Infection - Trojan.Dropper.BCMiner/Rootkit.0Access - Malwarebytes does not delete

[noxyflex]

I saw a similar topic of this nature but I'd rather post logs pertaining to my computer.

So i have this malware trojan which runs up svchost CPU processing, as well as redirecting me to all these random sites, either randomly opening tabs on firefox or when i try to search manually on google.

I have ran Malwarebytes as well as Ad-aware AV however the trojan just keeps returning!

I ran TDSS killer multiple times coupled with those anti-virus programs mentioned together with restarts to NO avail

I can't format since i've lost my windows 7 disc (i built the computer myself) and do a fresh reinstall so i want to try and salvage the situation!

Any help would be stellar!

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[noxyflex]

Here is DDS...

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Fabz at 13:31:26 on 2012-09-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5430 [GMT -4:00]

.

AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe

C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\system32\IProsetMonitor.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\CyberLink\Shared files\RichVideo64.exe

C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\Explorer.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Users\Fabz\Desktop\HB\bin\TSVNCache.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Fabz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Users\Fabz\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\PROGRA~2\AD-AWA~1\AdAware.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

c:\program files (x86)\real\realplayer\RealPlay.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

mWinlogon: Userinit=userinit.exe,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: {326e768d-4182-46fd-9c16-1449a49795f4}: Increase performance and video formats for your HTML5 <video>

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [spotify Web Helper] "C:\Users\Fabz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Google Update] "C:\Users\Fabz\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk"&"inst=NzctODk5MjY3MTA3LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1834"&"mid=f77e08bdcb2f47d181a4d16fc5f28f10-1b087be9e2259c574c19bd07c1264fb61d16e8c1

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

uExplorerRun: [Mozilla] C:\Users\Fabz\AppData\Roaming\E07845.exe

StartupFolder: C:\Users\Fabz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Fabz\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Fabz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Explorer.lnk - C:\ProgramData\64E3737656DAF8C\64E3737656DAF8C.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{8F88ACF2-8710-4DC3-AD11-E065064361EF} : DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{C0C5DD0A-C369-4C5D-9701-ABEEFB6BA80B} : DhcpNameServer = 208.67.222.222 208.67.220.220

TCP: Interfaces\{D1296B43-BDF0-4B50-9A87-366D5AECD5CC} : DhcpNameServer = 8.8.8.8 8.8.4.4

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

{326E768D-4182-46FD-9C16-1449A49795F4}

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Security Engine Registrar - No File

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

BHO-X64: uTorrentBar - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll

TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk"&"inst=NzctODk5MjY3MTA3LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1834"&"mid=f77e08bdcb2f47d181a4d16fc5f28f10-1b087be9e2259c574c19bd07c1264fb61d16e8c1

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Fabz\AppData\Roaming\Mozilla\Firefox\Profiles\elerpv3k.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Baea7362d-06d7-41ac-8507-f040de920173%7D&mid=f77e08bdcb2f47d181a4d16fc5f28f10-1b087be9e2259c574c19bd07c1264fb61d16e8c1&ds=yu011&v=11.1.0.12〈=en&pr=sa&d=2012-06-30%2022%3A58%3A33&sap=ku&q=

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Fabz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\Fabz\AppData\Roaming\raidcall\plugins\nprcplugin.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-7-12 1239952]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2011-10-22 918144]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2011-10-22 915584]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-10-22 586880]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

R2 CDMA Device Service;CDMA Device Service;C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-9-20 159232]

R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-10-23 210024]

R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-1-14 415072]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-7-8 386344]

R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]

R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]

R2 Securepoint VPN;Securepoint VPN;C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [2010-11-22 142216]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]

R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]

S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" --> C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [?]

S2 avgwd;AVG WatchDog;"C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" --> C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]

S3 AtiDCM;AtiDCM;C:\Users\Fabz\AppData\Local\Temp\atdcm64a.sys [2011-12-22 31912]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-16 114144]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-2-24 24176]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]

S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-09-02 14:35:12 -------- d--h--w- C:\Windows\msdownld.tmp

2012-08-31 08:02:59 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-25 09:45:48 -------- d-----w- C:\Users\Fabz\AppData\Roaming\Mumble

2012-08-25 09:45:48 -------- d-----w- C:\Users\Fabz\AppData\Local\Mumble

2012-08-25 09:45:36 -------- d-----w- C:\Program Files (x86)\Mumble

2012-08-19 14:53:50 -------- d-----w- C:\Users\Fabz\AppData\Roaming\raidcall

2012-08-18 22:46:25 -------- d-----w- C:\Program Files (x86)\RaidCall

2012-08-14 18:21:24 -------- d-----w- C:\Users\Fabz\AppData\Roaming\Malwarebytes

2012-08-13 21:05:03 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-08-13 17:35:32 5115584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-08-13 16:49:03 -------- d-----w- C:\Program Files (x86)\StarCraft II.temp

2012-08-13 16:46:32 -------- d-----w- C:\Program Files (x86)\Starcraft II US

2012-08-13 16:46:01 -------- d-----w- C:\Program Files (x86)\Starcraft II EU

2012-08-13 16:39:40 -------- d-----w- C:\Program Files\StarCraft II.temp

2012-08-13 00:27:00 -------- d-----w- C:\PMB Files

2012-08-12 21:48:23 86400840 ----a-w- C:\Users\Fabz\APB_Reloaded_Installer.exe

2012-08-11 16:01:19 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-11 16:01:18 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-11 16:01:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-11 15:59:32 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-10 16:19:14 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys

2012-08-10 16:19:14 45936 ----a-w- C:\Windows\System32\sbbd.exe

2012-08-10 16:19:12 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus

2012-08-10 16:18:14 -------- d-----w- C:\Users\Fabz\AppData\Roaming\Ad-Aware Antivirus

2012-08-09 16:44:31 -------- d-----w- C:\ProgramData\64E3737656DAF8C

.

==================== Find3M ====================

.

2012-08-15 23:31:22 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-08-12 23:20:51 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-08-12 23:20:47 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-08-01 11:10:13 848 --sha-w- C:\ProgramData\KGyGaAvL.sys

2012-07-27 04:38:56 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-21 21:32:06 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe

2012-07-11 17:38:14 1032144 ----a-w- C:\Windows\PE_Rom.dll

2012-06-30 06:13:01 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-06-30 06:13:01 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-06-22 19:35:00 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-06-16 06:38:15 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll

2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll

2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll

2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe

2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll

2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll

2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

.

============= FINISH: 13:32:34.19 ===============

[noxyflex]

Here is the Attach log

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/2/2011 8:19:50 PM

System Uptime: 9/5/2012 12:20:00 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8P67 PRO

Processor: Intel® Core i5-2400 CPU @ 3.10GHz | LGA1155 | 3101/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 130.152 GiB free.

D: is FIXED (NTFS) - 583 GiB total, 532.624 GiB free.

E: is CDROM ()

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: ASUS Bluetooth

Device ID: USB\VID_0B05&PID_179C\6&DF2EE03&0&7

Manufacturer: Atheros Communications

Name: ASUS Bluetooth

PNP Device ID: USB\VID_0B05&PID_179C\6&DF2EE03&0&7

Service: BTHUSB

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: AVG AVI Loader Driver

Device ID: ROOT\LEGACY_AVGLDX64\0000

Manufacturer:

Name: AVG AVI Loader Driver

PNP Device ID: ROOT\LEGACY_AVGLDX64\0000

Service: Avgldx64

.

==== System Restore Points ===================

.

RP640: 8/25/2012 5:44:17 AM - Installed Mumble 1.2.3

RP641: 9/1/2012 8:44:45 AM - Installed XSplit

RP642: 9/2/2012 10:35:44 AM - Windows Modules Installer

RP643: 9/2/2012 10:51:34 AM - Removed XSplit

.

==== Installed Programs ======================

.

µTorrent

Ad-Aware Antivirus

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Media Live Encoder 3.1

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader X (10.1.4)

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AI Suite II

AIM 7

AIO_Scan

Apple Application Support

Apple Software Update

ARMA 2

ARMA 2: Operation Arrowhead

ASUS Ai Charger

ASUS PC Diagnostics

Autodesk SketchBookExpress 2011

Battlefield 3™

Battlefield 3™ Open Beta

Battlefield: Bad Company 2

Battlefield: Bad Company™ 2

Battlelog Web Plugins

BattlEye for OA Uninstall

BattlEye Uninstall

Belkin F7D1101 Basic Wireless USB Adapter

Bioshock Demo

Browser Configuration Utility

BufferChm

Call of Duty: Black Ops - Multiplayer

Call of Duty: Modern Warfare 3

Call of Duty: Modern Warfare 3 - Multiplayer

CameraHelperMsi

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco Connect

Color Efex Pro 3.0 Wacom Edition 6

Copy

Corel Painter Sketch Pad

Corel SketchPad - ICA

Counter-Strike: Source

Counter-Strike: Source Beta

Crysis® 2

Crysis® 2 Demo

Curse Client

CyberLink PowerDirector

CyberLink WaveEditor

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

Diablo III

Diablo III Beta

DiRT 3

DivX Setup

DJ_AIO_ProductContext

DJ_AIO_Software

DJ_AIO_Software_min

Download Manager 2.3.10

Download Updater (AOL LLC)

Driver Sweeper version 3.2.0

Dropbox

Dyyno Broadcaster

erLT

ESN Sonar

Express Burn Disc Burning Software

F4100

F4100_Help

ffdshow v1.1.4096 [2011-11-29]

Fraps (remove only)

GOM Player

GOMTV Streamer

Google Chrome

GPBaseService2

Guild Wars 2

Half-Life 2

Half-Life 2: Lost Coast

HP Update

HPDiagnosticAlert

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

IconHandler 32 bit

Impulse®

Intel® Management Engine Components

IPM

Java Auto Updater

Java 6 Update 31

JMicron JMB36X Driver

Junk Mail filter update

Kies mini

League of Legends

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

marvell 91xx console driver

MCAT CD Companion

Media Player Codec Pack 4.1.4

Mesh Runtime

Messenger Companion

Microsoft Flight Simulator X

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Mozilla Firefox 15.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Mumble 1.2.3

OpenAL

Origin

Painter Sketch Pad

PDF Settings

Philips Retractable PC Controller

PunkBuster Services

QuickTime

RaidCall

Rapture3D 2.4.8 Game

Razer BlackWidow Ultimate

Razer BlackWidow Ultimate Firmware Updater

RealNetworks - Microsoft Visual C++ 2005 Runtime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Registration

Renesas Electronics USB 3.0 Host Controller Driver

Rosetta Stone Version 3

Safari

Samsung Kies

Scan

Securepoint SSL VPN

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Six Updater

Skype Click to Call

Skype™ 5.10

SmartSound Quicktracks 5

SmartWebPrinting

Sniper Elite V2 Demo

SolutionCenter

Spotify

StarCraft II

Status

Steam

Surgery Simulator Version 1.0

swMSM

Team Fortress 2

The Sims™ 3

The Sims™ 3 Town Life Stuff

Toolbox

TrayApp

UltraISO Premium V9.36

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

uTorrentBar Toolbar

Visual Studio 2008 x64 Redistributables

VLC media player 1.1.11

Wacom Tablet

WebReg

WebTablet IE Plugin

WebTablet Netscape Plugin

Windows Installer Clean Up

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wolfenstein - Enemy Territory

World of Warcraft

World of Warcraft Beta

WoWTunnels Client version 2.1.0

Xfire (remove only)

Xvid Video Codec

.

==== Event Viewer Messages From Past Week ========

.

9/5/2012 5:18:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SSDPSRV service.

9/5/2012 5:18:24 AM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/5/2012 5:17:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

9/5/2012 12:40:01 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

9/5/2012 12:23:24 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

9/5/2012 12:23:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14333] - Service 'WMPNetworkSvc' did not start correctly due to error '0x8007042c'. Restart your computer, and then try to restart the service.

9/5/2012 12:23:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/5/2012 12:20:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64

9/5/2012 12:20:37 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The system cannot find the file specified.

9/5/2012 12:20:31 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

9/5/2012 12:20:28 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

9/5/2012 12:20:28 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the file specified.

9/5/2012 12:20:24 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

9/5/2012 11:57:37 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/5/2012 11:30:56 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

9/5/2012 10:52:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 SBRE

9/5/2012 10:52:32 AM, Error: Service Control Manager [7000] - The sbapifs service failed to start due to the following error: A device attached to the system is not functioning.

9/5/2012 1:32:28 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

9/5/2012 1:23:20 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

9/4/2012 8:34:33 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: A device attached to the system is not functioning.

9/4/2012 8:29:30 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.

9/3/2012 9:32:33 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

9/3/2012 9:32:33 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

9/3/2012 9:30:35 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/3/2012 9:30:35 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/3/2012 9:30:35 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/3/2012 9:30:33 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/3/2012 9:30:33 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/3/2012 9:30:33 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/3/2012 9:30:33 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/3/2012 9:30:33 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/3/2012 9:30:33 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/3/2012 9:30:33 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/3/2012 9:30:33 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/3/2012 9:30:33 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/3/2012 9:30:33 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/3/2012 9:30:33 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/3/2012 9:30:33 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/3/2012 9:29:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

9/3/2012 9:28:54 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/3/2012 9:28:54 AM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/3/2012 9:28:54 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

9/3/2012 9:28:54 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/2/2012 10:56:42 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/2/2012 10:45:41 AM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).

9/2/2012 10:45:09 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

9/2/2012 10:44:37 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

8/31/2012 8:52:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

8/31/2012 8:52:40 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/31/2012 8:52:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/30/2012 8:04:53 AM, Error: volmgr [45] - The system could not sucessfully load the crash dump driver.

8/30/2012 5:48:06 AM, Error: Service Control Manager [7000] - The AtiDCM service failed to start due to the following error: A device attached to the system is not functioning.

8/30/2012 5:37:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

.

==== End Of File ===========================

[noxyflex]

Rkiller Report

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) XX bits version

Started in : Normal mode

User : Fabz [Admin rights]

Mode : Scan -- Date : 09/05/2012 13:57:03

¤¤¤ Bad processes : 4 ¤¤¤

¤¤¤ Registry Entries : 16 ¤¤¤

[RUN][HJNAME] HKUS\S-1-5-19[...]\RunOnce : mctadmin (C:\Windows\System32\mctadmin.exe) -> FOUND

[RUN][HJNAME] HKUS\S-1-5-20[...]\RunOnce : mctadmin (C:\Windows\System32\mctadmin.exe) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Policies\Explorer\\Run : Mozilla (C:\Users\Fabz\AppData\Roaming\E07845.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3654779389-944676645-3070641174-1000[...]\Policies\Explorer\\Run : Mozilla (C:\Users\Fabz\AppData\Roaming\E07845.exe) -> FOUND

[TASK][sUSP PATH] {14D4BE9E-95E1-484E-98A9-0B85999067E2} : C:\Users\Fabz\Desktop\uninstall_flash_player(4).exe -> FOUND

[sTARTUP][sUSP PATH] Explorer.lnk @Fabz : C:\ProgramData\64E3737656DAF8C\64E3737656DAF8C.exe -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\n.) -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$1f0e0de88ec3664bbd2e808a051c4412\n.) -> FOUND

[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$1f0e0de88ec3664bbd2e808a051c4412\n.) -> FOUND

[HOSTS] HKLM\[...]\Parameters : DataBasePath (C:\Windows\System32\drivers\etc) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\Windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\L --> FOUND

[ZeroAccess][FILE] @ : C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$1f0e0de88ec3664bbd2e808a051c4412\n --> FOUND

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$1f0e0de88ec3664bbd2e808a051c4412\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$1f0e0de88ec3664bbd2e808a051c4412\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$1f0e0de88ec3664bbd2e808a051c4412\L --> FOUND

[sig - ZeroAccess][FILE] services.exe : \services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> \drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721064SLA360 ATA Device +++++

--- User ---

[MBR] 8e95ba475d310b3c4162741c9557d42b

[bSP] 7421173970e4901fbac72c90fd066b1f : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 597166 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000520AS ATA Device +++++

--- User ---

[MBR] 3e6895914eaf6a54fb81e71c40d17b83

[bSP] e1328d15217b787e091e559d00870c40 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  
• Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.
  

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[noxyflex]

I attached the TDSS report to this post.

On a side note, I am unable to enable windows firefall, anytime i try to turn it on I get an error that it cannot be done

TDSSReport.txt

[MrCharlie]

That method didn't work on the infection, we have to do it this way:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.
  

On the System Recovery Options menu you will get the following options:

• 
  
  • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    

  [*]Select Command Prompt

  [*]In the command window type in notepad and press Enter.

  [*]The notepad opens. Under File menu select Open.

  [*]Select "Computer" and find your flash drive letter and close the notepad.

  [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

  Note: Replace letter e with the drive letter of your flash drive.

  [*]The tool will start to run.

  [*]When the tool opens click Yes to disclaimer.

  [*]Press Scan button.

  [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

  services.exe

  [*]Now press the Search button

  [*]When the search is complete, search.txt will also be written to your USB

  [*]Type exit and reboot the computer normally

  [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

[noxyflex]

Im trying to repair my computer via the BIOS, but i am having a hard time finding the repair option.

I have an ASUS P8P67 Deluxe EFI BIOS motherboard which doesn't have your standard bios interface......

[MrCharlie]

OK, are you on a wireless network or network?? MrC

[noxyflex]

I'm wired to my router directly (built in router/cable modem)

I don't have my windows disk either since I lost it, is there any way to download it at all? or would i have to buy a bran new windows 7 install

[MrCharlie]

Please create a new system restore point before you run Combofix!!!

Don't run ComboFix unless you created a new system restore point!!!!

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[noxyflex]

KK, on my way to class, will run this upon my return tonight, thank you so much for your help. I will also go about researching how to carry out the restore option on my motherboard.

[noxyflex]

Combofix Report

ComboFix 12-09-05.02 - Fabz 09/06/2012 10:09:45.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6563 [GMT -4:00]

Running from: c:\users\Fabz\Desktop\ComboFix.exe

AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\ras_0oed.pad

c:\users\Fabz\APB_Reloaded_Installer.exe

c:\users\Fabz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{14D7B94C-49C0-444A-B0A3-0336455DE7CF}.xps

c:\users\Fabz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{39F34050-7837-4DA7-9C1A-AB07D263D609}.xps

c:\users\Fabz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3DB71E4B-3F94-48CF-8A45-261D41D35E16}.xps

c:\users\Fabz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4FDBF289-8131-4973-A24C-AF3FA9CFB6BD}.xps

c:\users\Fabz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9AFDE05D-EB8A-437A-A5FD-4C2CF43F69B4}.xps

c:\users\Fabz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BC7601B9-1790-43B5-AA84-05446AE6503C}.xps

c:\users\Fabz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C323F607-ECAC-49D3-BDF2-A67423417D51}.xps

c:\users\Fabz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F9C8AA45-55FD-48B8-8D13-E76E03304BA3}.xps

c:\users\Fabz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FABFD715-F7CA-4B60-A834-1BE2B936D5A6}.xps

c:\users\Fabz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FCA34257-4B0C-424F-A1B4-1F3EF6C2F42F}.xps

c:\users\Fabz\AppData\Roaming\Arih

c:\users\Fabz\AppData\Roaming\Arih\otra.rui

c:\users\Fabz\AppData\Roaming\Efinny

c:\users\Fabz\AppData\Roaming\Efinny\adlo.odo

c:\users\Fabz\AppData\Roaming\Evuq

c:\users\Fabz\AppData\Roaming\Evuq\myax.yna

c:\users\Fabz\AppData\Roaming\Exyv

c:\users\Fabz\AppData\Roaming\Exyv\koax.izo

c:\users\Fabz\AppData\Roaming\Fuexg

c:\users\Fabz\AppData\Roaming\Fuexg\luev.odw

c:\users\Fabz\AppData\Roaming\Geyxhu

c:\users\Fabz\AppData\Roaming\Geyxhu\ebyg.awh

c:\users\Fabz\AppData\Roaming\Ihnyd

c:\users\Fabz\AppData\Roaming\Ihnyd\wihae.wuu

c:\users\Fabz\AppData\Roaming\Iwnae

c:\users\Fabz\AppData\Roaming\Iwnae\aqawi.woy

c:\users\Fabz\AppData\Roaming\Lofia

c:\users\Fabz\AppData\Roaming\Lofia\qoatc.qup

c:\users\Fabz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk

c:\users\Fabz\AppData\Roaming\Ufarz

c:\users\Fabz\AppData\Roaming\Ufarz\mapii.ulp

c:\users\Fabz\AppData\Roaming\Ugolyk

c:\users\Fabz\AppData\Roaming\Ugolyk\naoq.axi

c:\users\Fabz\AppData\Roaming\Xiez

c:\users\Fabz\AppData\Roaming\Xiez\labyq.cye

c:\users\Fabz\AppData\Roaming\Zifeu

c:\users\Fabz\AppData\Roaming\Zifeu\iwut.zei

c:\users\Fabz\videos\audacity-win-unicode-1.3.13.exe

c:\users\Fabz\videos\Mumble-1.2.2.exe

c:\users\Fabz\videos\Razer_NagaEpic_Driver_v3.00.exe

c:\users\Fabz\videos\winamp561_full_emusic-7plus_en-us.exe

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\@

c:\windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\L\00000004.@

c:\windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\L\201d3dde

c:\windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\U\00000004.@

c:\windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\U\80000032.@

c:\windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\U\80000064.@

c:\windows\SysWow64\muzapp.exe

.

Infected copy of c:\windows\system32\services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

Infected copy of c:\windows\System32\DisplaySwitch.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_48b6a2a03e2c7b21\DisplaySwitch.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))

.

.

2012-09-06 14:22 . 2012-09-06 14:22 -------- d-----w- c:\users\test\AppData\Local\temp

2012-09-06 14:22 . 2012-09-06 14:22 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-09-06 14:22 . 2012-09-06 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-02 14:35 . 2012-09-02 14:38 -------- d--h--w- c:\windows\msdownld.tmp

2012-08-31 08:02 . 2012-08-31 08:02 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-25 09:45 . 2012-09-03 22:12 -------- d-----w- c:\users\Fabz\AppData\Roaming\Mumble

2012-08-25 09:45 . 2012-08-25 09:45 -------- d-----w- c:\users\Fabz\AppData\Local\Mumble

2012-08-25 09:45 . 2012-08-25 09:45 -------- d-----w- c:\program files (x86)\Mumble

2012-08-19 14:53 . 2012-08-19 14:53 -------- d-----w- c:\users\Fabz\AppData\Roaming\raidcall

2012-08-19 10:30 . 2012-08-19 10:54 -------- d-sh--w- c:\users\test\wc

2012-08-19 10:30 . 2012-08-19 10:30 -------- d-----w- c:\users\test\AppData\Local\Bossland GmbH

2012-08-19 10:29 . 2012-08-19 10:30 -------- d-sh--w- c:\users\test\AppData\Roaming\wyUpdate AU

2012-08-19 00:33 . 2012-08-19 03:23 -------- d-----w- c:\users\test\AppData\Roaming\acccore

2012-08-19 00:33 . 2012-08-19 03:23 -------- d-----w- c:\users\test\AppData\Local\AIM

2012-08-19 00:33 . 2012-08-19 00:33 -------- d-----w- c:\users\test\AppData\Local\AOL

2012-08-18 22:46 . 2012-08-18 22:46 -------- d-----w- c:\users\test\AppData\Roaming\raidcall

2012-08-18 22:46 . 2012-08-26 13:44 -------- d-----w- c:\program files (x86)\RaidCall

2012-08-18 09:11 . 2012-08-18 09:11 -------- d-----w- c:\users\test\AppData\Roaming\GRETECH

2012-08-18 08:23 . 2012-08-18 08:23 -------- d-----w- c:\users\test\AppData\Local\Apps

2012-08-15 01:53 . 2012-08-15 02:00 -------- d-----w- c:\users\test\AppData\Roaming\Ventrilo

2012-08-14 18:21 . 2012-08-14 18:21 -------- d-----w- c:\users\Fabz\AppData\Roaming\Malwarebytes

2012-08-13 21:05 . 2012-08-13 21:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-13 17:35 . 2012-08-13 17:35 5115584 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-08-13 16:49 . 2012-08-13 16:49 -------- d-----w- c:\program files (x86)\StarCraft II.temp

2012-08-13 16:46 . 2012-08-22 00:54 -------- d-----w- c:\program files (x86)\Starcraft II US

2012-08-13 16:46 . 2012-08-13 16:46 -------- d-----w- c:\program files (x86)\Starcraft II EU

2012-08-13 16:39 . 2012-08-13 16:39 -------- d-----w- c:\program files\StarCraft II.temp

2012-08-13 16:20 . 2012-08-16 16:23 -------- d-----w- c:\users\Fabz2

2012-08-13 16:19 . 2012-08-13 16:19 -------- d-----w- c:\users\test\AppData\Local\GamersFirst LIVE!

2012-08-13 16:17 . 2012-08-13 16:17 -------- d-----w- c:\users\test\AppData\Local\Pando_Temp

2012-08-13 00:27 . 2012-08-13 00:27 -------- d-----w- C:\PMB Files

2012-08-11 16:01 . 2012-08-11 16:01 -------- d-----w- c:\users\test\AppData\Roaming\Malwarebytes

2012-08-11 16:01 . 2012-08-11 16:01 -------- d-----w- c:\programdata\Malwarebytes

2012-08-11 16:01 . 2012-08-11 16:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-11 16:01 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-11 15:59 . 2012-09-05 15:29 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-11 15:30 . 2012-08-11 18:55 -------- d-----w- c:\users\test\AppData\Roaming\Ad-Aware Antivirus

2012-08-10 16:19 . 2011-12-19 17:21 45936 ----a-w- c:\windows\system32\sbbd.exe

2012-08-10 16:19 . 2011-12-19 16:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys

2012-08-10 16:19 . 2012-08-11 15:22 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus

2012-08-10 16:18 . 2012-08-11 21:19 -------- d-----w- c:\users\Fabz\AppData\Roaming\Ad-Aware Antivirus

2012-08-09 16:44 . 2012-08-11 18:55 -------- d-----w- c:\programdata\64E3737656DAF8C

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-06 14:24 . 2010-06-24 15:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-08-15 23:31 . 2011-07-13 21:08 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-08-12 23:20 . 2011-07-13 21:08 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-08-12 23:20 . 2011-07-13 21:08 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-08-01 11:10 . 2011-07-10 08:15 848 --sha-w- c:\programdata\KGyGaAvL.sys

2012-07-27 04:38 . 2011-07-03 02:37 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-26 18:44 . 2012-03-17 06:06 15112 ----a-w- c:\users\Fabz\AppData\Roaming\Microsoft\IdentityCRL\ppcrlconfig.dll

2012-07-21 21:32 . 2012-07-21 21:34 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe

2012-07-11 17:38 . 2011-10-23 03:44 1032144 ----a-w- c:\windows\PE_Rom.dll

2012-06-30 06:13 . 2011-12-31 18:49 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-06-30 06:13 . 2011-12-31 18:49 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-06-22 19:35 . 2012-07-31 17:34 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-06-16 06:38 . 2011-07-03 03:02 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2011-05-25 03:07 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2011-05-25 03:06 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2011-05-25 02:49 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2011-05-25 02:39 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2011-05-25 02:50 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2011-05-25 02:24 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2011-05-25 02:24 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Fabz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Fabz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"Spotify Web Helper"="c:\users\Fabz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-27 1193176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-30 296096]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk&inst=NzctODk5MjY3MTA3LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ∏=90&ver=2012.0.1834&mid=f77e08bdcb2f47d181a4d16fc5f28f10-1b087be9e2259c574c19bd07c1264fb61d16e8c1" [?]

.

c:\users\Fabz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Fabz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]

R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]

R3 AtiDCM;AtiDCM;c:\users\Fabz\AppData\Local\Temp\atdcm64a.sys [x]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-07-18 95416]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864]

R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-07-18 203320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-21 14592]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 CDMA Device Service;CDMA Device Service;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-08-02 159232]

S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]

S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-15 415072]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]

S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]

S2 Securepoint VPN;Securepoint VPN;c:\program files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [2010-11-22 142216]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]

S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-09 6245744]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-05-12 154624]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654779389-944676645-3070641174-1000Core.job

- c:\users\Fabz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 17:49]

.

2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654779389-944676645-3070641174-1000UA.job

- c:\users\Fabz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 17:49]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Fabz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Fabz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Fabz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Fabz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

FF - ProfilePath - c:\users\Fabz\AppData\Roaming\Mozilla\Firefox\Profiles\elerpv3k.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Baea7362d-06d7-41ac-8507-f040de920173%7D&mid=f77e08bdcb2f47d181a4d16fc5f28f10-1b087be9e2259c574c19bd07c1264fb61d16e8c1&ds=yu011&v=11.1.0.12〈=en&pr=sa&d=2012-06-30%2022%3A58%3A33&sap=ku&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\MF.exe

Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG2012\avgtray.exe

SafeBoot-13935090.sys

SafeBoot-40126565.sys

SafeBoot-84601182.sys

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe

AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe

.

.

"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z

[\]^_¥\00\00¥\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~¥\00\00¥\00\00\00\00{\00\00\00\00\00\00\00\00‘’“"

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3654779389-944676645-3070641174-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**fw7…¹r]

@Allowed: (Read) (RestrictedCode)

@SACL=(02 0001)

"LP_LastUpdateTime"="0"

"LP_LastCheckTime"=dword:4fefb31d

.

[HKEY_USERS\S-1-5-21-3654779389-944676645-3070641174-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3654779389-944676645-3070641174-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3654779389-944676645-3070641174-1000\Software\SecuROM\License information*]

"datasecu"=hex:4c,32,e2,56,fd,5d,8e,9b,ed,57,ec,61,60,f0,7a,bd,7f,06,72,e3,89,

6c,a9,03,b7,67,8b,a7,fd,a7,79,4e,e0,c1,ad,83,a7,cd,c4,1b,23,db,91,84,5b,e1,\

"rkeysecu"=hex:77,8f,20,92,bd,e5,e5,2f,60,d2,dd,48,4e,9b,09,6d

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe

c:\program files (x86)\ASUS\AI Suite II\FAN Xpert\FanUtility.exe

c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe

c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe

c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

.

**************************************************************************

.

Completion time: 2012-09-06 10:30:41 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-06 14:30

ComboFix2.txt 2011-12-22 13:23

.

Pre-Run: 144,770,387,968 bytes free

Post-Run: 151,167,037,440 bytes free

.

- - End Of File - - E8A8815A43628CC3C5A50FB9FBED17E6

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

~~~~~~~~~~~~

Reboot and rescan the system with RogueKiller and post the new log.

Please let me know how computer is running now, MrC

[noxyflex]

MBAM report - I will run ROguekiller upon restart

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.06.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Fabz :: FABZ-PC [administrator]

9/6/2012 1:17:51 PM

mbam-log-2012-09-06 (13-17-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 236768

Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[noxyflex]

RogueKiller report

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) XX bits version

Started in : Normal mode

User : Fabz [Admin rights]

Mode : Scan -- Date : 09/06/2012 13:30:01

¤¤¤ Bad processes : 1 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][sUSP PATH] {14D4BE9E-95E1-484E-98A9-0B85999067E2} : C:\Users\Fabz\Desktop\uninstall_flash_player(4).exe -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HOSTS] HKLM\[...]\Parameters : DataBasePath (C:\Windows\System32\drivers\etc) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\L --> FOUND

[ZeroAccess][FILE] @ : C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\L --> FOUND

[sig - ZeroAccess][FILE] services.exe : \services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> \drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721064SLA360 ATA Device +++++

--- User ---

[MBR] 8e95ba475d310b3c4162741c9557d42b

[bSP] 7421173970e4901fbac72c90fd066b1f : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 597166 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000520AS ATA Device +++++

--- User ---

[MBR] 3e6895914eaf6a54fb81e71c40d17b83

[bSP] e1328d15217b787e091e559d00870c40 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

[MrCharlie]

You're infected again.

Delete your copy of ComboFix and download a fresh one

Run it as before....post the log

MrC

[noxyflex]

ComboFix 12-09-06.02 - Fabz 09/06/2012 21:22:24.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6452 [GMT -4:00]

Running from: c:\users\Fabz\Desktop\ComboFix.exe

AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Infected copy of c:\windows\System32\DisplaySwitch.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_48b6a2a03e2c7b21\DisplaySwitch.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))

.

.

2012-09-07 01:34 . 2012-09-07 01:34 -------- d-----w- c:\users\test\AppData\Local\temp

2012-09-07 01:34 . 2012-09-07 01:34 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-09-07 01:34 . 2012-09-07 01:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-02 14:35 . 2012-09-02 14:38 -------- d--h--w- c:\windows\msdownld.tmp

2012-08-31 08:02 . 2012-08-31 08:02 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-25 09:45 . 2012-09-03 22:12 -------- d-----w- c:\users\Fabz\AppData\Roaming\Mumble

2012-08-25 09:45 . 2012-08-25 09:45 -------- d-----w- c:\users\Fabz\AppData\Local\Mumble

2012-08-25 09:45 . 2012-08-25 09:45 -------- d-----w- c:\program files (x86)\Mumble

2012-08-19 14:53 . 2012-08-19 14:53 -------- d-----w- c:\users\Fabz\AppData\Roaming\raidcall

2012-08-19 10:30 . 2012-08-19 10:54 -------- d-sh--w- c:\users\test\wc

2012-08-19 10:30 . 2012-08-19 10:30 -------- d-----w- c:\users\test\AppData\Local\Bossland GmbH

2012-08-19 10:29 . 2012-08-19 10:30 -------- d-sh--w- c:\users\test\AppData\Roaming\wyUpdate AU

2012-08-19 00:33 . 2012-08-19 03:23 -------- d-----w- c:\users\test\AppData\Roaming\acccore

2012-08-19 00:33 . 2012-08-19 03:23 -------- d-----w- c:\users\test\AppData\Local\AIM

2012-08-19 00:33 . 2012-08-19 00:33 -------- d-----w- c:\users\test\AppData\Local\AOL

2012-08-18 22:46 . 2012-08-18 22:46 -------- d-----w- c:\users\test\AppData\Roaming\raidcall

2012-08-18 22:46 . 2012-08-26 13:44 -------- d-----w- c:\program files (x86)\RaidCall

2012-08-18 09:11 . 2012-08-18 09:11 -------- d-----w- c:\users\test\AppData\Roaming\GRETECH

2012-08-18 08:23 . 2012-08-18 08:23 -------- d-----w- c:\users\test\AppData\Local\Apps

2012-08-15 01:53 . 2012-08-15 02:00 -------- d-----w- c:\users\test\AppData\Roaming\Ventrilo

2012-08-14 18:21 . 2012-08-14 18:21 -------- d-----w- c:\users\Fabz\AppData\Roaming\Malwarebytes

2012-08-13 21:05 . 2012-08-13 21:05 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-13 17:35 . 2012-08-13 17:35 5115584 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-08-13 16:49 . 2012-08-13 16:49 -------- d-----w- c:\program files (x86)\StarCraft II.temp

2012-08-13 16:46 . 2012-08-22 00:54 -------- d-----w- c:\program files (x86)\Starcraft II US

2012-08-13 16:46 . 2012-08-13 16:46 -------- d-----w- c:\program files (x86)\Starcraft II EU

2012-08-13 16:39 . 2012-08-13 16:39 -------- d-----w- c:\program files\StarCraft II.temp

2012-08-13 16:20 . 2012-08-16 16:23 -------- d-----w- c:\users\Fabz2

2012-08-13 16:19 . 2012-08-13 16:19 -------- d-----w- c:\users\test\AppData\Local\GamersFirst LIVE!

2012-08-13 16:17 . 2012-08-13 16:17 -------- d-----w- c:\users\test\AppData\Local\Pando_Temp

2012-08-13 00:27 . 2012-08-13 00:27 -------- d-----w- C:\PMB Files

2012-08-11 16:01 . 2012-08-11 16:01 -------- d-----w- c:\users\test\AppData\Roaming\Malwarebytes

2012-08-11 16:01 . 2012-08-11 16:01 -------- d-----w- c:\programdata\Malwarebytes

2012-08-11 16:01 . 2012-08-11 16:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-11 16:01 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-11 15:59 . 2012-09-05 15:29 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-11 15:30 . 2012-08-11 18:55 -------- d-----w- c:\users\test\AppData\Roaming\Ad-Aware Antivirus

2012-08-10 16:19 . 2011-12-19 17:21 45936 ----a-w- c:\windows\system32\sbbd.exe

2012-08-10 16:19 . 2011-12-19 16:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys

2012-08-10 16:19 . 2012-08-11 15:22 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus

2012-08-10 16:18 . 2012-08-11 21:19 -------- d-----w- c:\users\Fabz\AppData\Roaming\Ad-Aware Antivirus

2012-08-09 16:44 . 2012-08-11 18:55 -------- d-----w- c:\programdata\64E3737656DAF8C

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-07 01:36 . 2010-06-24 15:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-08-15 23:31 . 2011-07-13 21:08 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-08-12 23:20 . 2011-07-13 21:08 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-08-12 23:20 . 2011-07-13 21:08 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-08-01 11:10 . 2011-07-10 08:15 848 --sha-w- c:\programdata\KGyGaAvL.sys

2012-07-27 04:38 . 2011-07-03 02:37 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-26 18:44 . 2012-03-17 06:06 15112 ----a-w- c:\users\Fabz\AppData\Roaming\Microsoft\IdentityCRL\ppcrlconfig.dll

2012-07-21 21:32 . 2012-07-21 21:34 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe

2012-07-11 17:38 . 2011-10-23 03:44 1032144 ----a-w- c:\windows\PE_Rom.dll

2012-06-30 06:13 . 2011-12-31 18:49 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-06-30 06:13 . 2011-12-31 18:49 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-06-22 19:35 . 2012-07-31 17:34 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-06-16 06:38 . 2011-07-03 03:02 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2011-05-25 03:07 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2011-05-25 03:06 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2011-05-25 02:49 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2011-05-25 02:39 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2011-05-25 02:50 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2011-05-25 02:24 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2011-05-25 02:24 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-09-06_14.24.33 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2012-09-07 01:18 42910 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-07-03 00:46 . 2012-09-07 01:18 30558 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3654779389-944676645-3070641174-1000_UserData.bin

- 2011-07-03 03:14 . 2012-09-02 15:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-07-03 03:14 . 2012-09-06 15:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-07-03 03:14 . 2012-09-02 15:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-07-03 03:14 . 2012-09-06 15:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-09-02 15:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-09-06 15:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-07 15:27 . 2012-09-06 18:11 6370 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-07-10 07:17 . 2012-09-07 01:35 3613 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat

- 2011-07-10 07:17 . 2012-09-06 13:31 3613 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Wacom_Tablet.dat

+ 2012-09-07 01:35 . 2012-09-07 01:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-09-06 14:24 . 2012-09-06 14:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-09-07 01:35 . 2012-09-07 01:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-09-06 14:24 . 2012-09-06 14:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-11-21 03:09 . 2012-09-07 01:18 102536 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2011-07-03 02:19 . 2012-09-06 14:01 623704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-07-03 02:19 . 2012-09-07 01:34 623704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-09-07 01:34 464620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-09-06 14:23 464620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-07-03 03:27 . 2012-09-06 18:11 58502244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3654779389-944676645-3070641174-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Fabz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Fabz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"Spotify Web Helper"="c:\users\Fabz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-27 1193176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-30 296096]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVEWU4tWE5JTFItNFpISlAtUU9GUFctSlVBTE4tUlJBNkk&inst=NzctODk5MjY3MTA3LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ∏=90&ver=2012.0.1834&mid=f77e08bdcb2f47d181a4d16fc5f28f10-1b087be9e2259c574c19bd07c1264fb61d16e8c1" [?]

.

c:\users\Fabz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Fabz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]

R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]

R3 AtiDCM;AtiDCM;c:\users\Fabz\AppData\Local\Temp\atdcm64a.sys [x]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-07-18 95416]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864]

R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-07-18 203320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-21 14592]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 CDMA Device Service;CDMA Device Service;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-08-02 159232]

S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]

S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-15 415072]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]

S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]

S2 Securepoint VPN;Securepoint VPN;c:\program files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [2010-11-22 142216]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]

S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-09 6245744]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-05-12 154624]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654779389-944676645-3070641174-1000Core.job

- c:\users\Fabz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 17:49]

.

2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3654779389-944676645-3070641174-1000UA.job

- c:\users\Fabz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-25 17:49]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Fabz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Fabz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

FF - ProfilePath - c:\users\Fabz\AppData\Roaming\Mozilla\Firefox\Profiles\elerpv3k.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Baea7362d-06d7-41ac-8507-f040de920173%7D&mid=f77e08bdcb2f47d181a4d16fc5f28f10-1b087be9e2259c574c19bd07c1264fb61d16e8c1&ds=yu011&v=11.1.0.12〈=en&pr=sa&d=2012-06-30%2022%3A58%3A33&sap=ku&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

.

"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z

[\]^_¥\00\00¥\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~¥\00\00¥\00\00\00\00{\00\00\00\00\00\00\00\00‘’“"

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3654779389-944676645-3070641174-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**fw7…¹r]

@Allowed: (Read) (RestrictedCode)

@SACL=(02 0001)

"LP_LastUpdateTime"="0"

"LP_LastCheckTime"=dword:4fefb31d

.

[HKEY_USERS\S-1-5-21-3654779389-944676645-3070641174-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3654779389-944676645-3070641174-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-3654779389-944676645-3070641174-1000\Software\SecuROM\License information*]

"datasecu"=hex:4c,32,e2,56,fd,5d,8e,9b,ed,57,ec,61,60,f0,7a,bd,7f,06,72,e3,89,

6c,a9,03,b7,67,8b,a7,fd,a7,79,4e,e0,c1,ad,83,a7,cd,c4,1b,23,db,91,84,5b,e1,\

"rkeysecu"=hex:77,8f,20,92,bd,e5,e5,2f,60,d2,dd,48,4e,9b,09,6d

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe

c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Completion time: 2012-09-06 21:47:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-07 01:47

ComboFix2.txt 2012-09-06 14:30

ComboFix3.txt 2011-12-22 13:23

.

Pre-Run: 155,907,432,448 bytes free

Post-Run: 155,811,782,656 bytes free

.

- - End Of File - - 4621413B9C2C69A94D8457E881843BFB

[MrCharlie]

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Reboot and......

Scan the system with RogueKiller and post the new log.

Please let me know how computer is running now, MrC

[noxyflex]

MBAM log

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.07.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Fabz :: FABZ-PC [administrator]

9/6/2012 11:18:53 PM

mbam-log-2012-09-06 (23-18-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 236808

Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[noxyflex]

Rogue Killer report. - So far the popups havent come back....

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) XX bits version

Started in : Normal mode

User : Fabz [Admin rights]

Mode : Scan -- Date : 09/06/2012 23:32:42

¤¤¤ Bad processes : 1 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][sUSP PATH] {14D4BE9E-95E1-484E-98A9-0B85999067E2} : C:\Users\Fabz\Desktop\uninstall_flash_player(4).exe -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HOSTS] HKLM\[...]\Parameters : DataBasePath (C:\Windows\System32\drivers\etc) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\L --> FOUND

[ZeroAccess][FILE] @ : C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\L --> FOUND

[sig - ZeroAccess][FILE] services.exe : \services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> \drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721064SLA360 ATA Device +++++

--- User ---

[MBR] 8e95ba475d310b3c4162741c9557d42b

[bSP] 7421173970e4901fbac72c90fd066b1f : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 597166 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000520AS ATA Device +++++

--- User ---

[MBR] 3e6895914eaf6a54fb81e71c40d17b83

[bSP] e1328d15217b787e091e559d00870c40 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[MrCharlie]

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[TASK][sUSP PATH] {14D4BE9E-95E1-484E-98A9-0B85999067E2} : C:\Users\Fabz\Desktop\uninstall_flash_player(4).exe -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

Now click Delete on the right hand column under Options

-------------

Next click on the Files tab and put a check next to these and uncheck the rest. (if found)

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Windows\Installer\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\L --> FOUND

[ZeroAccess][FILE] @ : C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Users\Fabz\AppData\Local\{1f0e0de8-8ec3-664b-bd2e-808a051c4412}\L --> FOUND

[sig - ZeroAccess][FILE] services.exe : \services.exe --> FOUND

Now click Delete on the right hand column under Options

Reboot and rescan with RogueKiller and post the new log, MrC

[noxyflex]

RK report

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) XX bits version

Started in : Normal mode

User : Fabz [Admin rights]

Mode : Scan -- Date : 09/07/2012 10:37:50

¤¤¤ Bad processes : 1 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HOSTS] HKLM\[...]\Parameters : DataBasePath (C:\Windows\System32\drivers\etc) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[sig - ZeroAccess][FILE] services.exe : \services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> \drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721064SLA360 ATA Device +++++

--- User ---

[MBR] 8e95ba475d310b3c4162741c9557d42b

[bSP] 7421173970e4901fbac72c90fd066b1f : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 597166 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST31000520AS ATA Device +++++

--- User ---

[MBR] 3e6895914eaf6a54fb81e71c40d17b83

[bSP] e1328d15217b787e091e559d00870c40 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[10].txt >>

RKreport[10].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;

RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

[MrCharlie]

Run RogueKiller again and click Scan

When the scan completes > click on the Files tab

Put a check next to all of these and uncheck the rest: (if found)

[sig - ZeroAccess][FILE] services.exe : \services.exe --> FOUND

Now click Delete on the right hand column under Options

-------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC