adware still present after fake police ransomware removed

[Roju]

While using Microsoft security essentials I got nailed by the fake police ransomware that seems to be doing the rounds at the moment and it kicked the crap out of MSE making it unusable. After eventually getting rid of it with AVG and using Microsoft fixit to remove MSE to it let me download .exe's again as it would not let me uninstall it anymore.

I've found since that I'm getting odd bits of adware popping up in small squares in the bottom right corners of browser windows so I got and ran malwarebytes which seem to have cleaned it out of IE quite nicely, however what is odd is when I run a game like DOTA 2 that uses browser windows built in to the menu system, the adware seems to be popping up in there still in the bottom left of one of the frames and both AVG and Malewarebytes are saying everything is clean.

I'm not sure how to clean off this residue basically as I’ve tried cleaning out any bad registry entries with Little Registry Cleaner which I’ve had good results from in the past but it still doesn’t seem to have caught it. I then saw this forum in looking for another solution and you guys seem really helpful so I'm giving this a try

Here’s the DDS logs taken with AVG temp disabled and yes I'm aware the system is probably in a bit of a mess in the background but the main thing is that it works lol cheers!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16438 BrowserJavaVersion: 10.9.2

Run by Rohan at 16:51:31 on 2013-05-06

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.2197 [GMT 10:00]

.

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

D:\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\crypserv.exe

C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

Y:\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\SysWOW64\IoctlSvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Users\Rohan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Rohan\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

D:\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe

D:\AVG\AVG2013\avgui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\System32\MsSpellCheckingFacility.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: EndNote Web: {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: EndNote Web: {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll

uRun: [spotify Web Helper] "C:\Users\Rohan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AVG_UI] "D:\AVG\AVG2013\avgui.exe" /TRAYONLY

StartupFolder: C:\Users\Rohan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Rohan\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - LocalServer32 - <no file>

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx

DPF: {121C3E0E-DC6E-45DC-952B-A6617F0FAA32} - hxxp://cojmodding.com/js/CoJ2MapDownloader.cab

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

DPF: {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} - hxxp://actiftp.hosting4less.com/ACTIGENERAL/AP&Manual/Live%20Demo/nvUnifiedControl.ocx

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{3D3CC097-F842-4351-AE7C-AB86AF57211F} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{8302BE55-71CC-4AD2-A2E7-4FDC7F3D24C0} : DHCPNameServer = 10.143.147.147 10.143.147.148

TCP: Interfaces\{C2F2B275-55A4-4A1E-871B-E683F508D167} : DHCPNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"

x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 212.59.28.228 www.google-analytics.com.

Hosts: 212.59.28.228 ad-emea.doubleclick.net.

Hosts: 212.59.28.228 www.statcounter.com.

Hosts: 93.115.241.27 www.google-analytics.com.

Hosts: 93.115.241.27 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-2-14 239416]

R2 avgwd;AVG WatchDog;D:\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]

R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2011-1-10 120408]

R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;Y:\Hi-Rez Studios\HiPatchService.exe [2012-2-1 8704]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]

R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-8-20 27136]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-14 535656]

S2 AVGIDSAgent;AVGIDSAgent;D:\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-15 49152]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Steam\SteamApps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-6-17 25832]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2010-8-20 21712]

S3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2013-3-26 23680]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]

S3 NisSrv;Microsoft Network Inspection;"C:\Program Files\Microsoft Security Client\NisSrv.exe" --> C:\Program Files\Microsoft Security Client\NisSrv.exe [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-2-25 20992]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-8-20 51712]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-8-20 24064]

S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-8-20 51712]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-25 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-8-20 24064]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-27 1255736]

S3 WiselinkPro;SAMSUNG WiselinkPro Service;O:\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-2-17 3007488]

S4 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]

.

=============== Created Last 30 ================

.

2013-05-05 17:56:52 292968 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2013-05-05 17:56:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-05 17:56:52 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-05 17:56:52 235104 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2013-05-04 15:41:04 -------- d-----w- C:\Users\Rohan\AppData\Roaming\Malwarebytes

2013-05-04 15:40:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-04 15:40:53 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-04 04:55:05 -------- d-----w- C:\MATS

2013-05-04 04:54:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-05-04 04:14:31 -------- d-----w- C:\Users\Rohan\AppData\Roaming\AVG2013

2013-05-04 04:14:26 -------- d-----w- C:\Users\Rohan\AppData\Local\Avg2013

2013-05-04 01:56:30 -------- d--h--w- C:\$AVG

2013-05-04 01:56:28 -------- d-----w- C:\ProgramData\AVG2013

2013-05-04 01:50:26 -------- d-----w- C:\ProgramData\MFAData

2013-04-27 14:28:23 -------- d-----w- C:\Users\Rohan\AppData\Roaming\HandBrake

2013-04-26 13:10:35 -------- d-----w- C:\Windows\SysWow64\CSP

2013-04-17 10:19:28 -------- d-----w- C:\Program Files (x86)\EndNote Web

2013-04-17 10:19:28 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2013-04-09 16:06:12 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-09 16:06:12 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-06 16:19:02 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-04-06 16:19:02 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-04-06 16:19:02 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-04-06 16:19:02 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-04-06 16:19:02 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-04-06 16:19:00 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-04-06 16:18:40 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-04-06 16:18:39 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-04-06 16:18:39 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2013-04-26 08:56:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-26 08:56:35 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-03-24 13:18:06 25640 ----a-w- C:\Windows\gdrv.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-14 11:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-26 13:40:46 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-02-13 17:52:46 239416 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-07 18:37:56 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2013-02-07 18:37:54 311096 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2013-02-07 18:37:50 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2013-02-07 18:37:42 206136 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2013-02-07 18:37:40 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2011-11-12 15:53:32 44 ---h--w- C:\Program Files (x86)\82b9fb74.tmp

.

============= FINISH: 16:51:39.47 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 20/01/2010 8:57:33 PM

System Uptime: 6/05/2013 4:00:19 PM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | EP45T-UD3P

Processor: Intel® Core™2 Duo CPU E8600 @ 3.33GHz | Socket 775 | 3333/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 60 GiB total, 3.066 GiB free.

D: is FIXED (NTFS) - 238 GiB total, 6.811 GiB free.

E: is CDROM ()

G: is Removable

O: is FIXED (NTFS) - 1863 GiB total, 617.235 GiB free.

X: is FIXED (NTFS) - 466 GiB total, 148.064 GiB free.

Y: is FIXED (NTFS) - 466 GiB total, 22.967 GiB free.

Z: is FIXED (NTFS) - 298 GiB total, 11.089 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP573: 4/05/2013 4:41:14 PM - Before Little Registry Cleaner Registry Fix

RP575: 4/05/2013 4:41:47 PM - Before Little Registry Cleaner Registry Fix

RP576: 6/05/2013 3:56:06 AM - Windows Update

.

==== Hosts File Hijack ======================

.

Hosts: 212.59.28.228 www.google-analytics.com.

Hosts: 212.59.28.228 ad-emea.doubleclick.net.

Hosts: 212.59.28.228 www.statcounter.com.

Hosts: 93.115.241.27 www.google-analytics.com.

Hosts: 93.115.241.27 ad-emea.doubleclick.net.

Hosts: 93.115.241.27 www.statcounter.com.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Adobe Shockwave Player 11.6

Age of Empires III

Age of Pirates 2: City of Abandoned Ships ver.1.3.0

Alien Swarm

Altitude

Amnesia: The Dark Descent

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARMA 2

ARMA 2 Dedicated Server

ARMA 2: Operation Arrowhead

ARMA 2: Operation Arrowhead Beta

ASUS GPU Tweak

µTorrent

AVG 2013

AviSynth 2.5

Bastion

Battlefield 3™

Battlelog Web Plugins

BattlEye for OA Uninstall

BattlEye Uninstall

BioShock

BioShock Infinite

BoneTown

Bonjour

Borderlands

Borderlands 2

Braid

BulletStorm

Call of Cthulhu: Dark Corners of the Earth

Call of Duty Black Ops 2

Call of Duty: Black Ops

Call of Juarez - Bound in Blood Map Downloader

Caribbean Tales Supermod FULL Repack v1.5

CDDRV_Installer

Champions Online: Free For All

Chivalry: Medieval Warfare

Combined Community Codec Pack 2013-04-20

Commander Keen Complete Pack

Course Vector .minerva

Crysis®

Curse Client

Dawn Of War

Dawn of War - Dark Crusade

DayZ Commander

Dead Island

DeathSpank

DH Driver Cleaner Professional Edition

Diagnostic Utility

Dokan Library 0.6.0

Dota 2

Dragon Nest

DriverAgent by eSupport.com

Dropbox

Dungeon Fighter Online

Dungeons of Dredmor

Dwarfs F2P

Dwarfs!?

e-tax 2009

e-tax 2010

e-tax 2011

e-tax 2012

EndNote Web

erLT

ESN Sonar

F.E.A.R. 3

Fallout 3

Fallout 3 - Game of the Year Edition

Fallout: New Vegas

Far Cry 3

FTL: Faster Than Light

Gigabyte Raid Configurer

Google Earth Plug-in

Google Update Helper

HandBrake 0.9.8

Hero Lab 3.9a

Heroes of Might and Magic V - Tribes of the East

Hi-Rez Studios Authenticate and Update Service

Hitman: Blood Money

Hunted: The Demon's Forge

iCloud

ILLUSION ????????

iTunes

Java 7 Update 9

Java 7 Update 9 (64-bit)

Java Auto Updater

JavaFX 2.1.1

Karnisov's Pillage Tools

Kenshi 0.29.6

KhalInstallWrapper

LIMBO

Little Registry Cleaner

LMMSetup

Logitech GamePanel Software 3.06.109

Logitech SetPoint

Lone Survivor

LOTRO Plugin Compendium

Magicka

Malwarebytes Anti-Malware version 1.75.0.1300

Mark of the Ninja

Mass Effect 2

Mass Effect™ 3 Demo

Medal Of Honor 2010.Limited Edition

Memoir '44 Online

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft AppLocale

Microsoft Flight Simulator X

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Windows Application Compatibility Database

Microsoft Windows Media Video 9 VCM

Microsoft XNA Framework Redistributable 3.1

Minecraft Note Block Studio version 3.1.3

Miners4k

MobileMe Control Panel

Morrowind AnimKit 2.1 (remove only)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Mumble 1.2.3

Naev

Napoleon: Total War

Natural Selection 2

Naval Warfare

Nero 8 Essentials

neroxml

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 314.22

NVIDIA 3D Vision Driver 314.22

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA HD Audio Driver 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.12.12

NVIDIA Update Components

OCCT 4.4.0

OpenAL

OpenOffice.org 3.4

Origin

PeerBlock 1.1 (r518)

PingPlotter Standard 3.30.4s

PlanetSide 2

Portal 2

PS3 Media Server

Psychonauts

PunkBuster Services

Puzzle Pirates

Quake 4

QuickTime

Rage

Rawr

Real Kanojo

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

ResearchSoft Direct Export Helper

RGSS-RTP Standard

RPG Maker VX RTP

SAMSUNG PC Share Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Sid Meier's Civilization V

Skype™ 6.1

Space Rangers 2: Reboot

Spelling Dictionaries Support For Adobe Reader 9

Spotify

Star Wars: The Old Republic

SteamTool 1.1

Stellar Impact

Stellar Phoenix Windows Data Recovery V4.1

Super Meat Boy

Super Meat Boy Editor

Superbrothers: Sword & Sworcery EP

swMSM

System Requirements Lab

System Requirements Lab CYRI

TeamSpeak 3 Client

The Elder Scrolls III: Morrowind

The Elder Scrolls V: Skyrim

The Lord of the Rings Online™ v03.02.03.8013

The Witcher

The Witcher 2: Assassins of Kings Enhanced Edition

The Witcher: Enhanced Edition

Tom Clancy's Splinter Cell Conviction

Torchlight

Tribes Ascend Closed Beta

Tricky Truck 2.33

Ubisoft Game Launcher

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Uplay

Ventrilo Client for Windows x64

Virtual Hottie 2

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Visual Studio 2010 x64 Redistributables

Windows Live ID Sign-in Assistant

WinRAR archiver

World of Tanks

World of Warplanes

X3 Reunion

XCOM: Enemy Unknown

.

==== Event Viewer Messages From Past Week ========

.

6/05/2013 4:02:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

6/05/2013 4:02:20 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

6/05/2013 4:01:43 PM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the file specified.

6/05/2013 3:58:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.

5/05/2013 1:51:16 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.

4/05/2013 12:58:36 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

4/05/2013 12:58:36 AM, Error: Service Control Manager [7038] - The NlaSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

4/05/2013 12:58:36 AM, Error: Service Control Manager [7038] - The MpsSvc service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

4/05/2013 12:58:36 AM, Error: Service Control Manager [7038] - The LanmanWorkstation service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

4/05/2013 12:58:36 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: A system shutdown is in progress.

4/05/2013 12:58:36 AM, Error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not start due to a logon failure.

4/05/2013 12:58:36 AM, Error: Service Control Manager [7000] - The Windows Firewall service failed to start due to the following error: The service did not start due to a logon failure.

4/05/2013 12:58:36 AM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The service did not start due to a logon failure.

4/05/2013 12:58:36 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.

4/05/2013 12:58:36 AM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: A system shutdown is in progress.

4/05/2013 11:52:39 AM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.

4/05/2013 11:47:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/05/2013 11:47:16 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/05/2013 11:47:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/05/2013 11:47:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/05/2013 11:47:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/05/2013 11:46:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache Lbd MpFilter NetworkX spldr sptd Wanarpv6

4/05/2013 11:46:54 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/05/2013 11:46:30 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .

4/05/2013 1:03:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache Lbd MpFilter NetBIOS NetBT NetworkX nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf

4/05/2013 1:03:49 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/05/2013 1:03:49 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/05/2013 1:03:49 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/05/2013 1:03:49 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/05/2013 1:03:49 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/05/2013 1:03:49 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

4/05/2013 1:03:49 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/05/2013 1:03:49 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/05/2013 1:03:49 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/05/2013 1:03:49 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/05/2013 11:42:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.

3/05/2013 11:32:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NisSrv service.

3/05/2013 11:32:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.

.

==== End Of File ===========================

[Maniac]

Hello Roju and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

I'm not sure how to clean off this residue basically as I’ve tried cleaning out any bad registry entries with Little Registry Cleaner which I’ve had good results from in the past but it still doesn’t seem to have caught it.

We not recommend you to use any kind of registry cleaner. More information here:

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

Step 1

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

• Download on the desktop RogueKiller
  
• Quit all programs
  
• Start RogueKiller.exe
  
• Wait until Prescan has finished ...
  
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• RogueKiller log

[Roju]

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.07.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16443

Rohan :: COMPY-486 [administrator]

8/05/2013 3:28:35 AM

mbam-log-2013-05-08 (03-28-35).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 306419

Time elapsed: 7 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Rohan [Admin rights]

Mode : Scan -- Date : 05/08/2013 03:43:26

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$5f1a9c11b19b1ce17c806ee03491ca1e\U --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3036508256-3434618019-3884890649-1001\$5f1a9c11b19b1ce17c806ee03491ca1e\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$5f1a9c11b19b1ce17c806ee03491ca1e\L --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3036508256-3434618019-3884890649-1001\$5f1a9c11b19b1ce17c806ee03491ca1e\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Mal.Hosts|ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

212.59.28.228 www.google-analytics.com.

212.59.28.228 ad-emea.doubleclick.net.

212.59.28.228 www.statcounter.com.

93.115.241.27 www.google-analytics.com.

93.115.241.27 ad-emea.doubleclick.net.

93.115.241.27 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++

--- User ---

[MBR] cd7b7f10aa84cfe151b24aa4c0e5ef7a

[bSP] efdc9f62ada86f2b34e7b29a64df09df : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST32000542AS ATA Device +++++

--- User ---

[MBR] 8b313884a90935a4b6fccb4f4ecb6492

[bSP] 0bc6aa9a8d8f93659882d7b81aa67393 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: SAMSUNG HD501LJ ATA Device +++++

--- User ---

[MBR] 785981d17430ff9d6108156e8e077860

[bSP] c1230e01b7aab57c6e40588271b565a0 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive3: ST3320620A SCSI Disk Device +++++

--- User ---

[MBR] 6b48b5ff1ab35e609fae975d81bb619f

[bSP] f3f4d5a1c0c5660670db3758cd2c828f : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 61561 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 126078120 | Size: 243681 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive4: ST3320620A SCSI Disk Device +++++

--- User ---

[MBR] c79e0c3f014c6ffd1f043f12a9e4db25

[bSP] af8911999a3f5350193fbf30cb3bb955 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_05082013_02d0343.txt >>

RKreport[1]_S_05082013_02d0343.txt

[Maniac]

I'm afraid I have bad news.

One or more of the identified infections is a rootkit. Rootkits are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

I suggest you disconnect this computer from the Internet immediately you finish reading this post.

If you do any banking or other financial transactions on the computer, or if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, your computer is very likely compromised and there is no way to be sure your computer can ever again be trusted.

Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System.

Visit the following sites for more information on Internet theft and when to reformat!

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

If you have any questions before making a final decision, please feel free to ask.

Instructions how to format and reinstall Windows can be found here

[Roju]

Sadly a reinstall is impossible at this point in time, we'll clean the crap out of it and go from there. If you're talking about zeroaccess, I was under the impression that current versions of this no longer operates as a rootkit? Either way it's best to clean it and I'll deal with changing all my passwords and monitoring it.

[Roju]

also as a side note - I found the ads do still pop up in IE, but just really rarely - seems to be something to do with using frames as it's really rare on IE, but rather frequent in the dota2 menu browsers

[Maniac]

Okay, let me see what can I do for you.

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[Roju]

The file is too long to copy and paste, the forums wont allow it, not even in two parts. The results showed multiple suspicious objects and zero malicious ones. How would you like me to post you the log if you still need it? What's the maximum length for a post? I don't want to have to keep trialling copy sizes till it works haha XD

[Maniac]

In this case, please attach it.

[Roju]

TDSSKiller.2.8.16.0_08.05.2013_20.22.18_log.txt

[Maniac]

Looks good.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[Roju]

ComboFix 13-05-08.02 - Rohan 08/05/2013 21:55:46.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.2654 [GMT 10:00]

Running from: c:\users\Rohan\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk

c:\users\Rohan\AppData\Roaming\mm

c:\users\Rohan\AppData\Roaming\mm\cache\.cache

c:\users\Rohan\AppData\Roaming\mm\cache\ImageLoader\0D51E9900D2C17AA30F9D5B537BA8FCE

c:\users\Rohan\AppData\Roaming\mm\cache\ImageLoader\15FF2BAF68E7EE940775371508044173

c:\users\Rohan\AppData\Roaming\mm\cache\ImageLoader\F722CF962F4FCDC6D9D98B6BDE3E35D8

c:\users\Rohan\AppData\Roaming\skype.ini

c:\windows\apppatch\AppLoc.exe

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\PFRO.log

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-04-08 to 2013-05-08 )))))))))))))))))))))))))))))))

.

.

2013-05-08 12:04 . 2013-05-08 12:04 -------- d-----w- c:\users\UpdatusUser.Compy-486\AppData\Local\temp

2013-05-08 12:04 . 2013-05-08 12:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-08 10:18 . 2013-05-08 10:18 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2013-05-08 10:18 . 2013-05-08 10:18 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2013-05-08 10:18 . 2013-05-08 10:18 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2013-05-08 10:18 . 2013-05-08 10:18 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2013-05-08 10:18 . 2013-05-08 10:18 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2013-05-08 10:18 . 2013-05-08 10:18 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2013-05-08 10:18 . 2013-05-08 10:18 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2013-05-08 10:18 . 2013-05-08 10:18 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2013-05-08 10:18 . 2013-05-08 10:18 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2013-05-08 10:18 . 2013-05-08 10:18 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2013-05-08 10:18 . 2013-05-08 10:18 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2013-05-08 10:18 . 2013-05-08 10:18 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2013-05-08 10:17 . 2013-05-08 10:17 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2013-05-08 10:17 . 2013-05-08 10:17 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2013-05-08 10:17 . 2013-05-08 10:17 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2013-05-08 10:17 . 2013-05-08 10:17 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2013-05-08 10:17 . 2013-05-08 10:17 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2013-05-05 17:56 . 2013-03-31 03:12 292968 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2013-05-05 17:56 . 2013-03-31 01:59 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-05 17:56 . 2013-03-31 01:58 2672640 ----a-w- c:\windows\system32\iertutil.dll

2013-05-05 17:56 . 2013-03-31 00:52 235104 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2013-05-05 17:56 . 2013-03-30 23:50 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-05 17:56 . 2013-03-31 02:25 19456512 ----a-w- c:\windows\system32\mshtml.dll

2013-05-05 17:56 . 2013-03-31 01:33 1352192 ----a-w- c:\windows\system32\urlmon.dll

2013-05-05 12:55 . 2013-05-05 12:55 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-05-04 15:41 . 2013-05-04 15:41 -------- d-----w- c:\users\Rohan\AppData\Roaming\Malwarebytes

2013-05-04 15:40 . 2013-05-04 15:40 -------- d-----w- c:\programdata\Malwarebytes

2013-05-04 15:40 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-04 04:55 . 2013-05-04 04:55 -------- d-----w- C:\MATS

2013-05-04 04:54 . 2013-05-04 04:55 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-05-04 04:14 . 2013-05-04 04:14 -------- d-----w- c:\users\Rohan\AppData\Roaming\AVG2013

2013-05-04 04:14 . 2013-05-04 04:15 -------- d-----w- c:\users\Rohan\AppData\Local\Avg2013

2013-05-04 01:56 . 2013-05-04 01:56 -------- d-----w- C:\$AVG

2013-05-04 01:56 . 2013-05-04 01:57 -------- d-----w- c:\programdata\AVG2013

2013-05-04 01:50 . 2013-05-08 07:40 -------- d-----w- c:\programdata\MFAData

2013-05-03 15:08 . 2013-05-03 15:09 -------- d-----w- c:\users\removevirus

2013-04-27 14:28 . 2013-04-27 14:28 -------- d-----w- c:\users\Rohan\AppData\Roaming\HandBrake

2013-04-26 13:10 . 2013-04-26 13:10 -------- d-----w- c:\windows\SysWow64\CSP

2013-04-17 10:19 . 2013-04-19 07:06 -------- d-----w- c:\program files (x86)\EndNote Web

2013-04-09 16:06 . 2013-01-09 04:08 1084416 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-09 16:06 . 2013-01-09 02:00 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-03 15:42 . 2010-01-20 11:49 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-26 08:56 . 2012-04-01 09:48 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-26 08:56 . 2011-05-20 08:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-02 10:34 . 2010-01-20 11:49 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-03-24 17:03 . 2013-03-24 17:03 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C111C943-6DD9-4110-B209-9D21D4886A22}\offreg.dll

2013-03-24 13:18 . 2010-01-22 11:01 25640 ----a-w- c:\windows\gdrv.sys

2013-03-15 05:53 . 2013-03-26 15:52 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-03-15 05:53 . 2013-03-26 15:52 9414456 ----a-w- c:\windows\system32\nvcuda.dll

2013-03-15 05:53 . 2013-03-26 15:52 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-03-15 05:53 . 2013-03-26 15:52 7573816 ----a-w- c:\windows\system32\nvopencl.dll

2013-03-15 05:53 . 2013-03-26 15:52 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-03-15 05:53 . 2013-03-26 15:52 420128 ----a-w- c:\windows\system32\nvEncodeAPI64.dll

2013-03-15 05:53 . 2013-03-26 15:52 364832 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll

2013-03-15 05:53 . 2013-03-26 15:52 2913056 ----a-w- c:\windows\system32\nvcuvid.dll

2013-03-15 05:53 . 2013-03-26 15:52 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 05:53 . 2013-03-26 15:52 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-03-15 05:53 . 2013-03-26 15:52 26956576 ----a-w- c:\windows\system32\nvoglv64.dll

2013-03-15 05:53 . 2013-03-26 15:52 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-03-15 05:53 . 2013-03-26 15:52 25256736 ----a-w- c:\windows\system32\nvcompiler.dll

2013-03-15 05:53 . 2013-03-26 15:52 250504 ----a-w- c:\windows\system32\nvinitx.dll

2013-03-15 05:53 . 2013-03-26 15:52 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-26 15:52 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-03-15 05:53 . 2013-03-26 15:52 205184 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-03-15 05:53 . 2013-03-26 15:52 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-26 15:52 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll

2013-03-15 05:53 . 2013-03-26 15:52 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-03-15 05:53 . 2013-03-26 15:52 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-03-15 05:53 . 2013-03-26 15:52 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll

2013-03-15 05:53 . 2013-03-26 15:52 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 05:53 . 2013-03-26 15:52 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-03-15 05:53 . 2013-03-26 15:52 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-03-15 05:53 . 2013-03-25 03:56 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-03-15 05:53 . 2013-03-25 03:56 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-03-15 04:16 . 2013-03-26 14:27 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2013-03-26 14:27 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2013-03-26 14:27 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2013-03-26 14:27 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2013-03-26 14:27 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-14 11:07 . 2013-03-14 11:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-03-13 16:24 . 2013-03-26 14:27 3065455 ----a-w- c:\windows\system32\nvcoproc.bin

2013-03-06 23:32 . 2011-01-20 04:08 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-02-26 13:40 . 2013-02-26 13:40 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-02-13 17:52 . 2013-02-13 17:52 239416 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2013-02-12 05:45 . 2013-03-26 16:56 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-26 16:56 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-26 16:56 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 05:45 . 2013-03-26 16:56 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 04:48 . 2013-03-26 16:56 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-26 16:56 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 04:12 . 2013-04-06 16:18 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-07 18:37 . 2013-02-07 18:37 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2013-02-07 18:37 . 2013-02-07 18:37 311096 ----a-w- c:\windows\system32\drivers\avgloga.sys

2013-02-07 18:37 . 2013-02-07 18:37 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2013-02-07 18:37 . 2013-02-07 18:37 206136 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2013-02-07 18:37 . 2013-02-07 18:37 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2011-11-12 15:53 . 2011-11-14 03:53 44 ---h--w- c:\program files (x86)\82b9fb74.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Rohan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-09-25 1193176]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-11 1840424]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]

"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2013-02-20 152392]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"AVG_UI"="d:\avg\AVG2013\avgui.exe" [2013-03-13 4394032]

.

c:\users\Rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Rohan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-22 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R1 jkxjztvm;jkxjztvm;c:\windows\system32\drivers\jkxjztvm.sys [x]

R1 kkaerawg;kkaerawg;c:\windows\system32\drivers\kkaerawg.sys [x]

R1 phimvtps;phimvtps;c:\windows\system32\drivers\phimvtps.sys [x]

R2 AVGIDSAgent;AVGIDSAgent;d:\avg\AVG2013\avgidsagent.exe [2013-02-27 4937264]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-05-04 49152]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2010-06-16 25832]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-08-20 21712]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 GPU-Z;GPU-Z;c:\users\Rohan\AppData\Local\Temp\GPU-Z.sys [x]

R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-09 22528]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 51712]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 51712]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [2007-12-03 24064]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-27 1255736]

R3 WiselinkPro;SAMSUNG WiselinkPro Service;o:\samsung pc share manager\WiselinkPro.exe [2010-02-17 3007488]

R4 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-07 71480]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-07 311096]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-07 116536]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-07 45880]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-21 834544]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-26 246072]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-07 206136]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-13 239416]

S2 avgwd;AVG WatchDog;d:\avg\AVG2013\avgwdsvc.exe [2013-02-18 282624]

S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;y:\hi-rez studios\HiPatchService.exe [2012-02-21 8704]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-01 535656]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 01136756

*NewlyCreated* - 34216199

*NewlyCreated* - 76278742

*Deregistered* - 01136756

*Deregistered* - 34216199

*Deregistered* - 76278742

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 08:56]

.

2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 10:29]

.

2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 10:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-02 2412616]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.au/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1

DPF: {121C3E0E-DC6E-45DC-952B-A6617F0FAA32} - hxxp://cojmodding.com/js/CoJ2MapDownloader.cab

DPF: {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} - hxxp://actiftp.hosting4less.com/ACTIGENERAL/AP&Manual/Live%20Demo/nvUnifiedControl.ocx

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-34216199.sys

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-BattlEye for A2 - d:\steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3036508256-3434618019-3884890649-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:21,0e,ce,cc,fd,8e,5e,de,40,8c,1a,68,b9,91,a8,89,f1,41,50,12,c9,61,e3,

89,b9,fa,2a,c7,9d,9e,e8,f5,f3,be,a9,04,9f,66,48,7c,f4,95,c8,3d,0e,27,25,8d,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

.

[HKEY_USERS\S-1-5-21-3036508256-3434618019-3884890649-1001\Software\SecuROM\License information*]

"datasecu"=hex:d3,73,bc,14,16,d0,5f,f6,23,0e,cd,3f,3e,5e,4b,f9,12,a7,c5,84,c2,

45,e6,77,b9,28,17,9e,60,ea,0c,f0,ce,8a,a1,b1,d1,5a,b8,4b,f5,ed,9a,39,67,db,\

"rkeysecu"=hex:39,e2,5a,4a,65,7f,62,d7,0f,cf,c9,dc,93,ce,6d,4d

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-05-08 22:13:02

ComboFix-quarantined-files.txt 2013-05-08 12:13

.

Pre-Run: 3,824,328,704 bytes free

Post-Run: 4,758,196,224 bytes free

.

- - End Of File - - EA5313F1326A52C27C775B28368A10D0

[Maniac]

Please open www.virustotal.com and upload the following file:

c:\program files (x86)\82b9fb74.tmp

Next, re-analyse if ask you. Wait, until scan finished and copy/paste the URL in your next reply.

[Roju]

https://www.virustotal.com/en/file/2675c89f02ddd07141ba0c356c81168cbcf9ad89af90c0378a5499a995860ec2/analysis/1368018335/

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::

jkxjztvm

kkaerawg

phimvtps

File::

c:\windows\system32\drivers\jkxjztvm.sys

c:\windows\system32\drivers\kkaerawg.sys

c:\windows\system32\drivers\phimvtps.sys

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[Roju]

ComboFix 13-05-08.02 - Rohan 08/05/2013 23:50:36.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.4094.2413 [GMT 10:00]

Running from: c:\users\Rohan\Desktop\ComboFix.exe

Command switches used :: c:\users\Rohan\Desktop\CFScript.txt

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\jkxjztvm.sys"

"c:\windows\system32\drivers\kkaerawg.sys"

"c:\windows\system32\drivers\phimvtps.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_jkxjztvm

-------\Service_kkaerawg

-------\Service_phimvtps

.

.

((((((((((((((((((((((((( Files Created from 2013-04-08 to 2013-05-08 )))))))))))))))))))))))))))))))

.

.

2013-05-08 13:57 . 2013-05-08 14:02 -------- d-----w- c:\users\UpdatusUser.Compy-486\AppData\Local\temp

2013-05-08 13:57 . 2013-05-08 13:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-05-08 13:57 . 2013-05-08 13:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-05 17:56 . 2013-03-31 03:12 292968 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2013-05-05 17:56 . 2013-03-31 01:59 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-05 17:56 . 2013-03-31 01:58 2672640 ----a-w- c:\windows\system32\iertutil.dll

2013-05-05 17:56 . 2013-03-31 00:52 235104 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2013-05-05 17:56 . 2013-03-30 23:50 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-05 17:56 . 2013-03-31 02:25 19456512 ----a-w- c:\windows\system32\mshtml.dll

2013-05-05 17:56 . 2013-03-31 01:33 1352192 ----a-w- c:\windows\system32\urlmon.dll

2013-05-05 12:55 . 2013-05-05 12:55 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-05-04 15:41 . 2013-05-04 15:41 -------- d-----w- c:\users\Rohan\AppData\Roaming\Malwarebytes

2013-05-04 15:40 . 2013-05-04 15:40 -------- d-----w- c:\programdata\Malwarebytes

2013-05-04 15:40 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-04 04:55 . 2013-05-04 04:55 -------- d-----w- C:\MATS

2013-05-04 04:54 . 2013-05-04 04:55 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-05-04 04:14 . 2013-05-04 04:14 -------- d-----w- c:\users\Rohan\AppData\Roaming\AVG2013

2013-05-04 04:14 . 2013-05-04 04:15 -------- d-----w- c:\users\Rohan\AppData\Local\Avg2013

2013-05-04 01:56 . 2013-05-04 01:56 -------- d-----w- C:\$AVG

2013-05-04 01:56 . 2013-05-04 01:57 -------- d-----w- c:\programdata\AVG2013

2013-05-04 01:50 . 2013-05-08 07:40 -------- d-----w- c:\programdata\MFAData

2013-05-03 15:08 . 2013-05-03 15:09 -------- d-----w- c:\users\removevirus

2013-04-27 14:28 . 2013-04-27 14:28 -------- d-----w- c:\users\Rohan\AppData\Roaming\HandBrake

2013-04-26 13:10 . 2013-04-26 13:10 -------- d-----w- c:\windows\SysWow64\CSP

2013-04-17 10:19 . 2013-04-19 07:06 -------- d-----w- c:\program files (x86)\EndNote Web

2013-04-09 16:06 . 2013-01-09 04:08 1084416 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-09 16:06 . 2013-01-09 02:00 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-03 15:42 . 2010-01-20 11:49 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-26 08:56 . 2012-04-01 09:48 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-26 08:56 . 2011-05-20 08:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-02 10:34 . 2010-01-20 11:49 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-03-24 17:03 . 2013-03-24 17:03 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C111C943-6DD9-4110-B209-9D21D4886A22}\offreg.dll

2013-03-24 13:18 . 2010-01-22 11:01 25640 ----a-w- c:\windows\gdrv.sys

2013-03-15 05:53 . 2013-03-26 15:52 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-03-15 05:53 . 2013-03-26 15:52 9414456 ----a-w- c:\windows\system32\nvcuda.dll

2013-03-15 05:53 . 2013-03-26 15:52 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-03-15 05:53 . 2013-03-26 15:52 7573816 ----a-w- c:\windows\system32\nvopencl.dll

2013-03-15 05:53 . 2013-03-26 15:52 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-03-15 05:53 . 2013-03-26 15:52 420128 ----a-w- c:\windows\system32\nvEncodeAPI64.dll

2013-03-15 05:53 . 2013-03-26 15:52 364832 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll

2013-03-15 05:53 . 2013-03-26 15:52 2913056 ----a-w- c:\windows\system32\nvcuvid.dll

2013-03-15 05:53 . 2013-03-26 15:52 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 05:53 . 2013-03-26 15:52 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-03-15 05:53 . 2013-03-26 15:52 26956576 ----a-w- c:\windows\system32\nvoglv64.dll

2013-03-15 05:53 . 2013-03-26 15:52 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-03-15 05:53 . 2013-03-26 15:52 25256736 ----a-w- c:\windows\system32\nvcompiler.dll

2013-03-15 05:53 . 2013-03-26 15:52 250504 ----a-w- c:\windows\system32\nvinitx.dll

2013-03-15 05:53 . 2013-03-26 15:52 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-26 15:52 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-03-15 05:53 . 2013-03-26 15:52 205184 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-03-15 05:53 . 2013-03-26 15:52 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-26 15:52 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll

2013-03-15 05:53 . 2013-03-26 15:52 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-03-15 05:53 . 2013-03-26 15:52 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-03-15 05:53 . 2013-03-26 15:52 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll

2013-03-15 05:53 . 2013-03-26 15:52 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 05:53 . 2013-03-26 15:52 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-03-15 05:53 . 2013-03-26 15:52 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-03-15 05:53 . 2013-03-25 03:56 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-03-15 05:53 . 2013-03-25 03:56 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-03-15 04:16 . 2013-03-26 14:27 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2013-03-26 14:27 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2013-03-26 14:27 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2013-03-26 14:27 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2013-03-26 14:27 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-14 11:07 . 2013-03-14 11:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-03-13 16:24 . 2013-03-26 14:27 3065455 ----a-w- c:\windows\system32\nvcoproc.bin

2013-03-06 23:32 . 2011-01-20 04:08 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-02-26 13:40 . 2013-02-26 13:40 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-02-13 17:52 . 2013-02-13 17:52 239416 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2013-02-12 05:45 . 2013-03-26 16:56 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-26 16:56 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-26 16:56 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 05:45 . 2013-03-26 16:56 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 04:48 . 2013-03-26 16:56 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-26 16:56 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 04:12 . 2013-04-06 16:18 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-07 18:37 . 2013-02-07 18:37 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2013-02-07 18:37 . 2013-02-07 18:37 311096 ----a-w- c:\windows\system32\drivers\avgloga.sys

2013-02-07 18:37 . 2013-02-07 18:37 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2013-02-07 18:37 . 2013-02-07 18:37 206136 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2013-02-07 18:37 . 2013-02-07 18:37 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2011-11-12 15:53 . 2011-11-14 03:53 44 ---h--w- c:\program files (x86)\82b9fb74.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Rohan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-09-25 1193176]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-11 1840424]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]

"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2013-02-20 152392]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"AVG_UI"="d:\avg\AVG2013\avgui.exe" [2013-03-13 4394032]

.

c:\users\Rohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Rohan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-22 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-05-04 49152]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2010-06-16 25832]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-08-20 21712]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 GPU-Z;GPU-Z;c:\users\Rohan\AppData\Local\Temp\GPU-Z.sys [x]

R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-09 22528]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 51712]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 51712]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [2007-12-03 24064]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-27 1255736]

R3 WiselinkPro;SAMSUNG WiselinkPro Service;o:\samsung pc share manager\WiselinkPro.exe [2010-02-17 3007488]

R4 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-07 71480]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-07 311096]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-07 116536]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-07 45880]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-21 834544]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-26 246072]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-07 206136]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-13 239416]

S2 AVGIDSAgent;AVGIDSAgent;d:\avg\AVG2013\avgidsagent.exe [2013-02-27 4937264]

S2 avgwd;AVG WatchDog;d:\avg\AVG2013\avgwdsvc.exe [2013-02-18 282624]

S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]

S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;y:\hi-rez studios\HiPatchService.exe [2012-02-21 8704]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-01 535656]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 08:56]

.

2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 10:29]

.

2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-01 10:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Rohan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-02 2412616]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.au/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1

DPF: {121C3E0E-DC6E-45DC-952B-A6617F0FAA32} - hxxp://cojmodding.com/js/CoJ2MapDownloader.cab

DPF: {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} - hxxp://actiftp.hosting4less.com/ACTIGENERAL/AP&Manual/Live%20Demo/nvUnifiedControl.ocx

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-BattlEye for A2 - d:\steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3036508256-3434618019-3884890649-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:21,0e,ce,cc,fd,8e,5e,de,40,8c,1a,68,b9,91,a8,89,f1,41,50,12,c9,61,e3,

89,b9,fa,2a,c7,9d,9e,e8,f5,f3,be,a9,04,9f,66,48,7c,f4,95,c8,3d,0e,27,25,8d,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

.

[HKEY_USERS\S-1-5-21-3036508256-3434618019-3884890649-1001\Software\SecuROM\License information*]

"datasecu"=hex:d3,73,bc,14,16,d0,5f,f6,23,0e,cd,3f,3e,5e,4b,f9,12,a7,c5,84,c2,

45,e6,77,b9,28,17,9e,60,ea,0c,f0,ce,8a,a1,b1,d1,5a,b8,4b,f5,ed,9a,39,67,db,\

"rkeysecu"=hex:39,e2,5a,4a,65,7f,62,d7,0f,cf,c9,dc,93,ce,6d,4d

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\crypserv.exe

c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\SysWOW64\IoctlSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files\Logitech\SetPoint\x86\SetPoint32.exe

c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2013-05-09 00:15:51 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-08 14:15

ComboFix2.txt 2013-05-08 12:13

.

Pre-Run: 4,477,739,008 bytes free

Post-Run: 4,179,202,048 bytes free

.

- - End Of File - - 7057E4219A02DBB8FC578D17778989F3

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
    Save it to your Desktop.
    
  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
    

  [*]Check "YES, I accept the Terms of Use."

  [*]Click the Start button.

  [*]Accept any security warnings from your browser.

  [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

  [*]Click Advanced settings and select the following:

  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, click List Threats

  [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Click the Back button.

  [*]Click the Finish button.

[Roju]

Looks like it doesn't like no-cd cracks

C:\Users\Rohan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\4539f5e9-1ac92a09 a variant of Java/Exploit.CVE-2013-2423.R trojan cleaned by deleting - quarantined

C:\Users\Rohan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\29bff32c-2e829f19 a variant of Java/Exploit.CVE-2013-2423.R trojan cleaned by deleting - quarantined

C:\Users\Rohan\Downloads\driver_fusion_1.5.0.exe Win32/OpenCandy application cleaned by deleting - quarantined

X:\Sega Genesis (MegaDrive) Emulator + 75 games - [HUSSEY]\Gens32_Surreal_v1_69.exe a variant of Win32/Injector.AFZF trojan deleted - quarantined

Y:\P2P Downloads\Splinter.Cell.Conviction.1.04-Crack.rar a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined

Y:\P2P Downloads\ADBE_CS5_MasterKeygen\Adobe CS5 Universal keygen by CORE.zip a variant of Win32/Keygen.BH application deleted - quarantined

Y:\P2P Downloads\ADOBE CS5 MASTER COLLECTON KEYGEN WIN OSX INCLUDING COLOR FINESSE-XFORCE~DiBYA\ADOBE CS5 MASTER COLLECTON KEYGEN WIN OSX INCLUDING COLOR FINESSE-XFORCE~DiBYA.rar BAT/HostsChanger.A application deleted - quarantined

Y:\P2P Downloads\Bulletstorm-FLT\flt-bull.iso a variant of Win32/Packed.VMProtect.AAD trojan deleted

Y:\P2P Downloads\Homefront.PC.Full.DirectPlay-BigMax\BM-Homefront.rar a variant of Win32/Packed.NoobyProtect.D application deleted - quarantined

Y:\Tom Clancy's Splinter Cell Conviction\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined

Y:\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined

Z:\Bulletstorm\Binaries\Win32\!xlive.dll a variant of Win32/Packed.VMProtect.AAD trojan cleaned by deleting - quarantined

Z:\Bulletstorm\Binaries\Win32\xlive.dll a variant of Win32/Packed.VMProtect.AAD trojan cleaned by deleting - quarantined

Z:\Homefront\Binaries\HOMEFRONT.exe a variant of Win32/Packed.NoobyProtect.D application cleaned by deleting - quarantined

[Maniac]

Looks like it doesn't like no-cd cracks

It is for your own good.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, then click Remove JRE.
  
• Run the built-in uninstallers for all copies of java listed
  
• Click the Next button
  
• Click the Next button again
  
• Click the Java Manual Download link
  
• A browser window will open with the Java download page
  
• Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  
• Run the installer
  
• Close JavaRa

[Roju]

OK, done.

[Maniac]

How are things now?

[Roju]

So far, so good- haven't noticed adware in the frame corners since what we did with combofix I think, but I will continue to monitor. Any more clean up to do otherwise?

[Maniac]

One additional:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

[Roju]

*11 hours of scanning later* zero detected threats - nothing to report

[Maniac]

Good! That's all.

Monitor your system and come back tomorrow to let me know.