Jump to content

Please Help Remove Infection


carlsor

Recommended Posts

My PC was infected several weeks ago, but it still displaying symptoms of some sort of infection or file conflict.

DDS LOG FILE

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.10.2

Run by Carl at 8:56:20 on 2012-12-26

Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.6135.4529 [GMT -8:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\prevhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Temp File Cleaner DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} -

TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Carl\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{53193477-4C5B-4C0C-81B2-3B5E1EE31B4B} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{A09898DD-A56C-49AA-BDA1-A50B4DC8D924} : DHCPNameServer = 192.168.1.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= avgrssta.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - LocalServer32 - <no file>

x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

x64-DPF: {AEA3991E-3109-4C98-989E-33994FEB1A91} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri64_4.5.1.0.cab

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\dbqckc06.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Carl\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-4-2 27760]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-12 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-23 239616]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-4-2 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-4-2 110032]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-4-2 98848]

R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-5-4 20968]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-10-13 96896]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-17 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-17 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2012-12-26 16:25:18 -------- d-----w- C:\Users\Carl\AppData\Local\{8C2BF37D-372F-4660-B174-2D4EC7390392}

2012-12-26 16:22:23 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-12-26 16:22:19 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-26 04:25:06 -------- d-----w- C:\Users\Carl\AppData\Local\{F564B4DA-BA34-4726-A581-A37AA7401322}

2012-12-24 22:35:05 -------- d-----w- C:\Users\Carl\AppData\Local\ESN

2012-12-21 16:23:17 -------- d-----w- C:\Users\Carl\AppData\Local\{CFE11F38-077E-426E-9A27-A569392291E9}

2012-12-21 04:23:05 -------- d-----w- C:\Users\Carl\AppData\Local\{E1610D98-FC97-4202-90C8-78D358617B0C}

2012-12-20 16:22:53 -------- d-----w- C:\Users\Carl\AppData\Local\{4F209E0B-5513-4802-9DE5-37EA21DEC9C4}

2012-12-19 23:33:10 -------- d-----w- C:\Program Files\PBO Manager v.1.4 beta

2012-12-19 16:22:16 -------- d-----w- C:\Users\Carl\AppData\Local\{61286BED-E88F-4699-89F9-8AE4ED0F810D}

2012-12-19 04:22:02 -------- d-----w- C:\Users\Carl\AppData\Local\{21EC881E-02BE-43D5-A04E-B9CC6A3DD3D2}

2012-12-18 16:21:37 -------- d-----w- C:\Users\Carl\AppData\Local\{14A59470-560C-4875-857B-BC5AE599D122}

2012-12-18 04:21:13 -------- d-----w- C:\Users\Carl\AppData\Local\{BD171BB6-9F49-4767-8400-869436485AD8}

2012-12-17 16:20:47 -------- d-----w- C:\Users\Carl\AppData\Local\{8A014CBF-A36A-4618-BBD6-34811602C247}

2012-12-16 14:16:20 -------- d-----w- C:\Users\Carl\AppData\Local\{559B507B-93E4-4D76-A3C5-207FC6594531}

2012-12-16 02:16:08 -------- d-----w- C:\Users\Carl\AppData\Local\{72431B92-10B4-4E04-93C9-9AA4BBE37A93}

2012-12-15 14:15:56 -------- d-----w- C:\Users\Carl\AppData\Local\{FC0F518A-7CB8-4D18-8794-16BB8E2D19F0}

2012-12-15 02:15:44 -------- d-----w- C:\Users\Carl\AppData\Local\{3EF70F6C-1875-48C1-9365-8195E575BCEE}

2012-12-14 14:15:31 -------- d-----w- C:\Users\Carl\AppData\Local\{0E5074C0-B347-4B90-A1C3-C26738D71284}

2012-12-14 02:15:07 -------- d-----w- C:\Users\Carl\AppData\Local\{12DA1A12-235A-4626-9BE3-99EDB93BE92F}

2012-12-12 02:14:04 -------- d-----w- C:\Users\Carl\AppData\Local\{6301119E-41E1-415C-83DE-F65C848B8225}

2012-12-11 14:13:40 -------- d-----w- C:\Users\Carl\AppData\Local\{1C12E9DA-B46D-4E06-856B-8CE69E8B479C}

2012-12-11 02:13:28 -------- d-----w- C:\Users\Carl\AppData\Local\{E3800282-5907-4C93-AA74-71AD6DA066FF}

2012-12-10 14:13:15 -------- d-----w- C:\Users\Carl\AppData\Local\{33D612EA-5536-45FA-80C7-3CF405D79048}

2012-12-10 02:13:03 -------- d-----w- C:\Users\Carl\AppData\Local\{755908D8-5AE4-4ACF-B36A-E3EBC51BF6FA}

2012-12-09 14:12:51 -------- d-----w- C:\Users\Carl\AppData\Local\{F1D7A36C-E41C-47CB-BEC7-AD6446C85635}

2012-12-09 02:12:39 -------- d-----w- C:\Users\Carl\AppData\Local\{D7934453-95FA-4F78-969D-053ECA00F03E}

2012-12-08 14:12:27 -------- d-----w- C:\Users\Carl\AppData\Local\{E94F2B37-00D8-495C-82E4-60F3E71F9846}

2012-12-08 05:20:33 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-12-08 05:20:33 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-12-08 05:20:33 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-12-08 05:20:33 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-12-08 05:13:19 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-12-08 05:13:19 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-12-08 05:13:18 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-12-08 05:13:18 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-12-08 05:13:18 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-12-08 05:13:18 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-12-08 05:13:18 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-12-08 05:10:20 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-12-08 05:10:20 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-12-08 02:12:02 -------- d-----w- C:\Users\Carl\AppData\Local\{9742B5A9-2F9A-4609-833F-40DB77BC5DE6}

2012-12-07 14:11:50 -------- d-----w- C:\Users\Carl\AppData\Local\{52FCA106-0A2E-4FAF-97D0-8320C2442B41}

2012-12-07 02:11:38 -------- d-----w- C:\Users\Carl\AppData\Local\{AE2392ED-558F-4BDC-BF30-14FCD0262795}

2012-12-06 14:11:25 -------- d-----w- C:\Users\Carl\AppData\Local\{7FF97E8E-E5E3-4E32-A42C-EA96404B71CE}

2012-12-06 02:11:13 -------- d-----w- C:\Users\Carl\AppData\Local\{2FEAF962-1DEA-48C7-8DC0-302A53FB9F2F}

2012-12-05 02:10:49 -------- d-----w- C:\Users\Carl\AppData\Local\{0B59A779-0F40-4215-9C06-2EFE39BEEC78}

2012-12-04 14:10:37 -------- d-----w- C:\Users\Carl\AppData\Local\{2A9F511F-3711-471C-AD20-8B1A1DDCA5E2}

2012-12-04 07:41:22 -------- d-----w- C:\Program Files (x86)\Photodex Presenter

2012-12-04 07:41:14 -------- d-----w- C:\Program Files (x86)\Photodex

2012-12-04 07:40:03 -------- d-----w- C:\Users\Carl\AppData\Roaming\Photodex

2012-12-04 07:40:01 -------- d-----w- C:\ProgramData\Photodex

2012-12-04 04:54:30 -------- d-----w- C:\Users\Carl\AppData\Local\Apple

2012-12-04 03:51:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-04 02:10:13 -------- d-----w- C:\Users\Carl\AppData\Local\{E13027EA-11E3-4EEC-851D-257D0AD763A1}

2012-12-03 14:10:00 -------- d-----w- C:\Users\Carl\AppData\Local\{31AE549E-E382-4357-9867-0FA411E78EE5}

2012-12-03 02:09:48 -------- d-----w- C:\Users\Carl\AppData\Local\{FD1A05DB-C1D5-4C50-9495-7C246A6C0044}

2012-12-02 20:37:12 -------- d-----w- C:\Program Files (x86)\YCIII

2012-12-02 14:09:36 -------- d-----w- C:\Users\Carl\AppData\Local\{4EA9F8DB-251D-463C-8909-39E7D6C2A21C}

2012-12-02 02:09:24 -------- d-----w- C:\Users\Carl\AppData\Local\{180D1D89-B275-4833-8973-A48BB7E286C4}

2012-12-01 16:20:19 1589248 ----a-w- C:\Windows\SysWow64\libmysql_d.dll

2012-12-01 16:20:17 -------- d-----w- C:\Program Files (x86)\PremiumSoft

2012-12-01 14:09:00 -------- d-----w- C:\Users\Carl\AppData\Local\{38929885-D779-4A2F-84FC-84BC4D90DAB2}

2012-12-01 02:08:48 -------- d-----w- C:\Users\Carl\AppData\Local\{A1FC59EA-5790-406F-9621-AF9466AA6449}

2012-11-30 14:05:43 -------- d-----w- C:\Users\Carl\AppData\Local\{3BAC74E0-C514-49B5-810F-6DFA617A6799}

2012-11-30 03:29:07 -------- d-----w- C:\Users\Carl\AppData\Local\DomiStyle

2012-11-30 02:05:31 -------- d-----w- C:\Users\Carl\AppData\Local\{49CFC33F-3E9F-48D2-8B8D-AE3D4D3F0DEC}

2012-11-29 14:05:19 -------- d-----w- C:\Users\Carl\AppData\Local\{D2CA6AA8-D483-44BD-B8FB-9359BF18F9A1}

2012-11-29 02:05:07 -------- d-----w- C:\Users\Carl\AppData\Local\{3D3900F3-B63D-4755-826F-1C138D57CDD4}

2012-11-28 14:04:55 -------- d-----w- C:\Users\Carl\AppData\Local\{4901E473-7A10-43B4-BD9E-0BC06DFD6938}

2012-11-27 21:56:39 -------- d-----w- C:\Users\Carl\AppData\Local\{9EAB4458-3EE4-41EE-BF80-5F462CE64267}

2012-11-27 09:56:15 -------- d-----w- C:\Users\Carl\AppData\Local\{23EE2329-223D-4340-92CA-66718C5A3E8B}

2012-11-26 21:56:03 -------- d-----w- C:\Users\Carl\AppData\Local\{12EAADE0-04B5-41E5-8431-CB67A7B98416}

.

==================== Find3M ====================

.

2012-12-26 16:22:17 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-12-24 22:35:51 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-12-24 22:35:51 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-12-24 22:35:30 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-12-02 20:31:28 102912 ----a-w- C:\Program Files (x86)\clipbrd.exe

2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-28 02:23:00 5557928 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-09-28 02:21:20 10697216 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-09-28 02:05:38 70144 ----a-w- C:\Windows\System32\coinst_9.002.dll

2012-09-28 02:03:52 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-09-28 02:02:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-09-28 02:02:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-09-28 02:02:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-09-28 02:02:20 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-09-28 02:02:08 16082432 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-09-28 01:59:56 23825920 ----a-w- C:\Windows\System32\atio6axx.dll

2012-09-28 01:57:20 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-09-28 01:43:28 935424 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-09-28 01:41:40 1120768 ----a-w- C:\Windows\System32\aticfx64.dll

2012-09-28 01:41:14 19624960 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-09-28 01:39:36 6536192 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-09-28 01:39:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2012-09-28 01:39:08 538112 ----a-w- C:\Windows\System32\atieclxx.exe

2012-09-28 01:38:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-09-28 01:36:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-09-28 01:36:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-09-28 01:36:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-09-28 01:36:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-09-28 01:31:26 3127296 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-09-28 01:25:24 6704640 ----a-w- C:\Windows\System32\atiumd64.dll

2012-09-28 01:22:42 7167488 ----a-w- C:\Windows\System32\atidxx64.dll

2012-09-28 01:22:30 2691584 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-09-28 01:13:40 595456 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-09-28 01:13:30 405504 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-09-28 01:13:16 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-09-28 01:13:12 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-09-28 01:13:12 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-09-28 01:13:08 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-09-28 01:13:00 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-09-28 01:12:52 460288 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-09-28 01:11:22 129536 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-09-28 01:11:16 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-09-28 01:11:08 103424 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-09-28 01:10:58 82944 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-09-28 01:09:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

.

============= FINISH: 8:57:24.66 ===============

DDS ATTACH FILE

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 03/12/2009 11:58:45 AM

System Uptime: 26/12/2012 8:29:59 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P6TD DELUXE

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 57.685 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

7-Zip 9.20 (x64 edition)

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader 9.5.2

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Profiles

ARMA 2

ARMA 2 Dedicated Server

ARMA 2: Operation Arrowhead

ARMA 2: Operation Arrowhead Beta

Articulate Quizmaker 2.1

ATI Catalyst Registration

ATI Problem Report Wizard

Avira Free Antivirus

AVS Update Manager 1.0

AVS Video Converter 6

Battlefield 3™

Battlelog Web Plugins

BattlEye for OA Uninstall

BattlEye Uninstall

Cabela's Outdoor Adventures

Call of Duty: Modern Warfare 3

Call of Duty: Modern Warfare 3 - Dedicated Server

Call of Duty: Modern Warfare 3 - Multiplayer

Camtasia Studio 7

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CDBurnerXP

Compatibility Pack for the 2007 Office system

ConvertXtoDVD 2.2.3.258

CPUID CPU-Z 1.54

Crazy Browser version 3.0.5

D3DX10

Darksiders II

DayZ Commander

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Deus Ex: Human Revolution

Digi Traffic Generator

Driver Sweeper 2.1.0

Empire: Total War

ESN Sonar

Eusing Free Registry Cleaner

Free Monitor for Google 2.5

Game Booster 3

Garmin USB Drivers

Garmin WebUpdater

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Grand Theft Auto IV

HiJackThis

Hitman: Absolution

HMA! Pro VPN 2.6.9

Image Resizer Powertoy Clone for Windows (64 bit)

Intel® Matrix Storage Manager

Ipswitch WS_FTP Pro

iTunes

Java 7 Update 10

Java Auto Updater

Java 6 Update 22

Java 7 Update 5 (64-bit)

Junk Mail filter update

K-Lite Mega Codec Pack 9.3.0

Macromedia Fireworks MX 2004

Malwarebytes Anti-Malware version 1.65.1.1000

Mass Effect 2

Mass Effect™ 3

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office FrontPage 2003

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Edition 2003

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works 6-9 Converter

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSVCRT_amd64

MSXML 4.0 SP3 Parser

NVIDIA PhysX

OpenOffice.org 3.3

Origin

PBO Manager v.1.4 beta

PDF Settings CS5

PeerBlock 1.1 (r518)

Photodex Presenter

PlanetSide 2

Play withSIX

PMB

PowerISO

PremiumSoft Navicat 10.1 for MySQL

ProShow Producer

PunkBuster Services

QuickTime

RAD Video Tools

RealPlayer

RealUpgrade 1.0

Revo Uninstaller 1.92

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 6.0

Sleeping Dogs™

Snagit 10

Sound Forge Audio Studio 10.0

Steam

SUPERAntiSpyware

System Requirements Lab CYRI

System Requirements Lab CYRI (64-bit)

The Elder Scrolls V: Skyrim

Total War: SHOGUN 2

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Vegas Movie Studio HD Platinum 11.0

Video Niche Dominator 2.03

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Visual C++ 8.0 Runtime Setup Package (x64)

VLC media player 1.1.11

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Movie Maker 2.6

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

26/12/2012 8:31:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd

26/12/2012 8:30:01 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .

22/12/2012 6:46:28 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

20/12/2012 9:39:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

20/12/2012 9:39:02 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

19/12/2012 12:20:25 PM, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]now press the search button

[*]when the search is complete, search.txt will also be written to your USB

[*]type exit and reboot the computer normally

[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)

Link to post
Share on other sites

Hey CatByte,

Thanks for your reply... I tried to access system recovery options both ways and neither will let me in...

1. After tapping F8 during the boot process, my computer wants to load the menu, but than hangs... and won't load it... it freezes and shows a garbled up image of my bios post I guess? I have attached a screenshot. Hitting ESC unfreezes the process and lets windows completes the boot to my desktop.

2., I then tried using the actual windows 7 disk... I Set the bios to boot from CD however the computer just keeps loading up as normal, totally bypassing the Windows Boot CD. I am not faced with any prompts whatsoever.

I am not sure what to do now...???

Carl

post-123193-0-22477400-1356551424.jpg

Link to post
Share on other sites

  • Staff

is the Bios set to boot from CD first?

If you still cannot access the Recovery Environment, there are other tools we can use

please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.

Link to post
Share on other sites

Yes, BIOS was/is set to boot from CD. The Anti-Rootkit is finished, upon starting MBAR I received a warning that registry value "appinit_dlls" was found. I chose option "NO" to ignore it. I wasn't sure if it was a false positive?

MBAR LOG FILE

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2012.12.26.13

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Carl :: CARL-PC [administrator]

26/12/2012 2:48:18 PM

mbar-log-2012-12-26 (14-48-18).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 32736

Time elapsed: 20 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

SYSTEM-LOG

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_22

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 2.672000 GHz

Memory total: 6433099776, free: 3731554304

------------ Kernel report ------------

12/26/2012 14:26:41

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\SCSIPORT.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\nvraid.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\vmbus.sys

\SystemRoot\system32\drivers\winhv.sys

\SystemRoot\system32\drivers\iaStorV.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\nvstor.sys

\SystemRoot\system32\drivers\storport.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avkmgr.sys

\SystemRoot\system32\DRIVERS\avipbb.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\yk62x64.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\DRIVERS\ASACPI.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\tap0901.sys

\SystemRoot\System32\Drivers\pcouffin.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\udfs.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\drivers\hidusb.sys

\SystemRoot\system32\drivers\HIDCLASS.SYS

\SystemRoot\system32\drivers\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\avgntflt.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\atksgt.sys

\??\C:\Windows\system32\drivers\cpuz133_x64.sys

\SystemRoot\system32\DRIVERS\lirsgt.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\gdi32.dll

\Windows\System32\setupapi.dll

\Windows\System32\ws2_32.dll

\Windows\System32\difxapi.dll

\Windows\System32\advapi32.dll

\Windows\System32\kernel32.dll

\Windows\System32\normaliz.dll

\Windows\System32\psapi.dll

\Windows\System32\usp10.dll

\Windows\System32\shell32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\imm32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\msvcrt.dll

\Windows\System32\msctf.dll

\Windows\System32\urlmon.dll

\Windows\System32\iertutil.dll

\Windows\System32\wininet.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\Wldap32.dll

\Windows\System32\lpk.dll

\Windows\System32\shlwapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\sechost.dll

\Windows\System32\nsi.dll

\Windows\System32\user32.dll

\Windows\System32\ole32.dll

\Windows\System32\devobj.dll

\Windows\System32\comctl32.dll

\Windows\System32\crypt32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\wintrust.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR2

Upper Device Object: 0xfffffa8007dcb4f0

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000095\

Lower Device Object: 0xfffffa800c3c2b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007135790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8006384050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.12.26.13

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007135790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80070369d0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007135790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006384050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xfffff8a004cc9a20, 0xfffffa8007135790, 0xfffffa800fbe1490

Lower DeviceData: 0xfffff8a04a462340, 0xfffffa8006384050, 0xfffffa80076f1590

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 668BE197

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 976529408

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500104691712 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976746976-976766976)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8007dcb4f0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007d75770, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007dcb4f0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800c3c2b60, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\

------------ End ----------

Upper DeviceData: 0xfffff8a0418d6940, 0xfffffa8007dcb4f0, 0xfffffa800acb8090

Lower DeviceData: 0xfffff8a002a8d680, 0xfffffa800c3c2b60, 0xfffffa80114e0460

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 5B6AC646

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 488392002

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

  • Staff

Please run the following

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Thank you for your prompt assistance CatByte!

ComboFix Log Below

ComboFix 12-12-25.02 - Carl 26/12/2012 16:08:42.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.6135.3836 [GMT -8:00]

Running from: c:\users\Carl\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files (x86)\Temp File Cleaner DB Toolbar\tbHElper.dll

c:\users\Carl\AppData\Local\{784F0F25-CFAB-44B0-80A0-44C5FC30A766}

c:\users\Carl\AppData\Local\{784F0F25-CFAB-44B0-80A0-44C5FC30A766}\chrome.manifest

c:\users\Carl\AppData\Local\{784F0F25-CFAB-44B0-80A0-44C5FC30A766}\chrome\content\_cfg.js

c:\users\Carl\AppData\Local\{784F0F25-CFAB-44B0-80A0-44C5FC30A766}\chrome\content\overlay.xul

c:\users\Carl\AppData\Local\{784F0F25-CFAB-44B0-80A0-44C5FC30A766}\install.rdf

c:\users\Carl\AppData\Local\assembly\tmp

c:\users\Carl\AppData\Roaming\inst.exe

c:\users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

c:\users\Carl\g2mdlhlpx.exe

c:\windows\msxml4-KB2721691-enu.LOG

F:\autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-11-27 to 2012-12-27 )))))))))))))))))))))))))))))))

.

.

2012-12-26 16:22 . 2012-12-26 16:22 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-12-26 16:22 . 2012-12-26 16:22 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-12-26 16:22 . 2012-12-26 16:22 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-24 22:35 . 2012-12-24 22:35 -------- d-----w- c:\users\Carl\AppData\Local\ESN

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll

2012-12-20 04:06 . 2012-12-20 04:06 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-12-19 23:33 . 2012-12-19 23:33 -------- d-----w- c:\program files\PBO Manager v.1.4 beta

2012-12-08 05:20 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-08 05:20 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-08 05:20 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-12-08 05:20 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-08 05:13 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-08 05:13 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-08 05:13 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-08 05:13 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-08 05:13 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-08 05:13 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-08 05:13 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-08 05:10 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-12-08 05:10 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-12-04 07:41 . 2012-12-04 07:41 -------- d-----w- c:\users\Carl\AppData\Roaming\Netscape

2012-12-04 07:41 . 2012-12-04 07:41 -------- d-----w- c:\program files (x86)\Photodex Presenter

2012-12-04 07:41 . 2012-12-04 07:41 -------- d-----w- c:\program files (x86)\Photodex

2012-12-04 07:40 . 2012-12-04 07:40 -------- d-----w- c:\users\Carl\AppData\Roaming\Photodex

2012-12-04 07:40 . 2012-12-04 07:41 -------- d-----w- c:\programdata\Photodex

2012-12-04 04:54 . 2012-12-04 04:54 -------- d-----w- c:\users\Carl\AppData\Local\Apple

2012-12-04 03:51 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-03 16:40 . 2012-12-03 16:40 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-12-02 20:37 . 2012-12-26 16:52 -------- d-----w- c:\program files (x86)\YCIII

2012-12-01 16:20 . 2012-09-19 18:02 1589248 ----a-w- c:\windows\SysWow64\libmysql_d.dll

2012-12-01 16:20 . 2012-12-01 16:20 -------- d-----w- c:\program files (x86)\PremiumSoft

2012-11-30 03:29 . 2012-11-30 03:29 -------- d-----w- c:\users\Carl\AppData\Local\DomiStyle

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-26 16:22 . 2010-11-01 20:44 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-24 22:35 . 2010-03-02 22:18 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-24 22:35 . 2010-03-02 21:58 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-12-24 22:35 . 2010-03-02 21:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-02 20:31 . 2008-04-14 03:12 102912 ----a-w- c:\program files (x86)\clipbrd.exe

2012-10-30 05:04 . 2010-01-04 22:21 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-10-16 08:38 . 2012-12-08 05:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-08 05:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-08 05:12 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-09-28 02:23 . 2012-06-11 16:45 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-09-28 02:21 . 2012-10-24 03:20 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-09-28 02:05 . 2012-10-24 03:20 70144 ----a-w- c:\windows\system32\coinst_9.002.dll

2012-09-28 02:03 . 2012-10-24 03:20 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-09-28 02:02 . 2012-10-24 03:20 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-09-28 02:02 . 2012-10-24 03:20 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-09-28 02:02 . 2012-10-24 03:20 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-09-28 02:02 . 2012-10-24 03:20 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-09-28 02:02 . 2012-10-24 03:20 16082432 ----a-w- c:\windows\system32\aticaldd64.dll

2012-09-28 01:59 . 2012-10-24 03:20 23825920 ----a-w- c:\windows\system32\atio6axx.dll

2012-09-28 01:57 . 2012-10-24 03:20 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-09-28 01:43 . 2012-06-11 17:24 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-09-28 01:41 . 2012-02-15 03:17 1120768 ----a-w- c:\windows\system32\aticfx64.dll

2012-09-28 01:41 . 2012-10-24 03:20 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-09-28 01:39 . 2012-06-11 17:16 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-09-28 01:39 . 2012-10-24 03:20 442368 ----a-w- c:\windows\system32\atidemgy.dll

2012-09-28 01:39 . 2012-10-24 03:20 538112 ----a-w- c:\windows\system32\atieclxx.exe

2012-09-28 01:38 . 2012-10-24 03:20 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-09-28 01:36 . 2012-10-24 03:20 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-09-28 01:36 . 2012-10-24 03:20 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-09-28 01:36 . 2012-10-24 03:20 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-09-28 01:36 . 2012-10-24 03:20 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-09-28 01:31 . 2012-02-15 02:40 3127296 ----a-w- c:\windows\system32\atiumd6a.dll

2012-09-28 01:25 . 2012-02-15 02:25 6704640 ----a-w- c:\windows\system32\atiumd64.dll

2012-09-28 01:22 . 2012-02-15 02:52 7167488 ----a-w- c:\windows\system32\atidxx64.dll

2012-09-28 01:22 . 2012-06-11 16:43 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-09-28 01:13 . 2012-10-13 16:00 595456 ----a-w- c:\windows\system32\atiadlxx.dll

2012-09-28 01:13 . 2012-10-24 03:20 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-09-28 01:13 . 2012-10-24 03:20 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-09-28 01:13 . 2012-10-24 03:20 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-09-28 01:13 . 2012-10-24 03:20 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-09-28 01:13 . 2012-10-24 03:20 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-09-28 01:13 . 2012-10-24 03:20 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-09-28 01:12 . 2012-10-24 03:20 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-09-28 01:12 . 2012-10-24 03:20 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-09-28 01:12 . 2012-10-24 03:20 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-09-28 01:12 . 2012-10-24 03:20 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-09-28 01:12 . 2012-10-24 03:20 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-09-28 01:11 . 2012-02-15 02:12 129536 ----a-w- c:\windows\system32\atiuxp64.dll

2012-09-28 01:11 . 2012-06-11 16:25 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-09-28 01:11 . 2012-02-15 02:12 103424 ----a-w- c:\windows\system32\atiu9p64.dll

2012-09-28 01:10 . 2012-06-11 16:24 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-09-28 01:09 . 2012-10-24 03:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-14 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Z1"="c:\users\Carl\Desktop\mbar-1.01.0.1011\mbar\mbar.exe" [2012-12-04 1342312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-16 867064]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 cpuz134;cpuz134;c:\users\Carl\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 51600]

R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-17 1255736]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-31 20968]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-05 82816]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-26 c:\windows\Tasks\At10.job

- c:\windows\ptw32.exe [2011-07-10 02:00]

.

2012-12-26 c:\windows\Tasks\At2.job

- c:\windows\cpdat.exe [2011-07-10 02:00]

.

2012-12-26 c:\windows\Tasks\At3.job

- c:\windows\pfbstar.exe [2011-07-10 02:00]

.

2012-12-26 c:\windows\Tasks\At4.job

- c:\windows\digtss.exe [2011-07-10 02:00]

.

2012-12-26 c:\windows\Tasks\At5.job

- c:\windows\ptw32.exe [2011-07-10 02:00]

.

2012-12-26 c:\windows\Tasks\At7.job

- c:\windows\cpdat.exe [2011-07-10 02:00]

.

2012-12-26 c:\windows\Tasks\At8.job

- c:\windows\pfbstar.exe [2011-07-10 02:00]

.

2012-12-26 c:\windows\Tasks\At9.job

- c:\windows\digtss.exe [2011-07-10 02:00]

.

2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 19:59]

.

2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 19:59]

.

2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197060855-1291228141-4181980758-1000Core.job

- c:\users\Carl\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-25 22:24]

.

2012-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197060855-1291228141-4181980758-1000UA.job

- c:\users\Carl\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-25 22:24]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\avgrssta.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\dbqckc06.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,

8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,

04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,

34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,

36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a7,56,59,ef,ba,3e,cc,01

.

[HKEY_USERS\S-1-5-21-4197060855-1291228141-4181980758-1000\Software\SecuROM\License information*]

"datasecu"=hex:da,41,61,87,5f,6e,10,e6,83,f6,e4,f5,0f,80,c5,14,d8,28,84,c5,df,

3c,74,c2,85,ce,71,12,6d,7d,20,88,39,06,4b,3b,b5,41,e9,dd,f2,c6,1f,4b,ee,a0,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-26 16:18:50

ComboFix-quarantined-files.txt 2012-12-27 00:18

.

Pre-Run: 86,094,102,528 bytes free

Post-Run: 87,536,427,008 bytes free

.

- - End Of File - - 4A084A1FC52123CEA55DA02CF0E8FB6E

Link to post
Share on other sites

  • Staff

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')


AtJob::
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

Thanks CatBytes here are the results of the scans.

ComboFix

ComboFix 12-12-25.02 - Carl 26/12/2012 17:22:25.2.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.6135.3839 [GMT -8:00]

Running from: c:\users\Carl\Desktop\ComboFix.exe

Command switches used :: c:\users\Carl\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\Tasks\At10.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

.

.

((((((((((((((((((((((((( Files Created from 2012-11-27 to 2012-12-27 )))))))))))))))))))))))))))))))

.

.

2012-12-27 01:27 . 2012-12-27 01:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-26 16:22 . 2012-12-26 16:22 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-12-26 16:22 . 2012-12-26 16:22 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-12-26 16:22 . 2012-12-26 16:22 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-24 22:35 . 2012-12-24 22:35 -------- d-----w- c:\users\Carl\AppData\Local\ESN

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll

2012-12-20 04:06 . 2012-12-20 04:06 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-12-19 23:33 . 2012-12-19 23:33 -------- d-----w- c:\program files\PBO Manager v.1.4 beta

2012-12-08 05:20 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-08 05:20 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-08 05:20 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-12-08 05:20 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-08 05:13 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-08 05:13 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-08 05:13 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-08 05:13 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-08 05:13 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-08 05:13 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-08 05:13 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-08 05:10 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-12-08 05:10 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-12-04 07:41 . 2012-12-04 07:41 -------- d-----w- c:\users\Carl\AppData\Roaming\Netscape

2012-12-04 07:41 . 2012-12-04 07:41 -------- d-----w- c:\program files (x86)\Photodex Presenter

2012-12-04 07:41 . 2012-12-04 07:41 -------- d-----w- c:\program files (x86)\Photodex

2012-12-04 07:40 . 2012-12-04 07:40 -------- d-----w- c:\users\Carl\AppData\Roaming\Photodex

2012-12-04 07:40 . 2012-12-04 07:41 -------- d-----w- c:\programdata\Photodex

2012-12-04 04:54 . 2012-12-04 04:54 -------- d-----w- c:\users\Carl\AppData\Local\Apple

2012-12-04 03:51 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-03 16:40 . 2012-12-03 16:40 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-12-02 20:37 . 2012-12-26 16:52 -------- d-----w- c:\program files (x86)\YCIII

2012-12-01 16:20 . 2012-09-19 18:02 1589248 ----a-w- c:\windows\SysWow64\libmysql_d.dll

2012-12-01 16:20 . 2012-12-01 16:20 -------- d-----w- c:\program files (x86)\PremiumSoft

2012-11-30 03:29 . 2012-11-30 03:29 -------- d-----w- c:\users\Carl\AppData\Local\DomiStyle

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-26 16:22 . 2010-11-01 20:44 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-24 22:35 . 2010-03-02 22:18 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-24 22:35 . 2010-03-02 21:58 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-12-24 22:35 . 2010-03-02 21:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-02 20:31 . 2008-04-14 03:12 102912 ----a-w- c:\program files (x86)\clipbrd.exe

2012-10-30 05:04 . 2010-01-04 22:21 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-10-16 08:38 . 2012-12-08 05:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-08 05:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-08 05:12 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-09-28 02:23 . 2012-06-11 16:45 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-09-28 02:21 . 2012-10-24 03:20 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-09-28 02:05 . 2012-10-24 03:20 70144 ----a-w- c:\windows\system32\coinst_9.002.dll

2012-09-28 02:03 . 2012-10-24 03:20 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-09-28 02:02 . 2012-10-24 03:20 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-09-28 02:02 . 2012-10-24 03:20 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-09-28 02:02 . 2012-10-24 03:20 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-09-28 02:02 . 2012-10-24 03:20 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-09-28 02:02 . 2012-10-24 03:20 16082432 ----a-w- c:\windows\system32\aticaldd64.dll

2012-09-28 01:59 . 2012-10-24 03:20 23825920 ----a-w- c:\windows\system32\atio6axx.dll

2012-09-28 01:57 . 2012-10-24 03:20 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-09-28 01:43 . 2012-06-11 17:24 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-09-28 01:41 . 2012-02-15 03:17 1120768 ----a-w- c:\windows\system32\aticfx64.dll

2012-09-28 01:41 . 2012-10-24 03:20 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-09-28 01:39 . 2012-06-11 17:16 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-09-28 01:39 . 2012-10-24 03:20 442368 ----a-w- c:\windows\system32\atidemgy.dll

2012-09-28 01:39 . 2012-10-24 03:20 538112 ----a-w- c:\windows\system32\atieclxx.exe

2012-09-28 01:38 . 2012-10-24 03:20 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-09-28 01:36 . 2012-10-24 03:20 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-09-28 01:36 . 2012-10-24 03:20 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-09-28 01:36 . 2012-10-24 03:20 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-09-28 01:36 . 2012-10-24 03:20 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-09-28 01:31 . 2012-02-15 02:40 3127296 ----a-w- c:\windows\system32\atiumd6a.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-14 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Z1"="c:\users\Carl\Desktop\mbar-1.01.0.1011\mbar\mbar.exe" [2012-12-04 1342312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-16 867064]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 cpuz134;cpuz134;c:\users\Carl\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 51600]

R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-17 1255736]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-31 20968]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-05 82816]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 19:59]

.

2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 19:59]

.

2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197060855-1291228141-4181980758-1000Core.job

- c:\users\Carl\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-25 22:24]

.

2012-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197060855-1291228141-4181980758-1000UA.job

- c:\users\Carl\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-25 22:24]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\avgrssta.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\dbqckc06.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,

8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,

04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,

34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,

36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a7,56,59,ef,ba,3e,cc,01

.

[HKEY_USERS\S-1-5-21-4197060855-1291228141-4181980758-1000\Software\SecuROM\License information*]

"datasecu"=hex:da,41,61,87,5f,6e,10,e6,83,f6,e4,f5,0f,80,c5,14,d8,28,84,c5,df,

3c,74,c2,85,ce,71,12,6d,7d,20,88,39,06,4b,3b,b5,41,e9,dd,f2,c6,1f,4b,ee,a0,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-26 17:28:31

ComboFix-quarantined-files.txt 2012-12-27 01:28

ComboFix2.txt 2012-12-27 00:18

.

Pre-Run: 87,604,359,168 bytes free

Post-Run: 87,545,012,224 bytes free

.

- - End Of File - - 3E961157023FA560F6D3BAC93D6E59E3

Junk Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.2.6 (12.26.2012:1)

OS: Windows 7 Professional x64

Ran by Carl on 26/12/2012 at 17:30:19.09

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl.1

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\trymedia"

Successfully deleted: [Folder] "C:\Users\Carl\appdata\locallow\toolbar4"

~~~ FireFox

Successfully deleted: [File] C:\Users\Carl\AppData\Roaming\mozilla\firefox\profiles\dbqckc06.default\searchplugins\search.xml

Successfully deleted the following from C:\Users\Carl\AppData\Roaming\mozilla\firefox\profiles\dbqckc06.default\prefs.js

user_pref("extensions.s4fToolbar.si-blekko-rank", true);

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26/12/2012 at 17:34:23.31

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADWCleaner

# AdwCleaner v2.103 - Logfile created 12/26/2012 at 17:37:09

# Updated 25/12/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Carl - CARL-PC

# Boot Mode : Normal

# Running from : C:\Users\Carl\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\dbqckc06.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.45

File : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [unable to get version]

File : C:\Users\Carl\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [5386 octets] - [26/12/2012 17:37:09]

########## EOF - C:\AdwCleaner[s1].txt - [5446 octets] ##########

Malware Bytes

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.27.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Carl :: CARL-PC [administrator]

26/12/2012 5:45:19 PM

mbam-log-2012-12-26 (17-45-19).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 217833

Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESET Scanner Log

C:\Qoobox\Quarantine\C\Users\Carl\AppData\Local\{784F0F25-CFAB-44B0-80A0-44C5FC30A766}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan

C:\Users\Carl\Backup\CARL-PC\Backup Set 2012-12-16 010020\Backup Files 2012-12-16 010020\Backup files 106.zip probably a variant of Win32/Agent.NVQFFQI trojan

C:\Users\Carl\Downloads\gb3-setup.exe a variant of Win32/ELEX application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[2].htm HTML/Iframe.B.Gen virus

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[3].htm HTML/Iframe.B.Gen virus

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[2].htm HTML/Iframe.B.Gen virus

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[2].htm HTML/Iframe.B.Gen virus

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[3].htm HTML/Iframe.B.Gen virus

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[2].htm HTML/Iframe.B.Gen virus

Link to post
Share on other sites

  • Staff

Note, you will need to make a clean set of back-ups when we are done

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')


File::
C:\Users\Carl\Backup\CARL-PC\Backup Set 2012-12-16 010020\Backup Files 2012-12-16 010020\Backup files 106.zip
C:\Users\Carl\Downloads\gb3-setup.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[2].htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[3].htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[2].htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[2].htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[3].htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[2].htm

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Make sure you remove this outdated version of Java from Programs and Features:

Java™ 6 Update 22

NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version XI)

Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

<p>Thanks Catbyte sorry for the delay...  The system seems to be running a little smoother now.</p>

<p> </p>

<p><span style="font-size:24px;"><strong>ComboFix Log</strong></span></p>

<p> </p>

<p> </p>

<div>ComboFix 12-12-28.02 - Carl 28/12/2012  17:59:09.3.8 - x64</div>

<div>Microsoft Windows 7 Professional   6.1.7601.1.1252.2.1033.18.6135.4483 [GMT -8:00]</div>

<div>Running from: c:\users\Carl\Desktop\ComboFix.exe</div>

<div>Command switches used :: c:\users\Carl\Desktop\CFScript.txt</div>

<div>AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}</div>

<div>SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}</div>

<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div> * Created a new restore point</div>

<div>.</div>

<div>FILE ::</div>

<div>"c:\users\Carl\Backup\CARL-PC\Backup Set 2012-12-16 010020\Backup Files 2012-12-16 010020\Backup files 106.zip"</div>

<div>"c:\users\Carl\Downloads\gb3-setup.exe"</div>

<div>"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[2].htm"</div>

<div>"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[3].htm"</div>

<div>"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[2].htm"</div>

<div>"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[2].htm"</div>

<div>"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[3].htm"</div>

<div>"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[2].htm"</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\users\Carl\Backup\CARL-PC\Backup Set 2012-12-16 010020\Backup Files 2012-12-16 010020\Backup files 106.zip</div>

<div>c:\users\Carl\Downloads\gb3-setup.exe</div>

<div>c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[2].htm</div>

<div>c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[3].htm</div>

<div>c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[2].htm</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2012-11-28 to 2012-12-29  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2012-12-29 02:09 . 2012-12-29 02:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>

<div>2012-12-27 17:44 . 2012-12-27 17:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Carl\AppData\Local\PboM</div>

<div>2012-12-27 01:53 . 2012-12-27 01:53<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\ESET</div>

<div>2012-12-27 01:30 . 2012-12-27 01:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\ERUNT</div>

<div>2012-12-27 01:30 . 2012-12-27 01:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\JRT</div>

<div>2012-12-26 16:22 . 2012-12-26 16:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Java</div>

<div>2012-12-26 16:22 . 2012-12-26 16:22<span class="Apple-tab-span" style="white-space:pre"> </span>859072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\npDeployJava1.dll</div>

<div>2012-12-26 16:22 . 2012-12-26 16:22<span class="Apple-tab-span" style="white-space:pre"> </span>95184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\WindowsAccessBridge-32.dll</div>

<div>2012-12-24 22:35 . 2012-12-24 22:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Carl\AppData\Local\ESN</div>

<div>2012-12-20 04:07 . 2012-12-20 04:07<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll</div>

<div>2012-12-20 04:07 . 2012-12-20 04:07<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll</div>

<div>2012-12-20 04:07 . 2012-12-20 04:07<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll</div>

<div>2012-12-20 04:07 . 2012-12-20 04:07<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll</div>

<div>2012-12-20 04:07 . 2012-12-20 04:07<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll</div>

<div>2012-12-20 04:07 . 2012-12-20 04:07<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll</div>

<div>2012-12-20 04:07 . 2012-12-20 04:07<span class="Apple-tab-span" style="white-space:pre"> </span>159744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll</div>

<div>2012-12-20 04:06 . 2012-12-20 04:06<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Apple Software Update</div>

<div>2012-12-19 23:33 . 2012-12-27 17:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\PBO Manager v.1.4 beta</div>

<div>2012-12-08 05:20 . 2012-07-26 04:55<span class="Apple-tab-span" style="white-space:pre"> </span>785512<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\Wdf01000.sys</div>

<div>2012-12-08 05:20 . 2012-07-26 04:55<span class="Apple-tab-span" style="white-space:pre"> </span>54376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\WdfLdr.sys</div>

<div>2012-12-08 05:20 . 2012-07-26 04:47<span class="Apple-tab-span" style="white-space:pre"> </span>2560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\en-US\wdf01000.sys.mui</div>

<div>2012-12-08 05:20 . 2012-07-26 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>9728<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Wdfres.dll</div>

<div>2012-12-08 05:13 . 2012-07-26 02:26<span class="Apple-tab-span" style="white-space:pre"> </span>87040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\WUDFPf.sys</div>

<div>2012-12-08 05:13 . 2012-07-26 02:26<span class="Apple-tab-span" style="white-space:pre"> </span>198656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\WUDFRd.sys</div>

<div>2012-12-08 05:13 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>229888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFHost.exe</div>

<div>2012-12-08 05:13 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>84992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFSvc.dll</div>

<div>2012-12-08 05:13 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>744448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFx.dll</div>

<div>2012-12-08 05:13 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>45056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFCoinstaller.dll</div>

<div>2012-12-08 05:13 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>194048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFPlatform.dll</div>

<div>2012-12-08 05:10 . 2012-09-25 22:47<span class="Apple-tab-span" style="white-space:pre"> </span>78336<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\synceng.dll</div>

<div>2012-12-08 05:10 . 2012-09-25 22:46<span class="Apple-tab-span" style="white-space:pre"> </span>95744<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\synceng.dll</div>

<div>2012-12-04 07:41 . 2012-12-04 07:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Carl\AppData\Roaming\Netscape</div>

<div>2012-12-04 07:41 . 2012-12-04 07:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Photodex Presenter</div>

<div>2012-12-04 07:41 . 2012-12-04 07:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Photodex</div>

<div>2012-12-04 07:40 . 2012-12-04 07:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Carl\AppData\Roaming\Photodex</div>

<div>2012-12-04 07:40 . 2012-12-04 07:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Photodex</div>

<div>2012-12-04 04:54 . 2012-12-04 04:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Carl\AppData\Local\Apple</div>

<div>2012-12-04 03:51 . 2012-09-30 03:54<span class="Apple-tab-span" style="white-space:pre"> </span>25928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-12-03 16:40 . 2012-12-03 16:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Skype</div>

<div>2012-12-02 20:37 . 2012-12-26 16:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\YCIII</div>

<div>2012-12-01 16:20 . 2012-09-19 18:02<span class="Apple-tab-span" style="white-space:pre"> </span>1589248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\libmysql_d.dll</div>

<div>2012-12-01 16:20 . 2012-12-01 16:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\PremiumSoft</div>

<div>2012-11-30 03:29 . 2012-11-30 03:29<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Carl\AppData\Local\DomiStyle</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>2012-12-26 16:22 . 2010-11-01 20:44<span class="Apple-tab-span" style="white-space:pre"> </span>779704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\deployJava1.dll</div>

<div>2012-12-24 22:35 . 2010-03-02 22:18<span class="Apple-tab-span" style="white-space:pre"> </span>281520<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\PnkBstrB.xtr</div>

<div>2012-12-24 22:35 . 2010-03-02 21:58<span class="Apple-tab-span" style="white-space:pre"> </span>281520<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\PnkBstrB.exe</div>

<div>2012-12-24 22:35 . 2010-03-02 21:58<span class="Apple-tab-span" style="white-space:pre"> </span>280904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\PnkBstrB.ex0</div>

<div>2012-12-02 20:31 . 2008-04-14 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>102912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\clipbrd.exe</div>

<div>2012-10-30 05:04 . 2010-01-04 22:21<span class="Apple-tab-span" style="white-space:pre"> </span>66395536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MRT.exe</div>

<div>2012-10-25 11:12 . 2012-10-25 11:12<span class="Apple-tab-span" style="white-space:pre"> </span>94208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\QuickTimeVR.qtx</div>

<div>2012-10-25 11:12 . 2012-10-25 11:12<span class="Apple-tab-span" style="white-space:pre"> </span>69632<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\QuickTime.qts</div>

<div>2012-10-16 08:38 . 2012-12-08 05:12<span class="Apple-tab-span" style="white-space:pre"> </span>135168<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\apppatch\AppPatch64\AcXtrnal.dll</div>

<div>2012-10-16 08:38 . 2012-12-08 05:12<span class="Apple-tab-span" style="white-space:pre"> </span>350208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\apppatch\AppPatch64\AcLayers.dll</div>

<div>2012-10-16 07:39 . 2012-12-08 05:12<span class="Apple-tab-span" style="white-space:pre"> </span>561664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\apppatch\AcLayers.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-14 39408]</div>

<div>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]</div>

<div>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>

<div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div>

<div>"ConsentPromptBehaviorUser"= 3 (0x3)</div>

<div>"EnableUIADesktopToggle"= 0 (0x0)</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]</div>

<div>"aux5"=wdmaud.drv</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]</div>

<div>@="Service"</div>

<div>.</div>

<div>R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-16 867064]</div>

<div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div>

<div>R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]</div>

<div>R3 cpuz134;cpuz134;c:\users\Carl\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]</div>

<div>R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 51600]</div>

<div>R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]</div>

<div>R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]</div>

<div>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]</div>

<div>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]</div>

<div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-17 1255736]</div>

<div>S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]</div>

<div>S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]</div>

<div>S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]</div>

<div>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]</div>

<div>S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]</div>

<div>S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]</div>

<div>S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-31 20968]</div>

<div>S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]</div>

<div>S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]</div>

<div>S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-05 82816]</div>

<div>S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]</div>

<div>.</div>

<div>.</div>

<div>--- Other Services/Drivers In Memory ---</div>

<div>.</div>

<div>*NewlyCreated* - WS2IFSL</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 19:59]</div>

<div>.</div>

<div>2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 19:59]</div>

<div>.</div>

<div>2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197060855-1291228141-4181980758-1000Core.job</div>

<div>- c:\users\Carl\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-25 22:24]</div>

<div>.</div>

<div>2012-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197060855-1291228141-4181980758-1000UA.job</div>

<div>- c:\users\Carl\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-25 22:24]</div>

<div>.</div>

<div>.</div>

<div>--------- X64 Entries -----------</div>

<div>.</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]</div>

<div>"AppInit_DLLs"=c:\windows\System32\avgrssta.dll</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uLocal Page = c:\windows\system32\blank.htm</div>

<div>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000</div>

<div>IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105</div>

<div>TCP: DhcpNameServer = 192.168.1.254</div>

<div>FF - ProfilePath - c:\users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\dbqckc06.default\</div>

<div>FF - prefs.js: browser.startup.homepage - hxxp://www.google.com</div>

<div>FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)</div>

<div>ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)</div>

<div>ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)</div>

<div>AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe</div>

<div>AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>.</div>

<div>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]</div>

<div>@Denied: (2) (LocalSystem)</div>

<div>"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,</div>

<div>   8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7</div>

<div>"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,</div>

<div>   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b</div>

<div>"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,</div>

<div>   04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c</div>

<div>"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,</div>

<div>   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7</div>

<div>"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,</div>

<div>   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de</div>

<div>"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,</div>

<div>   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2</div>

<div>"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,</div>

<div>   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3</div>

<div>"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,</div>

<div>   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd</div>

<div>"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,</div>

<div>   36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d</div>

<div>"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,</div>

<div>   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17</div>

<div>"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,</div>

<div>   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b</div>

<div>.</div>

<div>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]</div>

<div>@Denied: (2) (LocalSystem)</div>

<div>"Timestamp"=hex:a7,56,59,ef,ba,3e,cc,01</div>

<div>.</div>

<div>[HKEY_USERS\S-1-5-21-4197060855-1291228141-4181980758-1000\Software\SecuROM\License information*]</div>

<div>"datasecu"=hex:da,41,61,87,5f,6e,10,e6,83,f6,e4,f5,0f,80,c5,14,d8,28,84,c5,df,</div>

<div>   3c,74,c2,85,ce,71,12,6d,7d,20,88,39,06,4b,3b,b5,41,e9,dd,f2,c6,1f,4b,ee,a0,\</div>

<div>"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]</div>

<div>@Denied: (A) (Everyone)</div>

<div>"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]</div>

<div>@Denied: (A) (Everyone)</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]</div>

<div>"Key"="ActionsPane3"</div>

<div>"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</div>

<div>@Denied: (Full) (Everyone)</div>

<div>.</div>

<div>Completion time: 2012-12-28  18:10:34</div>

<div>ComboFix-quarantined-files.txt  2012-12-29 02:10</div>

<div>ComboFix2.txt  2012-12-27 01:28</div>

<div>ComboFix3.txt  2012-12-27 00:18</div>

<div>.</div>

<div>Pre-Run: 77,319,581,696 bytes free</div>

<div>Post-Run: 77,280,227,328 bytes free</div>

<div>.</div>

<div>- - End Of File - - 17FCB1BE269F5F24579CE9E97689F505</div>

Link to post
Share on other sites

Sorry... no idea how that happened... here is the final log.

ComboFix 12-12-28.02 - Carl 28/12/2012 17:59:09.3.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.6135.4483 [GMT -8:00]

Running from: c:\users\Carl\Desktop\ComboFix.exe

Command switches used :: c:\users\Carl\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\users\Carl\Backup\CARL-PC\Backup Set 2012-12-16 010020\Backup Files 2012-12-16 010020\Backup files 106.zip"

"c:\users\Carl\Downloads\gb3-setup.exe"

"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[2].htm"

"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[3].htm"

"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[2].htm"

"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[2].htm"

"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[3].htm"

"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[2].htm"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Carl\Backup\CARL-PC\Backup Set 2012-12-16 010020\Backup Files 2012-12-16 010020\Backup files 106.zip

c:\users\Carl\Downloads\gb3-setup.exe

c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[2].htm

c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[3].htm

c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[2].htm

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-29 )))))))))))))))))))))))))))))))

.

.

2012-12-29 02:09 . 2012-12-29 02:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-27 17:44 . 2012-12-27 17:44 -------- d-----w- c:\users\Carl\AppData\Local\PboM

2012-12-27 01:53 . 2012-12-27 01:53 -------- d-----w- c:\program files (x86)\ESET

2012-12-27 01:30 . 2012-12-27 01:30 -------- d-----w- c:\windows\ERUNT

2012-12-27 01:30 . 2012-12-27 01:30 -------- d-----w- C:\JRT

2012-12-26 16:22 . 2012-12-26 16:22 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-12-26 16:22 . 2012-12-26 16:22 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-12-26 16:22 . 2012-12-26 16:22 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-24 22:35 . 2012-12-24 22:35 -------- d-----w- c:\users\Carl\AppData\Local\ESN

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll

2012-12-20 04:07 . 2012-12-20 04:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll

2012-12-20 04:06 . 2012-12-20 04:06 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-12-19 23:33 . 2012-12-27 17:57 -------- d-----w- c:\program files\PBO Manager v.1.4 beta

2012-12-08 05:20 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-08 05:20 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-08 05:20 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-12-08 05:20 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-08 05:13 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-08 05:13 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-08 05:13 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-08 05:13 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-08 05:13 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-08 05:13 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-08 05:13 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-08 05:10 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-12-08 05:10 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-12-04 07:41 . 2012-12-04 07:41 -------- d-----w- c:\users\Carl\AppData\Roaming\Netscape

2012-12-04 07:41 . 2012-12-04 07:41 -------- d-----w- c:\program files (x86)\Photodex Presenter

2012-12-04 07:41 . 2012-12-04 07:41 -------- d-----w- c:\program files (x86)\Photodex

2012-12-04 07:40 . 2012-12-04 07:40 -------- d-----w- c:\users\Carl\AppData\Roaming\Photodex

2012-12-04 07:40 . 2012-12-04 07:41 -------- d-----w- c:\programdata\Photodex

2012-12-04 04:54 . 2012-12-04 04:54 -------- d-----w- c:\users\Carl\AppData\Local\Apple

2012-12-04 03:51 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-03 16:40 . 2012-12-03 16:40 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-12-02 20:37 . 2012-12-26 16:52 -------- d-----w- c:\program files (x86)\YCIII

2012-12-01 16:20 . 2012-09-19 18:02 1589248 ----a-w- c:\windows\SysWow64\libmysql_d.dll

2012-12-01 16:20 . 2012-12-01 16:20 -------- d-----w- c:\program files (x86)\PremiumSoft

2012-11-30 03:29 . 2012-11-30 03:29 -------- d-----w- c:\users\Carl\AppData\Local\DomiStyle

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-26 16:22 . 2010-11-01 20:44 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-24 22:35 . 2010-03-02 22:18 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-24 22:35 . 2010-03-02 21:58 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-12-24 22:35 . 2010-03-02 21:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-02 20:31 . 2008-04-14 03:12 102912 ----a-w- c:\program files (x86)\clipbrd.exe

2012-10-30 05:04 . 2010-01-04 22:21 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-10-16 08:38 . 2012-12-08 05:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-08 05:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-08 05:12 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-14 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-16 867064]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 cpuz134;cpuz134;c:\users\Carl\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 51600]

R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-17 1255736]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-31 20968]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-05 82816]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 19:59]

.

2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 19:59]

.

2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197060855-1291228141-4181980758-1000Core.job

- c:\users\Carl\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-25 22:24]

.

2012-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4197060855-1291228141-4181980758-1000UA.job

- c:\users\Carl\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-25 22:24]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\avgrssta.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\dbqckc06.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,

8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,

04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,

34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,

36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a7,56,59,ef,ba,3e,cc,01

.

[HKEY_USERS\S-1-5-21-4197060855-1291228141-4181980758-1000\Software\SecuROM\License information*]

"datasecu"=hex:da,41,61,87,5f,6e,10,e6,83,f6,e4,f5,0f,80,c5,14,d8,28,84,c5,df,

3c,74,c2,85,ce,71,12,6d,7d,20,88,39,06,4b,3b,b5,41,e9,dd,f2,c6,1f,4b,ee,a0,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-28 18:10:34

ComboFix-quarantined-files.txt 2012-12-29 02:10

ComboFix2.txt 2012-12-27 01:28

ComboFix3.txt 2012-12-27 00:18

.

Pre-Run: 77,319,581,696 bytes free

Post-Run: 77,280,227,328 bytes free

.

- - End Of File - - 17FCB1BE269F5F24579CE9E97689F505

Link to post
Share on other sites

  • Staff

We just have some housekeeping to do now,

Please do the following:

You can delete the DDS, JRT and the Farbar logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    [*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

    [*]Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.