Jump to content

not the same after ransomware


3dtrooper
 Share

Recommended Posts

Hi!

Not long ago I was infected by a police ransomware that locked my pc. I was able to clean it somewhat but since then my pc has never been the same.

I have problems booting and things freeze way too often.

Often when booting many services are not able to start!! (avast engine, comdo firewall engine, windows aero, etc)

I have tried cleaning with malwarebytes, spybot, and emsisoft.

I tried to start the aero service and I get the error: 1084 service cannot be started in safe mode

(eventhough I am not in safe mode)

Any help would be greatly appreciated.

Thank you.

Hijackthis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:52:45, on 15/11/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal


Running processes:
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Remote Mouse\server\server.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Monkey\AppData\Local\Temp\app.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: OKOKO7777KOS
O1 - Hosts: 94.242.221.200 my.mail.ru
O1 - Hosts: 94.242.221.200 m.my.mail.ru
O1 - Hosts: 94.242.221.200 vk.com
O1 - Hosts: 94.242.221.200 m.vk.com
O1 - Hosts: 94.242.221.200 odnoklassniki.ru
O1 - Hosts: 94.242.221.200 www.odnoklassniki.ru
O1 - Hosts: 94.242.221.200 m.odnoklassniki.ru
O1 - Hosts: 94.242.221.200 ok.ru
O1 - Hosts: 94.242.221.200 m.ok.ru
O1 - Hosts: 94.242.221.200 vk.com
O1 - Hosts: 94.242.221.200 www.odnoklassniki.ru
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Hobbyist Software On-Off Helper] "C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" /startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{655E1082-793B-4A92-B440-86822E8E2279}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google frissítési szolgáltatás (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google frissítés Szolgáltatás (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Off-Helper - Hobbyist Software - C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10215 bytes

Link to post
Share on other sites

  • Staff

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012
Ran by SYSTEM at 16-11-2012 00:21:23
Running from E:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9454920 2011-12-20] (COMODO)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [Hobbyist Software On-Off Helper] "C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" /startup [554520 2012-11-10] (Hobbyist Software)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-10-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKU\Adam\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin [x]
HKU\Monkey\...\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [872448 2011-12-07] ()
HKU\Monkey\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd)
HKLM-x32\...\RunOnce: [Z1] C:\Users\Monkey\Desktop\mbar\mbar.exe /cleanup /s [1341800 2012-11-08] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
AppInit_DLLs: C:\Windows\system32\guard64.dll
Tcpip\..\Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: [NameServer]8.26.56.26,156.154.70.22
Startup: C:\Users\Monkey\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

4 a2AntiMalware; "C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe" [3084176 2012-10-06] (Emsisoft GmbH)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
4 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1017344 2011-08-16] (IVT Corporation)
4 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [199680 2011-08-16] (IVT Corporation)
4 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [147563 2011-08-16] (IVT Corporation)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2779416 2011-12-19] (COMODO)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 Off-Helper; C:\Program Files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe [6656 2012-11-10] (Hobbyist Software)
4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) =====================

3 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [23208 2011-05-19] (Emsi Software GmbH)
1 a2injectiondriver; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-04-30] (Emsisoft GmbH)
1 a2util; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [14720 2010-05-04] (Emsi Software GmbH)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
3 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.)
3 BlueletAudio; C:\Windows\SysWow64\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.)
3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [20488 2010-08-18] (IVT Corporation.)
3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)
3 BTCOMBUS; C:\Windows\System32\Drivers\BTCOMBUS.sys [25352 2011-07-27] (IVT Corporation.)
3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [42888 2011-07-27] (IVT Corporation.)
0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24456 2011-07-27] (IVT Corporation.)
3 btnetBUs; C:\Windows\System32\Drivers\btnetBUs.sys [30088 2010-04-06] ()
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-01-17] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2011-12-19] (COMODO)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-10-24] (DT Soft Ltd)
3 e.dentifier2; C:\Windows\System32\DRIVERS\aabed2.sys [28672 2008-03-20] (Todos Data System AB)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2011-12-19] (COMODO)
3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBUs.sys [27016 2010-04-06] (IVT Corporation.)
3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2011-12-20] (ManyCam LLC)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-27] (ManyCam LLC)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
0 mv61xx; C:\Windows\System32\Drivers\mv61xx.sys [178728 2009-05-11] (Marvell Semiconductor, Inc.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2012-05-19] (Duplex Secure Ltd.)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-16 00:19 - 2012-11-16 00:19 - 00000000 ____D C:\FRST
2012-11-15 14:59 - 2012-11-15 15:09 - 00000000 ____D C:\Users\Monkey\Desktop\mbar
2012-11-15 14:59 - 2012-11-15 14:59 - 12961620 ____A C:\Users\Monkey\Downloads\mbar-1.01.0.1009.zip
2012-11-15 14:52 - 2012-11-15 14:52 - 00683048 ____A ( ) C:\Users\Monkey\Downloads\Chip_Downloader_HijackThis_2.0.4.exe
2012-11-15 14:11 - 2012-11-15 14:11 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-11-15 14:11 - 2012-10-15 08:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-11-15 13:50 - 2012-11-15 13:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-11-14 16:28 - 2012-10-21 06:22 - 499797321 ____A C:\Users\Monkey\Desktop\happy.endings.3x01.cazsh.dummy.spillionaires.mkv
2012-11-14 16:14 - 2012-10-28 18:01 - 563583300 ____A C:\Users\Monkey\Desktop\happy.endings.3x02.sabado.free.gante.mkv
2012-11-14 16:13 - 2012-11-11 20:01 - 626190413 ____A C:\Users\Monkey\Desktop\happy.endings.3x03.boyz.ii.menorah.mkv
2012-11-14 15:24 - 2012-11-14 15:24 - 00000000 ____A C:\Users\Monkey\Desktop\New AviSynth Script.avs
2012-11-11 14:00 - 2012-11-11 14:00 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Mozilla
2012-11-11 13:58 - 2012-11-11 13:58 - 57739236 ____A C:\Users\Monkey\Desktop\SONIC SYNDICATE - Revolution Baby Official Video.mp4
2012-11-11 13:50 - 2012-11-11 13:50 - 103582291 ____A C:\Users\Monkey\Desktop\Sonic Syndicate - Denied (Official Music Video) [HD].mp4
2012-10-31 09:37 - 2012-10-31 09:37 - 00000000 ____D C:\Program Files (x86)\PMSystem
2012-10-29 17:57 - 2012-10-29 17:57 - 00000000 ____D C:\Program Files\Recuva
2012-10-29 11:37 - 2012-10-29 11:37 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-10-29 11:37 - 2012-10-29 11:37 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-10-29 11:37 - 2012-10-29 11:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-29 11:37 - 2012-10-29 11:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-10-29 11:37 - 2012-10-29 11:37 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-29 11:35 - 2012-10-29 11:35 - 00895464 ____A (Oracle Corporation) C:\Users\Monkey\Downloads\chromeinstall-7u9.exe
2012-10-27 17:01 - 2012-10-27 17:02 - 107510746 ____A C:\Users\Monkey\Desktop\dimmu_borgir-dimmu_borgir-dvdrip-x264-2010-srp.mkv
2012-10-25 12:13 - 2012-10-25 12:13 - 00000713 ____A C:\Users\Monkey\Documents\index.php
2012-10-22 08:10 - 2012-10-22 08:24 - 00000000 ____D C:\Users\Monkey\Documents\apple3-142
2012-10-18 11:36 - 2012-10-21 23:48 - 00000000 ____D C:\processing-1.5.1

==================== One Month Modified Files and Folders =======

2012-11-16 00:19 - 2012-11-16 00:19 - 00000000 ____D C:\FRST
2012-11-15 15:12 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-15 15:09 - 2012-11-15 14:59 - 00000000 ____D C:\Users\Monkey\Desktop\mbar
2012-11-15 15:09 - 2012-09-10 12:35 - 00000000 ___RD C:\Users\Monkey\Dropbox
2012-11-15 15:09 - 2012-09-10 12:32 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Dropbox
2012-11-15 14:59 - 2012-11-15 14:59 - 12961620 ____A C:\Users\Monkey\Downloads\mbar-1.01.0.1009.zip
2012-11-15 14:52 - 2012-11-15 14:52 - 00683048 ____A ( ) C:\Users\Monkey\Downloads\Chip_Downloader_HijackThis_2.0.4.exe
2012-11-15 14:33 - 2012-07-08 12:20 - 00006174 ____A C:\Windows\PFRO.log
2012-11-15 14:25 - 2012-03-27 15:07 - 00000000 ____D C:\Users\All Users\SpeedBit
2012-11-15 14:23 - 2012-10-06 18:36 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-15 14:23 - 2012-01-22 12:38 - 00000000 ____D C:\Users\Monkey\AppData\Local\LogMeIn Hamachi
2012-11-15 14:23 - 2011-10-24 16:40 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\DAEMON Tools Lite
2012-11-15 14:17 - 2012-10-06 18:49 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2012-11-15 14:13 - 2011-10-26 13:04 - 00000000 ____D C:\Windows\pss
2012-11-15 14:11 - 2012-11-15 14:11 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-11-15 14:11 - 2011-10-24 14:24 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-11-15 13:59 - 2011-10-24 14:24 - 00001028 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-15 13:57 - 2011-10-24 23:22 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\uTorrent
2012-11-15 13:57 - 2011-10-24 14:24 - 00001024 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-15 13:56 - 2011-10-25 08:48 - 00000202 ____A C:\Windows\Tasks\AutoKMS.job
2012-11-15 13:56 - 2011-08-16 08:47 - 00001193 ____A C:\Windows\SysWOW64\bscs.ini
2012-11-15 13:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-15 13:55 - 2012-06-30 15:54 - 00022352 ____A C:\Windows\setupact.log
2012-11-15 13:50 - 2012-11-15 13:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-11-15 13:44 - 2011-10-25 01:15 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Skype
2012-11-15 13:37 - 2012-06-10 05:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-15 13:37 - 2011-10-25 01:11 - 00000000 ____D C:\Program Files (x86)\Steam
2012-11-15 13:21 - 2012-01-19 16:19 - 00000930 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job
2012-11-15 13:00 - 2012-06-06 10:32 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job
2012-11-15 12:26 - 2011-10-14 13:55 - 01195560 ____A C:\Windows\WindowsUpdate.log
2012-11-15 10:05 - 2009-07-13 20:45 - 00022224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-15 10:05 - 2009-07-13 20:45 - 00022224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-15 07:21 - 2012-01-19 16:19 - 00000908 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job
2012-11-15 05:00 - 2012-06-06 10:32 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job
2012-11-14 16:31 - 2011-10-25 08:48 - 00000202 ____A C:\Windows\Tasks\AutoKMSDaily.job
2012-11-14 15:24 - 2012-11-14 15:24 - 00000000 ____A C:\Users\Monkey\Desktop\New AviSynth Script.avs
2012-11-11 20:01 - 2012-11-14 16:13 - 626190413 ____A C:\Users\Monkey\Desktop\happy.endings.3x03.boyz.ii.menorah.mkv
2012-11-11 14:00 - 2012-11-11 14:00 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Mozilla
2012-11-11 13:58 - 2012-11-11 13:58 - 57739236 ____A C:\Users\Monkey\Desktop\SONIC SYNDICATE - Revolution Baby Official Video.mp4
2012-11-11 13:50 - 2012-11-11 13:50 - 103582291 ____A C:\Users\Monkey\Desktop\Sonic Syndicate - Denied (Official Music Video) [HD].mp4
2012-11-01 06:06 - 2011-10-25 12:48 - 00000000 ____D C:\Users\Monkey\AppData\Local\Paint.NET
2012-10-31 09:37 - 2012-10-31 09:37 - 00000000 ____D C:\Program Files (x86)\PMSystem
2012-10-30 16:45 - 2012-09-04 13:40 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\FileZilla
2012-10-30 16:43 - 2012-09-18 14:44 - 00000000 ____D C:\Users\Monkey\Documents\port site
2012-10-30 14:51 - 2011-10-24 14:24 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-10-30 14:51 - 2011-10-24 14:24 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-10-30 14:51 - 2011-10-24 14:24 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-10-30 14:51 - 2011-10-24 14:24 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-10-30 14:51 - 2011-10-24 14:24 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-10-30 14:51 - 2011-10-24 14:24 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-10-30 14:50 - 2011-10-24 14:24 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-10-30 14:50 - 2011-10-24 14:24 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-10-30 10:41 - 2011-10-27 17:33 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\vlc
2012-10-30 09:43 - 2012-09-06 10:56 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Spotify
2012-10-30 09:32 - 2012-09-06 10:56 - 00000000 ____D C:\Users\Monkey\AppData\Local\Spotify
2012-10-29 18:38 - 2012-09-16 02:59 - 00000600 ____A C:\Users\Monkey\AppData\Local\PUTTY.RND
2012-10-29 17:57 - 2012-10-29 17:57 - 00000000 ____D C:\Program Files\Recuva
2012-10-29 11:37 - 2012-10-29 11:37 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-10-29 11:37 - 2012-10-29 11:37 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-10-29 11:37 - 2012-10-29 11:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-29 11:37 - 2012-10-29 11:37 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-10-29 11:37 - 2012-10-29 11:37 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-29 11:37 - 2011-11-01 16:15 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-10-29 11:36 - 2011-11-01 16:15 - 00000000 ____D C:\Program Files (x86)\Java
2012-10-29 11:35 - 2012-10-29 11:35 - 00895464 ____A (Oracle Corporation) C:\Users\Monkey\Downloads\chromeinstall-7u9.exe
2012-10-28 18:01 - 2012-11-14 16:14 - 563583300 ____A C:\Users\Monkey\Desktop\happy.endings.3x02.sabado.free.gante.mkv
2012-10-27 17:02 - 2012-10-27 17:01 - 107510746 ____A C:\Users\Monkey\Desktop\dimmu_borgir-dimmu_borgir-dvdrip-x264-2010-srp.mkv
2012-10-26 06:40 - 2011-10-28 13:48 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Audacity
2012-10-26 05:02 - 2011-10-28 10:54 - 00000000 ____D C:\Program Files (x86)\MeGUI_2050_x86
2012-10-25 12:13 - 2012-10-25 12:13 - 00000713 ____A C:\Users\Monkey\Documents\index.php
2012-10-24 13:11 - 2012-03-09 10:59 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\CoreFTP
2012-10-22 08:24 - 2012-10-22 08:10 - 00000000 ____D C:\Users\Monkey\Documents\apple3-142
2012-10-21 23:48 - 2012-10-18 11:36 - 00000000 ____D C:\processing-1.5.1
2012-10-21 23:48 - 2012-10-06 10:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-21 23:48 - 2012-01-19 13:22 - 00000000 ____D C:\Users\Monkey\.smplayer
2012-10-21 23:48 - 2011-12-07 13:27 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\Winamp
2012-10-21 23:48 - 2011-11-03 18:39 - 00000000 ____D C:\Users\Monkey\AppData\Roaming\IrfanView
2012-10-21 23:48 - 2011-10-24 12:45 - 00000000 ____D C:\users\Adam
2012-10-21 23:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-10-21 14:01 - 2011-10-24 14:16 - 00000000 ____D C:\users\Monkey
2012-10-21 06:22 - 2012-11-14 16:28 - 499797321 ____A C:\Users\Monkey\Desktop\happy.endings.3x01.cazsh.dummy.spillionaires.mkv


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-29 11:36:41
Restore point made on: 2012-10-30 06:42:34
Restore point made on: 2012-11-11 13:39:10

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6143.05 MB
Available physical RAM: 5412.45 MB
Total Pagefile: 6141.25 MB
Available Pagefile: 5403.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (320GB WINSAMS) (Fixed) (Total:298.09 GB) (Free:89.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (SeaGate) (Fixed) (Total:931.51 GB) (Free:206 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (Removable) (Total:7.48 GB) (Free:1.43 GB) NTFS
4 Drive f: () (Fixed) (Total:149.04 GB) (Free:6.39 GB) NTFS
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS


Last Boot: 2012-11-14 18:44

==================== End Of Log =============================

Link to post
Share on other sites

  • Staff

Please don't put the logs inside code boxes, it makes them hard for me to read, thanks

please do the following:

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

NEXT

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Link to post
Share on other sites

Sorry, no code boxes this time.

ComboFix 12-11-15.01 - Monkey 16/11/2012 0:45.1.4 - x64 NETWORK

Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1033.18.6143.4371 [GMT 1:00]

Running from: c:\users\Monkey\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Emsisoft Anti-Malware *Enabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Emsisoft Anti-Malware *Enabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\desktop.ini

c:\users\Monkey\AppData\Roaming\vso_ts_preview.xml

c:\windows\XSxS

E:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))

.

.

2012-11-16 08:19 . 2012-11-16 08:19 -------- d-----w- C:\FRST

2012-11-15 23:56 . 2012-11-15 23:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-15 23:56 . 2012-11-15 23:56 -------- d-----w- c:\users\Adam\AppData\Local\temp

2012-11-15 23:49 . 2012-11-15 23:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\offreg.dll

2012-11-15 22:11 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-11-15 21:50 . 2012-11-15 21:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-14 15:32 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\mpengine.dll

2012-11-11 21:34 . 2012-11-11 21:34 -------- d-----w- c:\users\Monkey\AppData\Local\Programs

2012-10-31 17:37 . 2012-10-31 17:37 -------- d-----w- c:\program files (x86)\PMSystem

2012-10-30 01:57 . 2012-10-30 01:57 -------- d-----w- c:\program files\Recuva

2012-10-29 19:38 . 2012-10-29 19:38 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-29 19:37 . 2012-10-29 19:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-29 19:37 . 2012-10-29 19:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-18 19:36 . 2012-10-22 07:48 -------- d-----w- C:\processing-1.5.1

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-30 22:51 . 2011-10-24 22:24 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2011-10-24 22:24 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2011-10-24 22:24 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2011-10-24 22:24 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 22:51 . 2011-10-24 22:24 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2011-10-24 22:24 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2011-10-24 22:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-10-30 22:50 . 2011-10-24 22:24 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-29 19:37 . 2011-11-02 00:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-13 01:02 . 2011-10-25 09:06 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 13:37 . 2012-06-10 13:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 13:37 . 2011-10-24 23:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-14 20:57 . 2012-09-14 20:57 7026 ----a-w- c:\windows\smburl3b.vbs

2012-09-14 19:19 . 2012-10-12 11:52 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-12 11:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-07 15:04 . 2012-10-07 02:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-31 18:19 . 2012-10-12 11:54 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-12 11:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-12 11:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-12 11:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-12 11:52 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-12 11:52 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 11:15 . 2012-09-23 01:01 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-23 01:01 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-23 01:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-23 01:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-23 01:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-23 01:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-23 01:01 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-23 01:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-23 01:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-23 01:01 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-23 01:01 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-23 01:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-23 01:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-23 01:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-23 01:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-23 01:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-23 01:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-23 01:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 01:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 01:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 14:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 14:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 14:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 14:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 19:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 18:48 . 2012-10-12 11:53 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-12 11:53 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-12 11:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-12 11:53 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-12 11:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-12 11:53 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-12 11:53 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-12 11:53 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-12 11:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-12 11:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-12 11:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-12 11:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-12 11:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-12-07 872448]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Hobbyist Software On-Off Helper"="c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" [2012-11-10 554520]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]

.

c:\users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-26 204288]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R2 Off-Helper;Off-Helper;c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe [2012-11-10 6656]

R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]

R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [2011-07-27 29576]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-06-06 13352]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]

R4 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-10-06 3084176]

R4 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-08-16 147563]

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-07-27 24456]

S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]

S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 577824]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 43248]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-25 270912]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-26 93712]

S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [2011-07-27 25352]

S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 30088]

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016]

S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2011-12-21 34304]

S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-28 28160]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 13:37]

.

2012-11-15 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-15 22:50]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job

- c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job

- c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 8.8.4.4 192.168.0.1

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\4727F6C6C6: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\55375645869637: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\74971627D6164775946494: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\A4F696B6573507F647F5030323136454334463646413: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\1647441677E6: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\8405E2E65647: NameServer = 8.8.4.4,8.8.8.8

TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\D427E24527F6C6C6: NameServer = 8.8.4.4,8.8.8.8

.

- - - - ORPHANS REMOVED - - - -

.

Notify-LBTWlgn - (no file)

AddRemove-HijackThis - c:\users\Monkey\AppData\Local\Temp\HijackThis.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c5,

02,9c,be,ec,0c,b1,9d,ba,17,8f,6b,f8,da

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,0e,

6c,c1,80,43,08,a2,e0,94,9a,f2,9c,68,5a

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e9,

ae,10,58,36,07,ae,29,02,f3,03,cb,47,e6

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d2,

c1,74,f2,34,0d,a8,7f,dc,65,c2,80,cd,b0

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"Timestamp"=hex:a3,15,1f,eb,b8,11,cd,01

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,1e,be,fb,ba,e0,b7,43,95,96,f0,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,1e,be,fb,ba,e0,b7,43,95,96,f0,\

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="mplayerc.ac3"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="mplayerc.asf"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="CCCP.MPC.AVI.1"

"CCCP.Backup.Progid"="WMP11.AssocFile.AVI"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avs\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\mpc-hc.exe"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Winamp.File.FLAC"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Opera.HTML"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Opera.HTML"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\DTLite.exe"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="mplayerc.m2ts"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Winamp.PlayList"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Winamp.File.M4A"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="mplayerc.m4v"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Opera.HTML"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Opera.HTML"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="CCCP.MPC.Matroska.1"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]

@Denied: (2) (Administrator)

"Progid"="MPlayerFileVideo"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Winamp.File.MP3"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"CCCP.Backup.Progid"="WMP11.AssocFile.MP4"

"Progid"="CCCP.MPC.MP4.1"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="mplayerc.mpg"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="mplayerc.mts"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\notepad++.exe"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Winamp.File.OGG"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="CCCP.MPC.OGM.1"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="MPlayerFileVideo"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]

@Denied: (2) (Administrator)

"Progid"="MPlayerFileVideo"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Opera.Image"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="mplayerc.ts"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="mplayerc.wav"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="MPlayerFileVideo"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="mplayerc.wmv"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Opera.HTML"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Opera.HTML"

.

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Opera.HTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-16 00:59:22

ComboFix-quarantined-files.txt 2012-11-15 23:59

.

Pre-Run: 95,852,404,736 bytes free

Post-Run: 95,545,159,680 bytes free

.

- - End Of File - - 1AAFCF8E3FF94B733D18E1A4CF5441F7

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.1.1 (11.15.2012)

OS: Windows 7 Professional x64

Ran by Monkey on 16/11/2012 at 1:01:03.94

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1836503802-3605989020-1067039302-500\software\microsoft\internet explorer\searchscopes\\DefaultScope

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_classes_root\appid\babylonhelper.exe"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escort.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortapp.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escorteng.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortlbr.dll"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\esrv.exe"

Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylon_rasapi32"

Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylon_rasmancs"

Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32"

Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs"

Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\mybabylontb_rasapi32"

Successfully deleted: [Registry Key] "hkey_local_machine\software\wow6432node\microsoft\tracing\mybabylontb_rasmancs"

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 16/11/2012 at 1:10:19.61

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

  • Staff

Please run the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::

C:\Windows\Tasks\AutoKMS.job

C:\Windows\SysWOW64\bscs.ini

RegLock::

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Internet Explorer\Approved Extensions]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Internet Explorer\User Preferences]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avs\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]

[HKEY_USERS\S-1-5-21-1836503802-3605989020-1067039302-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

It is not advisable to have more than one antivirus installed, having more than one can cause system slow downs, conflicts and crashes.

Also can you please advise if your version of Office is properly licenced as there is an item in the log that may indicate it is a pirated version

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

About Office, I do not know as I did not install it personally myself.

ComboFix 12-11-15.01 - Monkey 16/11/2012 2:36.2.4 - x64 NETWORK

Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1033.18.6143.3771 [GMT 1:00]

Running from: c:\users\Monkey\Desktop\ComboFix.exe

Command switches used :: c:\users\Monkey\Desktop\CFScript.txt

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Emsisoft Anti-Malware *Enabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Emsisoft Anti-Malware *Enabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\windows\SysWOW64\bscs.ini"

"c:\windows\Tasks\AutoKMS.job"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWOW64\bscs.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))

.

.

2012-11-16 08:19 . 2012-11-16 08:19 -------- d-----w- C:\FRST

2012-11-16 01:42 . 2012-11-16 01:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-16 01:42 . 2012-11-16 01:42 -------- d-----w- c:\users\Adam\AppData\Local\temp

2012-11-16 00:00 . 2012-11-16 00:00 -------- d-----w- c:\windows\ERUNT

2012-11-16 00:00 . 2012-11-16 00:00 -------- d-----w- C:\JRT

2012-11-15 23:49 . 2012-11-15 23:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\offreg.dll

2012-11-15 22:11 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-11-15 21:50 . 2012-11-15 21:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-14 15:32 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\mpengine.dll

2012-11-11 21:34 . 2012-11-11 21:34 -------- d-----w- c:\users\Monkey\AppData\Local\Programs

2012-10-31 17:37 . 2012-10-31 17:37 -------- d-----w- c:\program files (x86)\PMSystem

2012-10-30 01:57 . 2012-10-30 01:57 -------- d-----w- c:\program files\Recuva

2012-10-29 19:38 . 2012-10-29 19:38 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-29 19:37 . 2012-10-29 19:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-29 19:37 . 2012-10-29 19:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-18 19:36 . 2012-10-22 07:48 -------- d-----w- C:\processing-1.5.1

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-30 22:51 . 2011-10-24 22:24 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2011-10-24 22:24 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2011-10-24 22:24 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2011-10-24 22:24 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 22:51 . 2011-10-24 22:24 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2011-10-24 22:24 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2011-10-24 22:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-10-30 22:50 . 2011-10-24 22:24 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-29 19:37 . 2011-11-02 00:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-13 01:02 . 2011-10-25 09:06 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 13:37 . 2012-06-10 13:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 13:37 . 2011-10-24 23:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-14 20:57 . 2012-09-14 20:57 7026 ----a-w- c:\windows\smburl3b.vbs

2012-09-14 19:19 . 2012-10-12 11:52 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-12 11:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-07 15:04 . 2012-10-07 02:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-31 18:19 . 2012-10-12 11:54 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-12 11:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-12 11:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-12 11:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-12 11:52 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-12 11:52 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 11:15 . 2012-09-23 01:01 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-23 01:01 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-23 01:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-23 01:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-23 01:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-23 01:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-23 01:01 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-23 01:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-23 01:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-23 01:01 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-23 01:01 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-23 01:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-23 01:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-23 01:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-23 01:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-23 01:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-23 01:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-23 01:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 01:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 01:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 14:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 14:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 14:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 14:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 19:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 18:48 . 2012-10-12 11:53 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-12 11:53 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-12 11:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-12 11:53 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-12 11:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-12 11:53 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-12 11:53 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-12 11:53 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-12 11:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-12 11:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-12 11:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-12 11:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-12 11:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-12-07 872448]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Hobbyist Software On-Off Helper"="c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" [2012-11-10 554520]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]

.

c:\users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

[bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-26 204288]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R2 Off-Helper;Off-Helper;c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe [2012-11-10 6656]

R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]

R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [2011-07-27 29576]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-06-06 13352]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]

R4 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-10-06 3084176]

R4 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-08-16 147563]

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-07-27 24456]

S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]

S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 577824]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 43248]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-25 270912]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-26 93712]

S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [2011-07-27 25352]

S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 30088]

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016]

S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2011-12-21 34304]

S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-28 28160]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 13:37]

.

2012-11-15 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-15 22:50]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job

- c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job

- c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 8.8.4.4 192.168.0.1

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\4727F6C6C6: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\55375645869637: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\74971627D6164775946494: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\A4F696B6573507F647F5030323136454334463646413: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\1647441677E6: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\8405E2E65647: NameServer = 8.8.4.4,8.8.8.8

TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\D427E24527F6C6C6: NameServer = 8.8.4.4,8.8.8.8

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-HijackThis - c:\users\Monkey\AppData\Local\Temp\HijackThis.exe

.

.

.

Completion time: 2012-11-16 02:45:52

ComboFix-quarantined-files.txt 2012-11-16 01:45

ComboFix2.txt 2012-11-15 23:59

.

Pre-Run: 96,324,788,224 bytes free

Post-Run: 96,020,811,776 bytes free

.

- - End Of File - - 6BB02244228988114E173204F94E8E0C

# AdwCleaner v2.007 - Logfile created 11/16/2012 at 02:51:05

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Monkey - ANTEC900

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Monkey\Downloads\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\user.js

Folder Deleted : C:\Users\Monkey\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Monkey\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Users\Adam\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Monkey\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2102 octets] - [16/11/2012 02:50:51]

AdwCleaner[s1].txt - [2057 octets] - [16/11/2012 02:51:05]

########## EOF - C:\AdwCleaner[s1].txt - [2117 octets] ##########

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.16.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Monkey :: ANTEC900 [administrator]

16/11/2012 02:58:25

mbam-log-2012-11-16 (02-58-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230550

Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

C:\Program Files (x86)\toolbar.exe Win32/Toolbar.Babylon application

E:\backup\C\Users\Adam\AppData\Local\Babylon\Setup\Setup-tbmntr.cab a variant of Win32/Toolbar.Babylon application

E:\backup\C\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066 HTML/ScrInject.B.Gen virus

E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-33abe99e a variant of Java/Exploit.Agent.NDH trojan

E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\54cd4856-6b867d80 a variant of Java/Exploit.Agent.NDH trojan

E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\6fdb3704-4c09abe1 multiple threats

E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56605bc-17493612 a variant of OSX/Exploit.Smid.D trojan

Link to post
Share on other sites

  • Staff

please run the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')


File::
C:\Program Files (x86)\toolbar.exe
E:\backup\C\Users\Adam\AppData\Local\Babylon\Setup\Setup-tbmntr.cab
E:\backup\C\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066
E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-33abe99e
E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\54cd4856-6b867d80
E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\6fdb3704-4c09abe1
E:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56605bc-17493612

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

  • Please download MiniToolBox and save it to your desktop and run it.
    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List installed programs.

    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT

Please download Farbar Service Scanner to your desktop and run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

NEXT

Please advise how the computer is running now and if thewre are any outstanding issues

Link to post
Share on other sites

I have a problem I cannot access this thread from the pc(thats why the late reply). I am posting from my phone.

I had these dns servers set, eventhough I did not put these. I usually have google dns (8.8.8.8)

8.26.56.26

156.154.70.22

So I changed it back to google's but I still cannot access the thread (the rest of the website is ok)

Chrome says "connection reset", and Opera says "Connection closed by remote server".

Something strange is going on.

Here are the logs:

ComboFix 12-11-16.02 - Monkey 16/11/2012 22:53:20.3.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1250.36.1033.18.6143.1723 [GMT 1:00]

Running from: c:\users\Monkey\Desktop\ComboFix.exe

Command switches used :: c:\users\Monkey\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Emsisoft Anti-Malware *Disabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Emsisoft Anti-Malware *Disabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files (x86)\toolbar.exe"

"e:\backup\C\Users\Adam\AppData\Local\Babylon\Setup\Setup-tbmntr.cab"

"e:\backup\C\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066"

"e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-33abe99e"

"e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\54cd4856-6b867d80"

"e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\6fdb3704-4c09abe1"

"e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56605bc-17493612"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\toolbar.exe

e:\backup\C\Users\Adam\AppData\Local\Babylon\Setup\Setup-tbmntr.cab

e:\backup\C\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066

e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-33abe99e

e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\54cd4856-6b867d80

e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\6fdb3704-4c09abe1

e:\backup\C\Users\Adam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\56605bc-17493612

.

Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected

Restored copy from - c:\windows\erdnt\cache86\userinit.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))

.

.

2012-11-16 22:04 . 2012-11-16 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-16 22:04 . 2012-11-16 22:04 -------- d-----w- c:\users\Adam\AppData\Local\temp

2012-11-16 08:19 . 2012-11-16 08:19 -------- d-----w- C:\FRST

2012-11-16 02:03 . 2012-11-16 02:03 -------- d-----w- c:\program files (x86)\ESET

2012-11-16 00:00 . 2012-11-16 00:00 -------- d-----w- c:\windows\ERUNT

2012-11-16 00:00 . 2012-11-16 00:00 -------- d-----w- C:\JRT

2012-11-15 22:11 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-11-15 21:50 . 2012-11-15 21:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-14 15:32 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEDEB233-E98F-4D4A-99CE-7E265FB3A456}\mpengine.dll

2012-11-11 21:34 . 2012-11-11 21:34 -------- d-----w- c:\users\Monkey\AppData\Local\Programs

2012-10-31 17:37 . 2012-10-31 17:37 -------- d-----w- c:\program files (x86)\PMSystem

2012-10-30 01:57 . 2012-10-30 01:57 -------- d-----w- c:\program files\Recuva

2012-10-29 19:38 . 2012-10-29 19:38 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-10-29 19:37 . 2012-10-29 19:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-29 19:37 . 2012-10-29 19:37 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-18 19:36 . 2012-10-22 07:48 -------- d-----w- C:\processing-1.5.1

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-30 22:51 . 2011-10-24 22:24 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2011-10-24 22:24 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2011-10-24 22:24 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2011-10-24 22:24 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 22:51 . 2011-10-24 22:24 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2011-10-24 22:24 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2011-10-24 22:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-10-30 22:50 . 2011-10-24 22:24 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-29 19:37 . 2011-11-02 00:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-13 01:02 . 2011-10-25 09:06 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 13:37 . 2012-06-10 13:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 13:37 . 2011-10-24 23:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-14 20:57 . 2012-09-14 20:57 7026 ----a-w- c:\windows\smburl3b.vbs

2012-09-14 19:19 . 2012-10-12 11:52 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-12 11:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-07 15:04 . 2012-10-07 02:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-31 18:19 . 2012-10-12 11:54 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-12 11:53 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-12 11:53 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-12 11:53 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-12 11:52 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-12 11:52 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 11:15 . 2012-09-23 01:01 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-23 01:01 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-23 01:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-23 01:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-23 01:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-23 01:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-23 01:01 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-23 01:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-23 01:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-23 01:01 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-23 01:01 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-23 01:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-23 01:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-23 01:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-23 01:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-23 01:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-23 01:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-23 01:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 01:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 01:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-23 01:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 14:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 14:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 14:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 14:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 19:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 18:48 . 2012-10-12 11:53 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-12 11:53 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-12 11:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-12 11:53 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-12 11:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-12 11:53 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-12 11:53 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-12 11:53 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-12 11:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-12 11:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-12 11:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-12 11:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-12 11:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-12 11:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-12 11:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2011-12-07 872448]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Hobbyist Software On-Off Helper"="c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Configuration.exe" [2012-11-10 554520]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]

.

c:\users\Monkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Monkey\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

[bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]

R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [2011-07-27 29576]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-06-06 13352]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-25 1255736]

R4 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-10-06 3084176]

R4 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-08-16 147563]

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-15 2461104]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-07-27 24456]

S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]

S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-01-17 577824]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-12-19 43248]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-25 270912]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-26 204288]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S2 Off-Helper;Off-Helper;c:\program files (x86)\Hobbyist Software\Off Remote Helper\Off-Helper Service.exe [2012-11-10 6656]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-26 93712]

S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [2011-07-27 25352]

S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 30088]

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016]

S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2011-12-21 34304]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-28 28160]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 13:37]

.

2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24]

.

2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 22:24]

.

2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500Core.job

- c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47]

.

2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836503802-3605989020-1067039302-500UA.job

- c:\users\Monkey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 23:47]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Monkey\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 8.8.4.4 192.168.0.1

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\4727F6C6C6: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\55375645869637: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\74971627D6164775946494: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{655E1082-793B-4A92-B440-86822E8E2279}\A4F696B6573507F647F5030323136454334463646413: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{93E2885C-B51A-49D1-A5EE-5A194FDFC57B}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\1647441677E6: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\8405E2E65647: NameServer = 8.8.4.4,8.8.8.8

TCP: Interfaces\{EC791015-2C28-45E8-BF11-F991C538A60C}\D427E24527F6C6C6: NameServer = 8.8.4.4,8.8.8.8

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-HijackThis - c:\users\Monkey\AppData\Local\Temp\HijackThis.exe

.

.

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Hobbyist Software\Off Remote Helper\mDNSResponder.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Remote Mouse\server\server.exe

.

**************************************************************************

.

Completion time: 2012-11-16 23:16:16 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-16 22:16

ComboFix2.txt 2012-11-16 01:45

ComboFix3.txt 2012-11-15 23:59

.

Pre-Run: 105,225,052,160 bytes free

Post-Run: 104,984,256,512 bytes free

.

- - End Of File - - 5EB35750DE670B1BDF4A616A4BDED048

Farbar Service Scanner Version: 09-11-2012

Ran by Monkey (administrator) on 17-11-2012 at 16:03:22

Running from "C:\Users\Monkey\Downloads"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

MiniToolBox by Farbar Version: 10-11-2012 02

Ran by Monkey (administrator) on 17-11-2012 at 16:00:05

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

========================= Hosts content: =================================

127.0.0.1 localhost

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 6.2.2)

ABN AMRO e.dentifier2 software (Version: 02.00)

Adobe AIR (Version: 3.0.0.4080)

Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)

Adobe Flash Player 11 Plugin (Version: 11.4.402.287)

Adobe Reader X (10.1.4) (Version: 10.1.4)

AGEIA PhysX v7.11.13 (Version: 7.11.13)

AMD APP SDK Runtime (Version: 10.0.831.4)

AMD AVIVO64 Codecs (Version: 11.7.0.11109)

AMD Catalyst Install Manager (Version: 3.0.855.0)

AMD Drag and Drop Transcoding (Version: 2.00.0000)

AMD Media Foundation Decoders (Version: 1.0.61109.2218)

Android SDK Tools (Version: 1.16)

Apple Application Support (Version: 2.1.5)

Apple Mobile Device Support (Version: 4.0.0.96)

Apple Software Update (Version: 2.1.3.127)

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.18)

Audacity 1.3.13 (Unicode)

Audiosurf

Auslogics Disk Defrag (Version: version 3.4)

Auto Gordian Knot 2.55 (Version: 2.55)

avast! Free Antivirus (Version: 7.0.1474.0)

Avidemux 2.5 (Version: 2.5.6.7716)

AviSynth 2.6 (Version: 2.6.0.2)

BlueSoleil 8.0.370.0 (Version: 8.0.370.0)

Bluetooth Stack for Windows by Toshiba (Version: v8.00.03(T) Premium Edition)

Bonjour (Version: 3.0.0.10)

Bulk Rename Utility 2.7.1.2

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center (Version: 2011.1109.2212.39826)

Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2212.39826)

Catalyst Control Center InstallProxy (Version: 2011.1109.2212.39826)

ccc-utility64 (Version: 2011.1109.2212.39826)

CCC Help English (Version: 2011.1109.2211.39826)

CCleaner (Version: 3.19)

CDBurnerXP (Version: 4.4.0.2905)

Combined Community Codec Pack 2011-07-30 (Version: 2011.07.30.0)

Command & Conquer 3 (Version: 1.00.0000)

Command & Conquer Generals (Version: 0.50.0000)

Comodo Dragon (Version: 15.0)

COMODO Internet Security (Version: 5.8.16726.2131)

ConvertXtoDVD 4.1.10.348 (Version: 4.1.10.348)

Core FTP LE

CoreAVC Professional Edition (remove only)

Counter-Strike: Source

DAEMON Tools Lite (Version: 4.41.3.0173)

Day of Defeat: Source

Diablo III (Version: 1.0.4.11327)

Dropbox (Version: 1.4.17)

EASEUS Partition Master 9.1.0 Home Edition

Elecard MPEG-2 PlugIn for WMP (Version: 5.0.111108)

Empire Earth

Empire Earth - The Art of Conquest

Emsisoft Anti-Malware (Version: 7.0)

eReg (Version: 1.20.138.34)

ESET Online Scanner v3

Europe MapleStory

EVEREST Home Edition v2.20 (Version: 2.20)

F.E.A.R. 3

Facebook Video Calling 1.2.0.159 (Version: 1.2.159)

FileZilla Client 3.5.3 (Version: 3.5.3)

Flashtool (Version: 0.8.0.0)

foobar2000 v1.1.8 (Version: 1.1.8)

Fraps (remove only)

GameRanger

GIMP 2.6.11 (Version: 2.6.11)

Google Chrome (Version: 23.0.1271.64)

Google Talk Plugin (Version: 3.10.2.10212)

Google Update Helper (Version: 1.3.21.123)

Haali Media Splitter

Half-Life 2

Half-Life 2: Episode One

Half-Life 2: Episode Two

Half-Life 2: Lost Coast

Half-Life Dedicated Server Update Tool

HD Tune 2.55

Heroes of Newerth (Version: 2.3.0)

HijackThis 2.0.2 (Version: 2.0.2)

HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (Version: 14.0)

Huffyuv AVI lossless video codec (Remove Only)

Hugin 2011.4.0 (Version: 2011.4.0 hg_cf9be9344356)

ICQ7M (Version: 7.8)

iExplorer 2.2.1.3

Image Data Converter (Version: 4.0.01.09151)

iPhoneBrowser (Version: 1.9.3)

IrfanView (remove only) (Version: 4.32)

iTunes (Version: 10.5.0.142)

Java 7 Update 9 (Version: 7.0.90)

Java Auto Updater (Version: 2.1.9.0)

Java 6 Update 31 (Version: 6.0.310)

Lagarith Lossless Codec (1.3.27)

League of Legends (Version: 1.3)

Left 4 Dead 2

Left 4 Dead 2 Dedicated Server

Logitech SetPoint 6.32 (Version: 6.32.20)

LogMeIn Hamachi (Version: 2.1.0.215)

Macromedia Dreamweaver 8 (Version: 8.0.0.2734)

Macromedia Extension Manager (Version: 1.7.240)

Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)

ManyCam 3.0.53 (remove only) (Version: 3.0.53)

marvell 61xx (Version: 1.2.0.69)

MediaInfo 0.7.50 (Version: 0.7.50)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Corporation (Version: 9.1.0.0)

Microsoft LifeCam (Version: 3.22.270.0)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Professional 2010 (Version: 14.0.4763.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Single Image 2010 (Version: 14.0.4763.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

MKVToolNix 5.6.0 (Version: 5.6.0)

Movie Subtitles Searcher 1.0 (Version: 1.0)

Mp3tag v2.49a (Version: v2.49a)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

My MP4Box GUI 0.5.5.4 (Version: 0.5.5.4)

Neat Image v6.0 Pro+

Network64 (Version: 140.0.215.000)

Nokia Connectivity Cable Driver (Version: 7.0.2.0)

Notepad++ (Version: 5.9.5)

Off Remote Helper

On2 VP7 Personal Edition

OpenAL

Opera 12.02 (Version: 12.02.1578)

Paint.NET v3.5.10 (Version: 3.60.0)

Pando Media Booster (Version: 2.6.0.8)

PC Connectivity Solution (Version: 8.22.7.0)

Pdf Editor

PDFCreator (Version: 1.2.3)

plist Editor Pro 2.0.0 (Version: 2.0.0)

Portal

PS_AIO_06_B209a-m_SW_Min (Version: 140.0.690.000)

QuickTime (Version: 7.71.80.42)

RaceRoom Racing Experience

Ralink RT2870 Wireless LAN Card (Version: 1.5.6.0)

Realtek High Definition Audio Driver (Version: 6.0.1.5904)

Recuva (Version: 1.43)

Remote Mouse version 1.09 (Version: 1.09)

Sami HTTP Server 2.0.1

Scan (Version: 140.0.80.000)

Serif PhotoPlus X4 (Version: 14.0.1.012)

Serious Sam 2

Skype 5.6 (Version: 5.6.110)

SMPlayer 0.8.0 (Version: 0.8.0)

Sony Ericsson Update Service (Version: 2.11.12.5)

Sony PC Companion 2.10.065 (Version: 2.10.065)

Source Multiplayer Dedicated Server

Spotify (Version: 0.8.5.1333.g822e0de8)

Spybot - Search & Destroy (Version: 1.6.2)

Steam (Version: 1.0.0.0)

Subtitle Workshop 2.51

SUPER v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)

Team Fortress 2

Toolbox (Version: 140.0.428.000)

Tunatic

Universal Extractor 1.6.1 (Version: 1.6.1)

Unreal Tournament 3: Black Edition

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

VLC (Version: 1.0.0.0)

VLC media player 1.1.5 (Version: 1.1.5)

VobSub v2.23 (Remove Only)

Web Album Generator 1.8.2

Winamp (Version: 5.622 )

Winamp Detector Plug-in (Version: 1.0.0.1)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)

WinRAR 4.01 (64-bit) (Version: 4.01.0)

XviD MPEG4 Video Codec (remove only)

Xvid Video Codec (Version: 1.3.2)

**** End of log ****

Link to post
Share on other sites

  • Staff

I suspect Comodo is acting up

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

the log shows there is nothing wrong with the connection, so I suspect Comodo is preventing the connection

uninstall it if you have to

let me know if you are able to re-establish the connection

Link to post
Share on other sites

  • Staff

personally, I use Microsoft Security Essentials with the Pro version of Malwarebytes, I also use the Web of Trust and I'm behind a secure router so I use the Windows Firewall

You can delete Java™ 6 Update 31 (Version: 6.0.310) as you already have the latest version of java installed

use the removal tool to remove all traces of Avast if you are going to switch it out for MSSE

Avast removal tool:

http://www.avast.com/eng/avast-uninstall-utility.html

Sometimes it's not possible to uninstall avast! the standard way - using the ADD/REMOVE PROGRAMS in control panel. In this case, you can use our uninstallation utility aswClear.

How to uninstall our software using aswClear.exe:

  1. Download aswClear.exe on to your desktop
  2. Open (execute) it
  3. If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
  4. Click REMOVE
  5. Restart your computer

NEXT

we just have some housekeeping left to do, please do the following:

You can delete the JRT and Farbar logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    [*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

    [*]Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.