 22:01 9082368 c:\windows\Installer\697749c.msp

+ 2012-07-03 21:58 . 2012-07-03 21:58 6163456 c:\windows\Installer\6977480.msp

+ 2012-05-05 07:32 . 2012-08-15 17:02 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe

- 2012-05-05 07:32 . 2012-08-12 04:06 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe

+ 2012-05-05 07:32 . 2012-08-15 17:02 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe

- 2012-05-05 07:32 . 2012-08-12 04:06 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe

+ 2012-05-05 07:32 . 2012-08-15 17:02 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe

- 2012-05-05 07:32 . 2012-08-12 04:06 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe

+ 2012-05-05 07:32 . 2012-08-15 17:02 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe

- 2012-05-05 07:32 . 2012-08-12 04:06 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe

- 2012-05-05 07:32 . 2012-08-12 04:06 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe

+ 2012-05-05 07:32 . 2012-08-15 17:02 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe

+ 2012-08-15 03:25 . 2012-08-15 03:25 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2012-08-10 08:09 . 2012-08-10 08:09 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-08-15 03:25 . 2012-08-15 03:25 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-08-15 17:01 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll

- 2009-07-14 02:34 . 2012-08-14 02:48 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2012-08-15 19:33 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2012-08-15 17:01 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll

+ 2012-08-15 17:01 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll

+ 2010-11-01 12:20 . 2012-08-16 13:52 61154000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2162705529-2246650070-4213155456-1000-8192.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-10 1353080]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]

"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-07-28 557056]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]

"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-07-07 241789]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"TriDefControlPanel"="c:\program files (x86)\TriDef 3D\TriDef\Common\TriDefControlPanel.exe" [2007-09-05 2827264]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-08-29 979328]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/28 21:51;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-28 158856]

R3 ALSysIO;ALSysIO;c:\users\NATHAN~1\AppData\Local\Temp\ALSysIO64.sys [x]

R3 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]

R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 cpuz130;cpuz130;c:\users\NATHAN~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-07-28 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-07-28 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-25 25832]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-21 97552]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-06 24176]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-07 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2010-10-06 43704]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 S3DSvc32;S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-10-24 360960]

S2 S3DSvc64;S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-10-24 480768]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-05-18 641464]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-17 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]

S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-23 726816]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_9EC60124

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-04-22 03:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2162705529-2246650070-4213155456-1000Core.job

- c:\users\Nathaniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 16:18]

.

2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2162705529-2246650070-4213155456-1000UA.job

- c:\users\Nathaniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 16:18]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Nathaniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23}: NameServer = 192.168.0.1

TCP: Interfaces\{2F482A2B-E4D3-44A9-8086-6A40FA5D1F23}\E416478616E69656C62E08993702960586F6E656: DhcpNameServer = 211.29.132.12 61.88.88.88

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - c:\users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\wriwcifs.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Messenger_Plus_Live_Australia Toolbar - c:\program files (x86)\Messenger_Plus_Live_Australia\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:57,83,e7,09,2f,c3,57,99,5c,12,de,bd,53,5a,43,67,09,d1,a0,b0,44,09,21,

50,d0,46,bb,ef,0d,37,0b,14,c9,8e,b1,ec,77,4e,8d,78,1b,05,59,db,18,b6,a9,37,\

"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

.

[HKEY_USERS\S-1-5-21-2162705529-2246650070-4213155456-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:3c,5c,fa,00,d8,f4,be,9f,4d,ea,f2,1b,55,5c,38,a8,71,ec,4e,23,b8,

1e,ac,9f,84,f1,43,4b,e2,81,87,dd,9c,8c,e2,e3,0d,e9,cd,33,f5,75,a6,5f,06,8c,\

"rkeysecu"=hex:f1,d9,9d,8b,02,06,2e,ce,93,84,64,58,b3,32,76,12

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe

c:\windows\DAODx.exe

c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe

c:\program files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe

c:\program files (x86)\Common Files\Steam\SteamService.exe

.

**************************************************************************

.

Completion time: 2012-08-17 00:00:28 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-16 14:00

ComboFix2.txt 2012-08-14 10:13

ComboFix3.txt 2012-08-11 15:47

.

Pre-Run: 83,854,737,408 bytes free

Post-Run: 83,528,593,408 bytes free

.

- - End Of File - - 63EEBF63E8F8EBA30B7264E2D77FEABD

[Maniac]

Good!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[chandnat]

<p>Not sure what happened, all the logfile produced was</p>

<p> </p>

<p> </p>

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner64.ocx - registred OK</div>

<div>OnlineScanner.ocx - registred OK</div>

<div> </div>

<div>Should I run it again?</div>

[chandnat]

It removed 1 threat though, a redirector, and now firefox isn't trying to redirect. So I think it worked...

[Maniac]

Sometimes it happen. Glad EOS did the job!

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, uninstall ESET Online Scanner and then manually delete DDS and aswMBR.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!