browser redirection - Your Profit Club

djw · August 10, 2011

Hi,

I recently have got infected with malware that redirects my browser sessions to various IP Address's. I have downloaded and run the latest MBAM. It had identified some malware (adware.adrotator) and I have since deleted the offending files and registry entries.

However, I am still affected as MBAM keeps identifying and blocking access to malicious sites. Please assist in completely getting rid of what is causing this.

As per the "Im Infected ... " instructions, here is the DDS.txt file

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by DavidandSavi at 10:14:58 on 2011-08-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6056.3755 [GMT 9.5:30]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Internode\mum.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [Weather Tracker3] C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe

uRun: [internodeUsage] C:\PROGRA~2\INTERN~2\mum.exe

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.231.203.132 192.231.203.3

TCP: Interfaces\{53C07F40-AD7D-4875-8110-F0B316962B31} : DhcpNameServer = 192.231.203.132 192.231.203.3

TCP: Interfaces\{53C07F40-AD7D-4875-8110-F0B316962B31}\25164696F6 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{53C07F40-AD7D-4875-8110-F0B316962B31}\64259445A51224F6870264F6E60275C414E40273237303 : DhcpNameServer = 192.168.178.1

TCP: Interfaces\{D79FC56A-025B-4848-BB17-CB251F39AB2C} : DhcpNameServer = 192.168.178.1

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO-X64: Vuze Remote - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\DavidandSavi\AppData\Roaming\Mozilla\Firefox\Profiles\c65ei1xk.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Users\DavidandSavi\AppData\Roaming\Mozilla\plugins\npicaN.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-7-23 1151096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110809.030\IDSviA64.sys [2011-8-10 488056]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-9 366640]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-5-10 130008]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-11 2009704]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-11 2655768]

R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-28 136824]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/04/11 11:02:23;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-8-25 246256]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-11 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-11 136176]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-08-10 00:18:07 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{5E849DF2-201C-45C6-808C-A1767E289F08}

2011-08-10 00:17:54 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{D4D5055D-4E21-4652-9DA2-8EDEAFE4C982}

2011-08-10 00:16:33 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-09 23:43:48 98816 ----a-w- C:\Windows\sed.exe

2011-08-09 23:43:48 518144 ----a-w- C:\Windows\SWREG.exe

2011-08-09 23:43:48 256000 ----a-w- C:\Windows\PEV.exe

2011-08-09 23:43:48 208896 ----a-w- C:\Windows\MBR.exe

2011-08-09 11:47:32 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{AD340741-F0A9-4D4C-A66C-20D572729138}

2011-08-09 11:47:20 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{57B5F222-5084-44C2-A642-2ED9D31543E9}

2011-08-09 10:53:56 -------- d-----w- C:\Users\DavidandSavi\AppData\Roaming\Malwarebytes

2011-08-09 10:53:51 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-09 10:53:51 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-09 10:53:48 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-09 10:53:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-09 08:23:26 -------- d-----w- C:\Users\DavidandSavi\AppData\Roaming\Home Designer Pro 10 Trial Version

2011-08-09 08:19:14 -------- d-----w- C:\ProgramData\Home Designer Pro 10 Trial Version

2011-08-09 08:19:14 -------- d-----w- C:\Program Files (x86)\Chief Architect

2011-08-09 04:38:57 1856512 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{78f16f31-f4ab-c423-08bb-b7b294f9fee1}\components\7f209124.dll

2011-08-08 23:44:11 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{94CBAEF4-8330-43E9-8641-430A4D23E040}

2011-08-08 23:44:00 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{8D510EA6-6611-47CE-8D99-143ADB3D0F3C}

2011-08-08 23:42:12 -------- d-----w- C:\ProgramData\Uniblue

2011-08-08 11:43:48 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{68B8ED26-64E3-4CA3-840F-139D37BC4206}

2011-08-08 11:43:37 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{02CB3938-E05F-436C-BC70-976FEB6881C0}

2011-08-07 23:43:26 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{894BE4FC-BA37-4919-A9FD-A2297882811D}

2011-08-07 23:43:15 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{5DA88A28-CBC3-4276-B853-51E1CD12056F}

2011-08-07 11:43:03 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{C647DB8C-01C9-49F6-8CCE-42C4202D771E}

2011-08-07 11:42:52 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{97D8BE33-B197-4224-A0B8-5392BC3D7BDB}

2011-08-06 21:12:56 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{F5D10C74-43C3-4C32-AB82-836876F48FCE}

2011-08-06 21:12:44 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{1117D511-E42C-4FAA-B94B-933397CE59F0}

2011-08-06 09:12:32 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{E6D53131-3192-4A94-AA2F-8F22816A2929}

2011-08-06 09:12:21 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{6D9ED327-E549-4AD9-B4C6-B7FE8FF5392D}

2011-08-05 21:11:56 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{19669A8D-9B34-4E4E-8BC0-5C7CC0FC9636}

2011-08-05 21:11:45 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{97D8E451-F352-4CEB-BEAC-9C328C1D42D6}

2011-08-05 15:33:13 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{54CAE5D5-F122-4749-8835-DB8181002F9D}\mpengine.dll

2011-08-05 10:14:19 -------- d-----w- C:\ProgramData\Chief Architect Premier X3

2011-08-05 10:14:10 -------- d-----w- C:\Users\DavidandSavi\AppData\Roaming\Chief Architect Premier X3

2011-08-05 09:11:19 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{63CE6B4A-1276-4CF8-8393-97E5AC5F523F}

2011-08-05 09:11:08 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{31FC037B-E054-4890-8011-BD13982E199A}

2011-08-05 08:42:15 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-05 08:25:14 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{DAC9DE82-2AAA-414D-9082-ADEB2B20462E}

2011-08-05 07:22:12 -------- d-----w- C:\Users\DavidandSavi\AppData\Roaming\Azureus

2011-08-05 06:55:33 -------- d-----w- C:\Program Files (x86)\Vuze

2011-08-05 06:55:08 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\Conduit

2011-08-05 06:55:08 -------- d-----w- C:\Program Files (x86)\Vuze_Remote

2011-08-05 03:16:00 -------- d-----w- C:\Users\DavidandSavi\AppData\Roaming\Chief Architect Interiors X4 Trial Version

2011-08-05 03:16:00 -------- d-----w- C:\ProgramData\Chief Architect Interiors X4 Trial Version

2011-08-05 03:10:08 -------- d-----w- C:\Users\DavidandSavi\AppData\Roaming\GetRightToGo

2011-08-04 20:25:02 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{82DB5340-7630-44ED-930C-5D81B1DB29B2}

2011-08-04 08:24:50 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{A642EF3F-6592-4E81-8939-031B3C9C332D}

2011-08-03 20:24:38 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{025B2E5F-2445-497C-8130-559CAC9E1ADE}

2011-08-03 08:24:26 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{143B84E5-342F-4F47-83A7-CB71BDFBBF4E}

2011-08-02 23:50:02 -------- d-----w- C:\Users\DavidandSavi\AppData\Roaming\Stardock

2011-08-02 23:49:57 -------- dc-h--w- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}

2011-08-02 23:49:57 -------- d-----w- C:\Program Files (x86)\Stardock

2011-08-02 23:49:34 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\PackageAware

2011-08-02 20:24:01 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{1368A9C5-5052-4AE8-868D-6A64C0655008}

2011-08-02 08:22:44 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{ED7B36B7-7274-4EF6-9288-4859490719AA}

2011-08-01 18:45:35 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{3DD59C3D-CD68-4A2D-AE73-396F5231C854}

2011-08-01 06:45:23 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{94F1F849-658A-4058-9387-87F908180EEE}

2011-07-31 18:26:57 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{3B9F8B9B-EEC7-4BF7-904C-4B2D5CF7A4FE}

2011-07-31 06:26:45 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{78094DF7-F5B3-4838-9034-79B2D80B94AC}

2011-07-30 18:26:20 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{D920637E-99D7-4155-9E8D-6BF2A6031200}

2011-07-30 10:54:46 131072 ----a-w- C:\Windows\_detmp.2

2011-07-30 10:51:02 -------- d-----w- C:\Users\DavidandSavi\AppData\Roaming\FRITZ!

2011-07-30 10:51:02 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\FRITZ!

2011-07-30 10:49:35 -------- d-----w- C:\Program Files (x86)\FRITZ!DSL

2011-07-30 10:49:35 -------- d-----w- C:\Program Files (x86)\Common Files\AVM

2011-07-30 08:19:27 364032 ----a-w- C:\Windows\SysWow64\CoreAVCDecoder.ax

2011-07-30 08:19:27 188416 ----a-w- C:\Windows\SysWow64\UScreenCapture.ax

2011-07-30 08:19:27 167936 ----a-w- C:\Windows\SysWow64\CoreAACDecoder.ax

2011-07-30 08:19:27 -------- d-----w- C:\TimHillOne

2011-07-30 07:40:31 -------- d-----w- C:\Program Files (x86)\Digital

2011-07-30 06:25:56 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{842E7342-AA32-4C31-8A5B-FCDFC759221A}

2011-07-30 05:39:01 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-30 05:30:10 -------- d-----w- C:\temp

2011-07-30 01:37:08 16384 ----a-r- C:\Windows\SysWow64\avmprmon.dll

2011-07-30 01:37:07 69120 ----a-r- C:\Windows\SysWow64\avmadd32.dll

2011-07-30 01:37:07 -------- d-----w- C:\Program Files (x86)\FRITZ!BoxPrint

2011-07-30 01:36:59 -------- d-----w- C:\Program Files (x86)\FRITZ!Box

2011-07-28 09:48:52 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{BA87F8F7-7AE6-4BC0-AF10-F4D011A79E34}

2011-07-28 09:25:52 25600 ----a-w- C:\Windows\System32\drivers\pccsmcfdx64.sys

2011-07-28 09:25:46 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution

2011-07-27 21:48:27 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{F6AC2099-F7C8-4AB8-A096-7EDEAE241AB1}

2011-07-27 09:48:15 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{19C634A7-E38D-4193-AD3B-84C42BE0C746}

2011-07-27 08:48:48 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\ElevatedDiagnostics

2011-07-26 23:26:29 -------- d-----w- C:\Program Files (x86)\WinArchiver

2011-07-26 13:45:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-07-25 09:47:28 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{6966D075-F29D-4A55-B8E9-82668D581A52}

2011-07-24 09:46:52 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{C13CE341-1169-4A28-943A-E03ED24462CC}

2011-07-21 09:00:06 -------- d-----w- C:\ProgramData\Cadsoft

2011-07-21 08:57:18 -------- d-----w- C:\Program Files (x86)\Common Files\Cadsoft

2011-07-21 08:56:01 -------- d-----w- C:\Program Files (x86)\3D Home Architect

2011-07-21 08:55:47 0 ----a-w- C:\Windows\SysWow64\_r_a_p_.tmp

2011-07-14 09:42:19 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{02CFCB8B-6A8E-45F2-8EF8-B7D51CB146FF}

2011-07-13 21:41:55 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{6A3CD287-8CA8-4A0B-A499-6FD5782DABBD}

2011-07-12 18:45:29 -------- d-----w- C:\Users\DavidandSavi\AppData\Local\{16108038-9EA7-4FF7-9ACB-F52C50EA054E}

2011-07-12 11:06:15 -------- d-----w- C:\ProgramData\Nokia

.

==================== Find3M ====================

.

2011-08-02 09:41:16 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-08-02 09:41:16 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2011-07-08 08:15:12 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys

2011-06-24 10:44:20 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-24 10:44:20 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-04 08:40:55 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-24 09:44:10 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-05-18 00:45:26 166912 ----a-w- C:\Windows\System32\ccdcmbwux64.dll

2011-05-18 00:45:16 640000 ----a-w- C:\Windows\System32\nmwcdcoclsx64.dll

2011-05-18 00:45:04 57856 ----a-w- C:\Windows\System32\nmwcdclsX64.dll

2011-05-18 00:44:22 9216 ----a-w- C:\Windows\System32\drivers\usbser_lowerfltjx64.sys

2011-05-18 00:44:20 9216 ----a-w- C:\Windows\System32\drivers\usbser_lowerfltx64.sys

2011-05-18 00:44:16 27136 ----a-w- C:\Windows\System32\drivers\ccdcmbox64.sys

2011-05-18 00:44:12 19968 ----a-w- C:\Windows\System32\drivers\ccdcmbx64.sys

2011-05-14 07:25:06 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-05-14 07:25:06 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-05-14 07:25:06 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-05-14 07:24:33 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-05-14 07:22:25 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-05-14 07:16:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-05-14 06:28:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-05-14 06:24:36 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-05-14 06:24:08 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-05-14 06:22:24 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-05-14 04:20:05 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-05-14 04:20:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-05-13 06:33:34 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

.

============= FINISH: 10:15:28.86 ===============

And here is the latest MBAM log :

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7416

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/08/2011 11:02:05 AM

mbam-log-2011-08-10 (11-02-05).txt

Scan type: Quick scan

Objects scanned: 189957

Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I have also attached ark.txt and attach.txt as attach.zip

attach.zip

screen317 · August 10, 2011

Hi and welcome to Malwarebytes.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

It's likely why your issue began in the first place.

This goes for Vuze and anything else you may have installed.

djw · August 10, 2011

Hi Screen317,

Thanks for your reply. I have uninstalled Vuze, though I have only used it to share legal stuff. Do I need to repost new "log" files (post removing Vuze). Or raise a new Post ?

Regards

screen317 · August 10, 2011

We can continue here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

djw · August 10, 2011

Sorry for the delay

Here is the MBAM log :

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7416

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/08/2011 12:52:31 PM

mbam-log-2011-08-10 (12-52-31).txt

Scan type: Quick scan

Objects scanned: 190263

Time elapsed: 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Here is the ComboFix output:

ComboFix 11-08-09.02 - DavidandSavi 10/08/2011 13:10:08.5.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6056.3679 [GMT 9.5:30]

Running from: c:\users\DavidandSavi\Desktop\Combo-Fix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 )))))))))))))))))))))))))))))))

.

2011-08-10 03:43 . 2011-08-10 03:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-08-10 03:43 . 2011-08-10 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-10 01:25 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7923B24-F812-494D-B74A-1E42A7C7261C}\mpengine.dll

2011-08-09 10:53 . 2011-08-09 10:53 -------- d-----w- c:\users\DavidandSavi\AppData\Roaming\Malwarebytes

2011-08-09 10:53 . 2011-08-09 10:53 -------- d-----w- c:\programdata\Malwarebytes

2011-08-09 10:53 . 2011-07-06 10:22 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-09 10:53 . 2011-08-09 10:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-09 10:53 . 2011-07-06 10:22 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-09 08:23 . 2011-08-09 10:11 -------- d-----w- c:\users\DavidandSavi\AppData\Roaming\Home Designer Pro 10 Trial Version

2011-08-09 08:19 . 2011-08-09 08:24 -------- d-----w- c:\programdata\Home Designer Pro 10 Trial Version

2011-08-09 08:19 . 2011-08-09 08:19 -------- d-----w- c:\program files (x86)\Chief Architect

2011-08-09 04:38 . 2011-07-19 11:47 1856512 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{78f16f31-f4ab-c423-08bb-b7b294f9fee1}\components\7f209124.dll

2011-08-08 23:42 . 2011-08-08 23:42 -------- d-----w- c:\programdata\Uniblue

2011-08-05 11:27 . 2011-08-05 11:27 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-08-05 08:42 . 2011-08-05 08:42 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-08-05 07:22 . 2011-08-09 07:55 -------- d-----w- c:\users\DavidandSavi\AppData\Roaming\Azureus

2011-08-05 06:55 . 2011-08-10 03:12 -------- d-----w- c:\users\DavidandSavi\AppData\Local\Conduit

2011-08-05 03:16 . 2011-08-05 03:16 -------- d-----w- c:\programdata\Chief Architect Interiors X4 Trial Version

2011-08-05 03:16 . 2011-08-05 03:16 -------- d-----w- c:\users\DavidandSavi\AppData\Roaming\Chief Architect Interiors X4 Trial Version

2011-08-05 03:10 . 2011-08-09 07:22 -------- d-----w- c:\users\DavidandSavi\AppData\Roaming\GetRightToGo

2011-08-02 23:50 . 2011-08-02 23:50 -------- d-----w- c:\users\DavidandSavi\AppData\Roaming\Stardock

2011-08-02 23:49 . 2011-08-02 23:49 -------- dc-h--w- c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}

2011-08-02 23:49 . 2011-08-02 23:49 -------- d-----w- c:\program files (x86)\Stardock

2011-08-02 23:49 . 2011-08-02 23:49 -------- d-----w- c:\users\DavidandSavi\AppData\Local\PackageAware

2011-07-31 00:27 . 2011-07-31 00:27 -------- d-----w- c:\users\DavidandSavi\AppData\Roaming\U3

2011-07-30 10:54 . 2004-03-18 08:31 131072 ----a-w- c:\windows\_detmp.2

2011-07-30 10:51 . 2011-07-30 10:53 -------- d-----w- c:\users\DavidandSavi\AppData\Roaming\FRITZ!

2011-07-30 10:51 . 2011-07-30 10:51 -------- d-----w- c:\users\DavidandSavi\AppData\Local\FRITZ!

2011-07-30 10:49 . 2011-07-30 11:00 -------- d-----w- c:\program files (x86)\FRITZ!DSL

2011-07-30 10:49 . 2011-07-30 11:00 -------- d-----w- c:\program files (x86)\Common Files\AVM

2011-07-30 08:19 . 2011-07-30 08:19 -------- d-----w- C:\TimHillOne

2011-07-30 08:19 . 2006-10-12 04:00 188416 ----a-w- c:\windows\SysWow64\UScreenCapture.ax

2011-07-30 08:19 . 2006-01-12 22:53 364032 ----a-w- c:\windows\SysWow64\CoreAVCDecoder.ax

2011-07-30 08:19 . 2004-07-09 00:17 167936 ----a-w- c:\windows\SysWow64\CoreAACDecoder.ax

2011-07-30 07:40 . 2011-07-30 07:40 -------- d-----w- c:\program files (x86)\Digital

2011-07-30 05:39 . 2011-07-30 05:39 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-30 05:30 . 2011-07-30 05:41 -------- d-----w- C:\temp

2011-07-30 01:37 . 2006-05-28 23:00 16384 ----a-r- c:\windows\SysWow64\avmprmon.dll

2011-07-30 01:37 . 2006-12-14 12:42 69120 ----a-r- c:\windows\SysWow64\avmadd32.dll

2011-07-30 01:36 . 2011-07-30 01:37 -------- d-----w- c:\program files (x86)\FRITZ!Box

2011-07-28 09:25 . 2008-08-28 03:14 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys

2011-07-28 09:25 . 2011-07-28 09:25 -------- d-----w- c:\program files (x86)\PC Connectivity Solution

2011-07-27 08:48 . 2011-07-27 08:48 -------- d-----w- c:\users\DavidandSavi\AppData\Local\ElevatedDiagnostics

2011-07-26 23:26 . 2011-07-26 23:26 -------- d-----w- c:\program files (x86)\WinArchiver

2011-07-26 13:46 . 2011-07-26 13:46 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-07-26 13:45 . 2011-07-26 13:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-07-26 13:45 . 2011-07-26 13:45 -------- d-----w- c:\program files (x86)\Java

2011-07-21 09:00 . 2011-07-21 09:00 -------- d-----w- c:\programdata\Cadsoft

2011-07-21 08:57 . 2011-07-21 08:57 -------- d-----w- c:\program files (x86)\Common Files\Cadsoft

2011-07-21 08:56 . 2011-07-21 08:56 -------- d-----w- c:\program files (x86)\3D Home Architect

2011-07-12 11:06 . 2011-07-12 11:06 -------- d-----w- c:\programdata\Nokia

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-02 09:41 . 2011-04-11 01:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-08-02 09:41 . 2011-04-11 01:31 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2011-07-08 08:15 . 2011-05-10 07:09 386168 ----a-w- c:\windows\system32\drivers\NISx64\1206000.01D\symnets.sys

2011-06-24 10:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-24 10:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-04 08:40 . 2011-06-04 08:41 521448 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-24 11:42 . 2011-06-29 10:21 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:40 . 2011-06-29 10:21 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 10:21 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 10:21 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 10:21 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-05-24 09:44 . 2011-04-11 02:49 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-18 00:45 . 2011-05-18 00:45 166912 ----a-w- c:\windows\system32\ccdcmbwux64.dll

2011-05-18 00:45 . 2011-05-18 00:45 640000 ----a-w- c:\windows\system32\nmwcdcoclsx64.dll

2011-05-18 00:45 . 2011-04-13 00:02 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll

2011-05-18 00:44 . 2011-05-18 00:44 9216 ----a-w- c:\windows\system32\drivers\usbser_lowerfltjx64.sys

2011-05-18 00:44 . 2011-05-18 00:44 9216 ----a-w- c:\windows\system32\drivers\usbser_lowerfltx64.sys

2011-05-18 00:44 . 2011-05-18 00:44 27136 ----a-w- c:\windows\system32\drivers\ccdcmbox64.sys

2011-05-18 00:44 . 2011-05-18 00:44 19968 ----a-w- c:\windows\system32\drivers\ccdcmbx64.sys

2011-05-14 06:24 . 2011-07-13 06:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-13 06:33 . 2011-05-13 06:33 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-08-09_23.48.48 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-04-11 01:03 . 2011-08-10 00:17 34772 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-08-10 00:17 30822 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-04-11 00:52 . 2011-08-10 00:17 8922 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1840205478-356098870-2977239293-1000_UserData.bin

- 2011-08-09 23:33 . 2011-08-09 23:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-10 00:15 . 2011-08-10 00:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-09 23:33 . 2011-08-09 23:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-10 00:15 . 2011-08-10 00:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2011-08-09 23:32 281800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-08-10 00:15 281800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-04-11 09:21 . 2011-08-10 00:15 13414788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1840205478-356098870-2977239293-1000-8192.dat

- 2011-04-11 09:21 . 2011-08-09 23:32 13414788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1840205478-356098870-2977239293-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-07-21 966712]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-04-02 222496]

"Weather Tracker3"="c:\program files (x86)\Weatherzone Tracker\weather_tracker.exe" [2009-07-17 2888403]

"InternodeUsage"="c:\progra~2\INTERN~2\mum.exe" [2011-02-19 1361408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-04-11 75048]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/04/11 11:02;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-08-25 246256]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 136176]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-07 150016]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-07-23 1151096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110809.030\IDSvia64.sys [2011-08-01 488056]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-17 2009704]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-04-11 2655768]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-27 136824]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_38F51D56

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 07:33]

.

2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 07:33]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-11 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-11 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-11 417304]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-11 11613288]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.au/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.231.203.132 192.231.203.3

FF - ProfilePath - c:\users\DavidandSavi\AppData\Roaming\Mozilla\Firefox\Profiles\c65ei1xk.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\08\05\05\0670?"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-08-10 13:14:57

ComboFix-quarantined-files.txt 2011-08-10 03:44

ComboFix2.txt 2011-08-10 00:13

ComboFix3.txt 2011-08-09 23:50

.

Pre-Run: 37,560,995,840 bytes free

Post-Run: 37,378,142,208 bytes free

.

- - End Of File - - F6A3E5008AD860F851BBD4D845369609

And here is the new DDS log:

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by DavidandSavi at 13:25:15 on 2011-08-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6056.3725 [GMT 9.5:30]