Infected with Zero Access Trojan

[truth]

I ran a scan using rogue killer and I'm including the report log from the scan also an image of the scan screen after the scan completedView attachment RKreport[1]_S_01282013_02d0741.zipView attachment RKreport[2]_S_01282013_02d0749.zip

Can someone help me with this Please!!!!
Thanks
Truth

 

[Will]

Hi truth, welcome to sysnative.

In order for us to get a more detailed look at your system, please follow our pre-posting instructions here:
https://www.sysnative.com/forums/security-arena/2507-malware-removal-posting-instructions.html

Please make sure to backup any important data, Zero Access is a complex infection so it's better to be safe than sorry.

 

[truth]

Hi, Will I've completed the backup of my information and the pre-analysis also. Here are the logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
Run by Troy at 18:30:30 on 2013-01-28
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.7657.6311 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Troy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Troy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Troy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Troy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Troy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\cmd.exe
C:\Users\Troy\AppData\Local\Akamai\netsession_win.exe
C:\Users\Troy\AppData\Local\Akamai\netsession_win.exe
C:\Users\Troy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.just-browse.info/
mStart Page = hxxp://websearch.just-browse.info/
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uURLSearchHooks: {90b49673-5506-483e-b92b-ca0265bd9ca8} - <orphaned>
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Vaudix: {234D72B6-0A31-D400-BF59-AB9820A24223} - C:\ProgramData\Vaudix\50ed2817d604b.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Registry Cleaner Scheduler] "C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Google Update] "C:\Users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Troy\AppData\Local\Akamai\netsession_win.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
StartupFolder: C:\Users\Troy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Troy\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Troy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableLUA = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableInstallerDetection = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{404474E3-A6C9-4F5B-A628-74EF9063583B} : NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{404474E3-A6C9-4F5B-A628-74EF9063583B} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~2\vaudix\sprote~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyCyCyBzytDyDtCyDzztA0FtN0D0Tzu0CtBtBtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=584624148
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Users\Troy\Documents\MSDCSC\msdcsc.exe,C:\Users\Troy\Documents\MSDCSC\msdcsc.exe
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448}
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: CThemeResourceChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\t1yvk9h7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.just-browse.info/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.just-browse.info/
FF - prefs.js: keyword.URL - hxxp://websearch.just-browse.info/?l=1&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Users\Troy\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-09 03:31; 50ed2817d5ed0@50ed2817d5f00.com; C:\Users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\t1yvk9h7.default\extensions\50ed2817d5ed0@50ed2817d5f00.com
FF - ExtSQL: !HIDDEN! 2012-06-20 07:09; {EB132DB0-A4CA-11DF-9732-0E29E0D72085}; C:\Program Files (x86)\OApps\firefoxaddon
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-5-7 56208]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-13 96896]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C60x64.sys [2012-5-14 76912]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-5-14 2157680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-5 1255736]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-5-5 24176]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2012-5-5 694888]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-20 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-20 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-20 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
S4 BroadCamService;BroadCam Video Streaming Server;C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe [2012-8-26 2584068]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-4 398184]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-22 682344]
S4 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2012-5-5 36864]
S4 RLM-GenArts;RLM-GenArts;C:\Program Files (x86)\GenArts\rlm\rlm.exe [2012-7-24 1540096]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S4 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-5-14 27760]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
FileExt: .js: JSFile=C:\Windows\System32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist]
ShellExec: PortraitProfessional.exe: open="C:\Program Files (x86)\Portrait Professional Studio 10\PortraitProfessionalStudio.exe" /P "%1"
.
=============== Created Last 30 ================
.
2013-01-28 18:02:13 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{208960A1-2B11-4FA3-82ED-1C9893B29A83}\mpengine.dll
2013-01-28 17:51:02 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-28 14:42:56 -------- d-----w- C:\Users\Troy\AppData\Roaming\Systweak
2013-01-28 14:42:47 -------- d-----w- C:\Program Files (x86)\RegClean Pro
2013-01-28 14:11:34 -------- d-----w- C:\Users\Troy\AppData\Roaming\SpeedMaxPc
2013-01-28 09:15:40 -------- d-----w- C:\Users\Troy\AppData\Roaming\ParetoLogic
2013-01-28 09:15:19 -------- d-----w- C:\ProgramData\ParetoLogic
2013-01-28 04:40:15 -------- d-----w- C:\Users\Troy\AppData\Roaming\FixCleaner
2013-01-28 04:40:06 -------- d-----w- C:\Program Files (x86)\FixCleaner
2013-01-28 04:26:15 -------- d-----w- C:\Users\Troy\AppData\Roaming\SpeedyPC Software
2013-01-28 04:25:40 -------- d-----w- C:\ProgramData\SpeedyPC Software
2013-01-26 06:20:39 -------- d-----w- C:\Program Files (x86)\InfoAtoms
2013-01-25 18:53:14 -------- d-----w- C:\Users\Troy\AppData\Roaming\Foxit Software
2013-01-25 11:51:09 -------- d-----w- C:\Users\Troy\AppData\Roaming\Uniblue
2013-01-21 08:13:24 -------- d-----w- C:\Users\Troy\AppData\Local\cache
2013-01-21 08:09:04 -------- d-----w- C:\ProgramData\VTech
2013-01-21 08:09:04 -------- d-----w- C:\Program Files (x86)\VTech
2013-01-21 00:05:40 -------- d-----w- C:\Windows\$regcmp$
2013-01-18 12:52:16 -------- d-----w- C:\Users\Troy\AppData\Roaming\DriverCure
2013-01-18 12:52:15 -------- d-----w- C:\Users\Troy\AppData\Roaming\SparkTrust
2013-01-16 08:51:48 -------- d-----w- C:\Users\Troy\AppData\Roaming\Azureus
2013-01-16 06:52:45 -------- d-----w- C:\Users\Troy\AppData\Local\Adobe
2013-01-16 06:39:02 -------- d-----w- C:\Users\Troy\AppData\Roaming\Ashampoo
2013-01-16 06:15:55 -------- d-----w- C:\Users\Troy\AppData\Roaming\CleanMyPC Software
2013-01-15 21:19:49 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-01-15 21:19:46 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-01-15 21:06:21 -------- d-----w- C:\ProgramData\SparkTrust
2013-01-15 20:35:49 -------- d-----w- C:\Program Files (x86)\NoVirusThanks
2013-01-15 18:49:06 -------- d-----w- C:\ProgramData\ErrorEND64
2013-01-15 02:40:22 200704 ----a-w- C:\Windows\SysWow64\vbalExpBar6.ocx
2013-01-15 02:40:21 484352 ----a-w- C:\Windows\SysWow64\lame_enc.dll
2013-01-15 02:40:21 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll
2013-01-15 02:40:21 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL
2013-01-15 02:40:21 15360 ----a-w- C:\Windows\SysWow64\inetfr.DLL
2013-01-15 02:40:21 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL
2013-01-15 02:40:21 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL
2013-01-15 02:40:21 115920 ----a-w- C:\Windows\SysWow64\msinet.OCX
2013-01-15 02:40:21 101888 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL
2013-01-15 02:40:07 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar
2013-01-15 02:39:23 -------- d-----w- C:\Program Files (x86)\Free Easy CD DVD Burner
2013-01-14 23:56:08 -------- d-----w- C:\Program Files (x86)\OI App Manager
2013-01-14 05:35:21 3591 ----a-w- C:\Users\Troy\Msirepair.reg
2013-01-13 22:08:56 -------- d-----w- C:\Users\Troy\Doctor Web
2013-01-12 00:26:41 -------- d-----w- C:\ProgramData\SpeedMaxPc
2013-01-12 00:14:48 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2013-01-12 00:14:46 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2013-01-12 00:14:46 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2013-01-12 00:14:46 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2013-01-12 00:14:42 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2013-01-12 00:14:41 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2013-01-12 00:14:41 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2013-01-12 00:13:44 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2013-01-12 00:13:44 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2013-01-12 00:12:54 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2013-01-12 00:12:54 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2013-01-12 00:12:29 5659096 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\721aeddd1cdf05906\skydrivesetup.exe
2013-01-12 00:12:29 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2013-01-12 00:12:28 -------- d-----r- C:\Users\Troy\SkyDrive
2013-01-12 00:12:17 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2013-01-12 00:12:00 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6e6503e41cdf05905\DXSETUP.exe
2013-01-12 00:12:00 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6e6503e41cdf05905\dsetup32.dll
2013-01-12 00:11:59 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6e6503e41cdf05905\DSETUP.dll
2013-01-12 00:11:52 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\67d255111cdf05903\DSETUP.dll
2013-01-12 00:11:52 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\67d255111cdf05903\DXSETUP.exe
2013-01-12 00:11:52 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\67d255111cdf05903\dsetup32.dll
2013-01-12 00:11:23 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5a92b8481cdf05901\DSETUP.dll
2013-01-12 00:11:23 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5a92b8481cdf05901\DXSETUP.exe
2013-01-12 00:11:23 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5a92b8481cdf05901\dsetup32.dll
2013-01-12 00:11:10 -------- d-----w- C:\Users\Troy\AppData\Local\Windows Live
2013-01-12 00:10:45 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2013-01-11 04:35:09 974848 ----a-w- C:\Windows\SysWow64\mfc70.dll
2013-01-11 04:35:09 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2013-01-11 04:35:09 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2013-01-11 02:57:15 11137024 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
2013-01-10 19:51:09 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2013-01-10 19:51:09 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-01-10 19:51:09 -------- d-----w- C:\ProgramData\AVS4YOU
2013-01-10 19:51:09 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2013-01-10 19:51:09 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2013-01-09 11:40:31 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-01-09 11:40:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-01-09 10:04:09 -------- d-----w- C:\ProgramData\WoW Worldwide Software LTD
2013-01-09 10:03:51 -------- d-----w- C:\Program Files (x86)\VaudiX
2013-01-09 10:02:39 -------- d-----w- C:\Program Files (x86)\MocaFlix
2013-01-09 10:00:29 -------- d-----w- C:\ProgramData\Vaudix
2013-01-09 09:25:53 -------- d-----w- C:\Program Files (x86)\vGrabber-software
2013-01-09 06:37:11 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 06:37:11 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 06:14:27 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-09 05:48:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-09 05:40:34 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-08 22:53:37 -------- d-----w- C:\Users\Troy\AppData\Local\join.me
2013-01-04 20:07:45 -------- d-----w- C:\Users\Troy\AppData\Local\Programs
2013-01-04 09:42:50 -------- d-----w- C:\ProgramData\Alien Skin
2013-01-04 09:42:41 -------- d-----w- C:\Users\Troy\AppData\Local\Alien Skin
2013-01-04 09:32:18 -------- d-----w- C:\Program Files (x86)\Alien Skin
2013-01-01 21:50:48 -------- d-----w- C:\Users\Troy\AppData\Roaming\HDRsoft
2013-01-01 21:50:48 -------- d-----w- C:\Program Files\PhotomatixPro4
2013-01-01 20:14:42 -------- d-----w- C:\Program Files (x86)\Imagenomic
.
==================== Find3M ====================
.
2012-12-22 22:23:48 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-22 22:23:48 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-25 04:58:41 3639 ----a-w- C:\Windows\SysWow64\WinMonitor.exe
2012-11-25 04:58:40 3639 ----a-w- C:\Windows\SysWow64\libs.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-21 05:09:03 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-01-26 18:11:08 444283 ----a-w- C:\Program Files\Common Files\WinPcapNmap.exe
.
============= FINISH: 18:31:28.48 ===============


Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
ZBot Trojan Remover v1.6
Malwarebytes Anti-Malware version 1.70.0.1100
CleanMyPC - Registry Cleaner
Frontline Registry Cleaner
Wise Registry Cleaner 7.55
JavaFX 2.1.1
Java(TM) 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.265 Flash Player out of Date!
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox 17.0.1 Firefox out of Date!
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````

View attachment dds.zip
View attachment attach.zip
View attachment checkup.zip

Thanks
Truth

 

[Will]

Hi truth,

We're going to run an advanced anti-malware tool. This will take out the bulk of the infection, but we will need to go through several steps to completely clean the PC.

Try to carry out the next set of instructions using Normal mode. If you cannot, be sure to boot into Safe Mode with Networking

:exclaim: **Read through these instructions in their entirety BEFORE executing them.** If you have any questions or are unsure about any of the following instructions PLEASE ASK for clarification before continuing. You may want to copy this page to notepad or print it as it will not be available while you run ComboFix.

1. Download ComboFix from the following location:
   
   Link 1
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
3. Double click on combofix.exe & follow the prompts.
   
   
4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
   
5. When finished, it shall produce a log for you. Post that log in your next reply
   
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
   
6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------

 

[truth]

ComboFix is now scanning three stages complete.

 

[truth]

Will, the scan has completed but I can't access anything it's saying "Illegal operation attempted on a registry that has been marked for deletion"
where do I go from here?
Truth

 

[Will]

Hi truth,

Please restart your computer, the error message should no longer appear.

A log should also have been produced by ComboFix. Please post this in your next reply as it contains important information. If you can't find it, the log should be located at C:/ComboFix.txt

 

[truth]

Goodmorning Will, Here's the log from the combofix scan:

ComboFix 13-01-28.02 - Troy 01/28/2013 19:23:53.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.7657.6211 [GMT -8:00]
Running from: c:\users\Troy\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
c:\program files (x86)\Shop to Win
c:\program files (x86)\Shop to Win\TestFeeds\DisableStatus.xml
c:\program files (x86)\Shop to Win\TestFeeds\DisableStatusDirection.xml
c:\program files (x86)\Shop to Win\TestFeeds\GenericPopup.xml
c:\program files (x86)\Shop to Win\TestFeeds\MainStatus.xml
c:\program files (x86)\Shop to Win\TestFeeds\ShoppingConfirmation.xml
c:\program files (x86)\Shop to Win\unins000.dat
c:\program files (x86)\smartdl
c:\program files (x86)\smartdl\dler.exe
c:\program files (x86)\smartdl\gunzip.exe
c:\program files (x86)\smartdl\header.bmp
c:\program files (x86)\smartdl\header2.bmp
c:\program files (x86)\smartdl\header3.bmp
c:\program files (x86)\smartdl\next.bmp
c:\program files (x86)\smartdl\skip.bmp
c:\program files (x86)\smartdl\status
c:\program files (x86)\smartdl\wget.exe
c:\users\Troy\Documents\ShopToWin
c:\windows\SysWow64\libs.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\windows
c:\windows\SysWow64\WinMonitor.exe
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-29 )))))))))))))))))))))))))))))))
.
.
2013-01-28 18:02 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{208960A1-2B11-4FA3-82ED-1C9893B29A83}\mpengine.dll
2013-01-28 17:51 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-28 14:42 . 2013-01-28 14:42 -------- d-----w- c:\users\Troy\AppData\Roaming\Systweak
2013-01-28 14:42 . 2013-01-28 17:47 -------- d-----w- c:\program files (x86)\RegClean Pro
2013-01-28 14:11 . 2013-01-28 14:11 -------- d-----w- c:\users\Troy\AppData\Roaming\SpeedMaxPc
2013-01-28 09:15 . 2013-01-28 09:15 -------- d-----w- c:\users\Troy\AppData\Roaming\ParetoLogic
2013-01-28 09:15 . 2013-01-28 15:14 -------- d-----w- c:\programdata\ParetoLogic
2013-01-28 04:40 . 2013-01-28 04:46 -------- d-----w- c:\users\Troy\AppData\Roaming\FixCleaner
2013-01-28 04:40 . 2013-01-28 15:12 -------- d-----w- c:\program files (x86)\FixCleaner
2013-01-28 04:26 . 2013-01-28 04:26 -------- d-----w- c:\users\Troy\AppData\Roaming\SpeedyPC Software
2013-01-28 04:25 . 2013-01-28 15:15 -------- d-----w- c:\programdata\SpeedyPC Software
2013-01-26 06:20 . 2013-01-28 17:47 -------- d-----w- c:\program files (x86)\InfoAtoms
2013-01-25 18:53 . 2013-01-25 18:53 -------- d-----w- c:\users\Troy\AppData\Roaming\Foxit Software
2013-01-25 11:51 . 2013-01-25 19:32 -------- d-----w- c:\users\Troy\AppData\Roaming\Uniblue
2013-01-21 08:13 . 2013-01-21 08:13 -------- d-----w- c:\users\Troy\AppData\Local\cache
2013-01-21 08:09 . 2013-01-21 08:09 -------- d-----w- c:\programdata\VTech
2013-01-21 08:09 . 2013-01-21 08:09 -------- d-----w- c:\program files (x86)\VTech
2013-01-21 00:05 . 2013-01-21 00:08 -------- d-----w- c:\windows\$regcmp$
2013-01-20 08:51 . 2013-01-20 08:52 -------- d-----w- c:\program files\Microsoft Silverlight
2013-01-20 08:51 . 2013-01-20 08:52 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-01-18 12:52 . 2013-01-18 12:52 -------- d-----w- c:\users\Troy\AppData\Roaming\DriverCure
2013-01-18 12:52 . 2013-01-18 12:52 -------- d-----w- c:\users\Troy\AppData\Roaming\SparkTrust
2013-01-16 08:51 . 2013-01-28 17:47 -------- d-----w- c:\users\Troy\AppData\Roaming\Azureus
2013-01-16 06:53 . 2013-01-16 07:07 -------- d-----w- c:\users\Troy\AppData\Roaming\Apple Computer
2013-01-16 06:52 . 2013-01-28 11:10 -------- d-----w- c:\users\Troy\AppData\Local\Adobe
2013-01-16 06:39 . 2013-01-16 06:39 -------- d-----w- c:\users\Troy\AppData\Roaming\Ashampoo
2013-01-16 06:15 . 2013-01-16 06:15 -------- d-----w- c:\users\Troy\AppData\Roaming\CleanMyPC Software
2013-01-15 21:19 . 2013-01-15 21:19 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-15 21:19 . 2013-01-15 21:19 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-15 21:06 . 2013-01-18 12:55 -------- d-----w- c:\programdata\SparkTrust
2013-01-15 20:35 . 2013-01-15 20:35 -------- d-----w- c:\program files (x86)\NoVirusThanks
2013-01-15 18:49 . 2013-01-15 18:49 -------- d-----w- c:\programdata\ErrorEND64
2013-01-15 03:54 . 2013-01-28 17:46 -------- d-----w- c:\users\Administrator
2013-01-15 02:40 . 2011-09-28 17:20 200704 ----a-w- c:\windows\SysWow64\vbalExpBar6.ocx
2013-01-15 02:40 . 2011-09-28 17:20 484352 ----a-w- c:\windows\SysWow64\lame_enc.dll
2013-01-15 02:40 . 2011-09-28 17:20 40960 ----a-w- c:\windows\SysWow64\SSubTmr6.dll
2013-01-15 02:40 . 2011-09-28 17:20 32768 ----a-w- c:\windows\SysWow64\CMDLGFR.DLL
2013-01-15 02:40 . 2011-09-28 17:20 15360 ----a-w- c:\windows\SysWow64\inetfr.DLL
2013-01-15 02:40 . 2011-09-28 17:20 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL
2013-01-15 02:40 . 2011-09-28 17:20 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL
2013-01-15 02:40 . 2011-09-28 17:20 115920 ----a-w- c:\windows\SysWow64\msinet.OCX
2013-01-15 02:40 . 2011-09-28 17:20 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL
2013-01-15 02:40 . 2013-01-15 02:40 -------- d-----w- c:\program files (x86)\Searchqu Toolbar
2013-01-15 02:39 . 2013-01-15 02:41 -------- d-----w- c:\program files (x86)\Free Easy CD DVD Burner
2013-01-14 23:56 . 2013-01-14 23:56 -------- d-----w- c:\program files (x86)\OI App Manager
2013-01-14 21:32 . 2013-01-28 17:47 -------- d-----w- c:\program files\Adobe
2013-01-14 21:25 . 2013-01-28 17:47 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-14 05:35 . 2013-01-14 05:35 3591 ----a-w- c:\users\Troy\Msirepair.reg
2013-01-13 22:08 . 2013-01-13 22:21 -------- d-----w- c:\users\Troy\Doctor Web
2013-01-12 00:26 . 2013-01-28 15:15 -------- d-----w- c:\programdata\SpeedMaxPc
2013-01-12 00:14 . 2010-06-02 12:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-01-12 00:14 . 2010-06-02 12:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-01-12 00:14 . 2010-06-02 12:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-01-12 00:14 . 2010-06-02 12:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-01-12 00:14 . 2010-05-26 19:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-01-12 00:14 . 2010-05-26 19:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-01-12 00:14 . 2010-05-26 19:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-01-12 00:13 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-01-12 00:13 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-01-12 00:12 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-01-12 00:12 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-01-12 00:12 . 2013-01-12 00:12 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-01-12 00:12 . 2013-01-12 00:12 -------- d-----r- c:\users\Troy\SkyDrive
2013-01-12 00:12 . 2013-01-12 00:12 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-01-12 00:11 . 2013-01-12 00:11 -------- d-----w- c:\users\Troy\AppData\Local\Windows Live
2013-01-12 00:10 . 2013-01-12 00:10 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-01-11 04:35 . 2002-01-05 23:48 974848 ----a-w- c:\windows\SysWow64\mfc70.dll
2013-01-11 04:35 . 2002-01-05 22:40 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2013-01-11 04:35 . 2002-01-05 10:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2013-01-11 02:57 . 2012-03-24 03:58 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2013-01-10 19:51 . 2013-01-11 04:54 -------- d-----w- c:\program files (x86)\AVS4YOU
2013-01-10 19:51 . 2013-01-11 02:58 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2013-01-10 19:51 . 2013-01-10 19:52 -------- d-----w- c:\programdata\AVS4YOU
2013-01-10 19:51 . 2012-03-24 03:59 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2013-01-10 19:51 . 2012-03-24 03:59 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-01-09 11:40 . 2013-01-09 11:40 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-01-09 11:40 . 2013-01-09 11:40 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-09 10:04 . 2013-01-09 10:04 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2013-01-09 10:03 . 2013-01-09 10:03 -------- d-----w- c:\program files (x86)\VaudiX
2013-01-09 10:02 . 2013-01-13 22:34 -------- d-----w- c:\program files (x86)\MocaFlix
2013-01-09 10:00 . 2013-01-09 11:02 -------- d-----w- c:\programdata\Vaudix
2013-01-09 09:25 . 2013-01-09 09:27 -------- d-----w- c:\program files (x86)\vGrabber-software
2013-01-09 06:37 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 06:37 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 06:14 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 05:48 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-09 05:40 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 22:53 . 2013-01-08 22:53 -------- d-----w- c:\users\Troy\AppData\Local\join.me
2013-01-04 20:07 . 2013-01-04 20:07 -------- d-----w- c:\users\Troy\AppData\Local\Programs
2013-01-04 09:42 . 2013-01-04 09:42 -------- d-----w- c:\programdata\Alien Skin
2013-01-04 09:42 . 2013-01-04 09:42 -------- d-----w- c:\users\Troy\AppData\Local\Alien Skin
2013-01-04 09:32 . 2013-01-04 09:32 -------- d-----w- c:\program files (x86)\Alien Skin
2013-01-03 00:13 . 2013-01-03 00:13 -------- d-----w- c:\users\Public\Roaming
2013-01-01 21:50 . 2013-01-01 21:50 -------- d-----w- c:\program files\PhotomatixPro4
2013-01-01 21:50 . 2013-01-01 21:50 -------- d-----w- c:\users\Troy\AppData\Roaming\HDRsoft
2013-01-01 20:16 . 2013-01-01 20:52 -------- d-----w- c:\users\Troy\AppData\Roaming\Imagenomic
2013-01-01 20:14 . 2013-01-01 20:50 -------- d-----w- c:\program files (x86)\Imagenomic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 11:04 . 2012-06-05 10:53 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-22 22:23 . 2012-05-20 23:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-22 22:23 . 2012-05-20 23:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11 . 2012-12-21 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2012-05-06 02:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-09 05:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-21 05:09 . 2012-11-21 05:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-11-14 07:06 . 2012-12-14 01:52 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 01:52 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 01:52 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 01:52 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 01:52 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 01:52 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 01:52 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 01:52 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 01:52 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 01:52 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 01:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 01:52 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 01:52 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 01:52 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 01:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 01:52 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 01:52 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 01:52 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 01:52 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 01:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 01:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 01:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 02:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 02:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 17:24 . 2012-12-21 19:50 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7025589-5D1D-4358-A67B-2704BCA9FA66}\mpengine.dll
2012-11-02 05:59 . 2012-12-13 02:02 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 02:02 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2010-01-26 18:11 . 2012-08-13 10:28 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.

<pre>
c:\windows\Setup\scripts\7z 4.65 x64 Silent .exe
</pre>

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{234D72B6-0A31-D400-BF59-AB9820A24223}]
2013-01-09 08:19 118784 ----a-w- c:\programdata\Vaudix\50ed2817d604b.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Cleaner Scheduler"="c:\program files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" [2012-05-12 1403640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-18 911160]
"Akamai NetSession Interface"="c:\users\Troy\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-01-09 295072]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-15 512360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-05-06 3037296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-08 377800]
.
c:\users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Troy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\VaudiX\sprotector.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2011-03-29 694888]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
R4 BroadCamService;BroadCam Video Streaming Server;c:\program files (x86)\NCH Software\BroadCam\broadcam.exe [2012-08-26 2584068]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
R4 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
R4 RLM-GenArts;RLM-GenArts;c:\program files (x86)\GenArts\rlm\rlm.exe [2010-04-02 1540096]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-03-29 27760]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys [2011-03-23 76912]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-03-29 2157680]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 04:16]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 04:16]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706292512-3240535162-4024994405-1000Core.job
- c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 17:39]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706292512-3240535162-4024994405-1000UA.job
- c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 17:39]
.
2013-01-29 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://websearch.just-browse.info/
mStart Page = hxxp://websearch.just-browse.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{404474E3-A6C9-4F5B-A628-74EF9063583B}: NameServer = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\t1yvk9h7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.just-browse.info/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.just-browse.info/
FF - prefs.js: keyword.URL - hxxp://websearch.just-browse.info/?l=1&q=
FF - ExtSQL: 2013-01-09 03:31; 50ed2817d5ed0@50ed2817d5f00.com; c:\users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\t1yvk9h7.default\extensions\50ed2817d5ed0@50ed2817d5f00.com
FF - ExtSQL: !HIDDEN! 2012-06-20 07:09; {EB132DB0-A4CA-11DF-9732-0E29E0D72085}; c:\program files (x86)\OApps\firefoxaddon
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:9e,f2,fa,f1,b9,f2,2b,ab,23,ce,0f,20,ba,52,9a,bd,5b,68,64,0b,17,
42,17,6c,9e,35,70,fb,00,d3,64,a9,a9,08,d9,b9,3c,80,48,0a,99,e3,b3,93,05,ce,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9e,f2,fa,f1,b9,f2,2b,ab,23,ce,0f,20,ba,52,9a,bd,5b,68,64,0b,17,
42,17,6c,9e,35,70,fb,00,d3,64,a9,a9,08,d9,b9,3c,80,48,0a,99,e3,b3,93,05,ce,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\01\15\08\128?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2013-01-28 19:51:49 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-29 03:51
.
Pre-Run: 827,514,191,872 bytes free
Post-Run: 830,318,276,608 bytes free
.
- - End Of File - - 1713168893C961AD31F21B7BDEF25770


View attachment ComboFix.zip

Truth

 

[Will]

Hi truth,

We're going to run a script to take out some of the remnants still on the system.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. You may want to print and/or save the following instructions in Notepad as this webpage will not be available when you're carrying out the fix.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

RenV::
c:\windows\Setup\scripts\7z 4.65 x64 Silent .exe
FileLook::
c:\windows\system32\userinit.exe
DDS::
uStart Page = hxxp://websearch.just-browse.info/
mStart Page = hxxp://websearch.just-browse.info/
Firefox::
FF - ProfilePath - c:\users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\t1yvk9h7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.just-browse.info/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.just-browse.info/
FF - prefs.js: keyword.URL - hxxp://websearch.just-browse.info/?l=1&q=
FF - ExtSQL: 2013-01-09 03:31; 50ed2817d5ed0@50ed2817d5f00.com; c:\users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\t1yvk9h7.default\extensions\50ed2817d5ed0@50ed2817d5f00.com
FF - ExtSQL: !HIDDEN! 2012-06-20 07:09; {EB132DB0-A4CA-11DF-9732-0E29E0D72085}; c:\program files (x86)\OApps\firefoxaddon
Comment::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

Combofix may request an update, click Yes to allow it.

When finished, please post the C:\ComboFix.txt for further review.

 

[truth]

Hi, Will I completed the scan and here's the log:

ComboFix 13-01-29.01 - Troy 01/29/2013 9:05.2.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.7657.6445 [GMT -8:00]
Running from: c:\users\Troy\Desktop\ComboFix.exe
Command switches used :: c:\users\Troy\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
H:\flmcjh.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-29 )))))))))))))))))))))))))))))))
.
.
2013-01-29 17:11 . 2013-01-29 17:11 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-01-29 14:49 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02A1C392-B0F2-4634-A526-E191279DFF40}\mpengine.dll
2013-01-29 14:43 . 2013-01-29 14:43 -------- d--h--w- c:\windows\AxInstSV
2013-01-28 18:02 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{208960A1-2B11-4FA3-82ED-1C9893B29A83}\mpengine.dll
2013-01-28 17:51 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-28 14:42 . 2013-01-28 14:42 -------- d-----w- c:\users\Troy\AppData\Roaming\Systweak
2013-01-28 14:42 . 2013-01-28 17:47 -------- d-----w- c:\program files (x86)\RegClean Pro
2013-01-28 14:11 . 2013-01-28 14:11 -------- d-----w- c:\users\Troy\AppData\Roaming\SpeedMaxPc
2013-01-28 09:15 . 2013-01-28 09:15 -------- d-----w- c:\users\Troy\AppData\Roaming\ParetoLogic
2013-01-28 09:15 . 2013-01-28 15:14 -------- d-----w- c:\programdata\ParetoLogic
2013-01-28 04:40 . 2013-01-28 04:46 -------- d-----w- c:\users\Troy\AppData\Roaming\FixCleaner
2013-01-28 04:40 . 2013-01-28 15:12 -------- d-----w- c:\program files (x86)\FixCleaner
2013-01-28 04:26 . 2013-01-28 04:26 -------- d-----w- c:\users\Troy\AppData\Roaming\SpeedyPC Software
2013-01-28 04:25 . 2013-01-28 15:15 -------- d-----w- c:\programdata\SpeedyPC Software
2013-01-26 06:20 . 2013-01-28 17:47 -------- d-----w- c:\program files (x86)\InfoAtoms
2013-01-25 18:53 . 2013-01-25 18:53 -------- d-----w- c:\users\Troy\AppData\Roaming\Foxit Software
2013-01-25 11:51 . 2013-01-25 19:32 -------- d-----w- c:\users\Troy\AppData\Roaming\Uniblue
2013-01-21 08:13 . 2013-01-21 08:13 -------- d-----w- c:\users\Troy\AppData\Local\cache
2013-01-21 08:09 . 2013-01-21 08:09 -------- d-----w- c:\programdata\VTech
2013-01-21 08:09 . 2013-01-21 08:09 -------- d-----w- c:\program files (x86)\VTech
2013-01-21 00:05 . 2013-01-21 00:08 -------- d-----w- c:\windows\$regcmp$
2013-01-20 08:51 . 2013-01-20 08:52 -------- d-----w- c:\program files\Microsoft Silverlight
2013-01-20 08:51 . 2013-01-20 08:52 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-01-18 12:52 . 2013-01-18 12:52 -------- d-----w- c:\users\Troy\AppData\Roaming\DriverCure
2013-01-18 12:52 . 2013-01-18 12:52 -------- d-----w- c:\users\Troy\AppData\Roaming\SparkTrust
2013-01-16 08:51 . 2013-01-28 17:47 -------- d-----w- c:\users\Troy\AppData\Roaming\Azureus
2013-01-16 06:53 . 2013-01-16 07:07 -------- d-----w- c:\users\Troy\AppData\Roaming\Apple Computer
2013-01-16 06:52 . 2013-01-29 11:00 -------- d-----w- c:\users\Troy\AppData\Local\Adobe
2013-01-16 06:39 . 2013-01-16 06:39 -------- d-----w- c:\users\Troy\AppData\Roaming\Ashampoo
2013-01-16 06:15 . 2013-01-16 06:15 -------- d-----w- c:\users\Troy\AppData\Roaming\CleanMyPC Software
2013-01-15 21:19 . 2013-01-15 21:19 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-15 21:19 . 2013-01-15 21:19 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-15 21:06 . 2013-01-18 12:55 -------- d-----w- c:\programdata\SparkTrust
2013-01-15 20:35 . 2013-01-15 20:35 -------- d-----w- c:\program files (x86)\NoVirusThanks
2013-01-15 18:49 . 2013-01-15 18:49 -------- d-----w- c:\programdata\ErrorEND64
2013-01-15 03:54 . 2013-01-28 17:46 -------- d-----w- c:\users\Administrator
2013-01-15 02:40 . 2011-09-28 17:20 200704 ----a-w- c:\windows\SysWow64\vbalExpBar6.ocx
2013-01-15 02:40 . 2011-09-28 17:20 484352 ----a-w- c:\windows\SysWow64\lame_enc.dll
2013-01-15 02:40 . 2011-09-28 17:20 40960 ----a-w- c:\windows\SysWow64\SSubTmr6.dll
2013-01-15 02:40 . 2011-09-28 17:20 32768 ----a-w- c:\windows\SysWow64\CMDLGFR.DLL
2013-01-15 02:40 . 2011-09-28 17:20 15360 ----a-w- c:\windows\SysWow64\inetfr.DLL
2013-01-15 02:40 . 2011-09-28 17:20 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL
2013-01-15 02:40 . 2011-09-28 17:20 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL
2013-01-15 02:40 . 2011-09-28 17:20 115920 ----a-w- c:\windows\SysWow64\msinet.OCX
2013-01-15 02:40 . 2011-09-28 17:20 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL
2013-01-15 02:40 . 2013-01-15 02:40 -------- d-----w- c:\program files (x86)\Searchqu Toolbar
2013-01-15 02:39 . 2013-01-15 02:41 -------- d-----w- c:\program files (x86)\Free Easy CD DVD Burner
2013-01-14 23:56 . 2013-01-14 23:56 -------- d-----w- c:\program files (x86)\OI App Manager
2013-01-14 21:32 . 2013-01-28 17:47 -------- d-----w- c:\program files\Adobe
2013-01-14 21:25 . 2013-01-28 17:47 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-14 05:35 . 2013-01-14 05:35 3591 ----a-w- c:\users\Troy\Msirepair.reg
2013-01-13 22:08 . 2013-01-13 22:21 -------- d-----w- c:\users\Troy\Doctor Web
2013-01-12 00:26 . 2013-01-28 15:15 -------- d-----w- c:\programdata\SpeedMaxPc
2013-01-12 00:14 . 2010-06-02 12:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-01-12 00:14 . 2010-06-02 12:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-01-12 00:14 . 2010-06-02 12:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-01-12 00:14 . 2010-06-02 12:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-01-12 00:14 . 2010-05-26 19:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-01-12 00:14 . 2010-05-26 19:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-01-12 00:14 . 2010-05-26 19:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-01-12 00:13 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-01-12 00:13 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-01-12 00:12 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-01-12 00:12 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-01-12 00:12 . 2013-01-12 00:12 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-01-12 00:12 . 2013-01-12 00:12 -------- d-----r- c:\users\Troy\SkyDrive
2013-01-12 00:12 . 2013-01-12 00:12 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-01-12 00:11 . 2013-01-12 00:11 -------- d-----w- c:\users\Troy\AppData\Local\Windows Live
2013-01-12 00:10 . 2013-01-12 00:10 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-01-11 04:35 . 2002-01-05 23:48 974848 ----a-w- c:\windows\SysWow64\mfc70.dll
2013-01-11 04:35 . 2002-01-05 22:40 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2013-01-11 04:35 . 2002-01-05 10:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2013-01-11 02:57 . 2012-03-24 03:58 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2013-01-10 19:51 . 2013-01-11 04:54 -------- d-----w- c:\program files (x86)\AVS4YOU
2013-01-10 19:51 . 2013-01-11 02:58 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2013-01-10 19:51 . 2013-01-10 19:52 -------- d-----w- c:\programdata\AVS4YOU
2013-01-10 19:51 . 2012-03-24 03:59 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2013-01-10 19:51 . 2012-03-24 03:59 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-01-09 11:40 . 2013-01-09 11:40 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-01-09 11:40 . 2013-01-09 11:40 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-09 10:04 . 2013-01-09 10:04 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2013-01-09 10:03 . 2013-01-09 10:03 -------- d-----w- c:\program files (x86)\VaudiX
2013-01-09 10:02 . 2013-01-13 22:34 -------- d-----w- c:\program files (x86)\MocaFlix
2013-01-09 10:00 . 2013-01-09 11:02 -------- d-----w- c:\programdata\Vaudix
2013-01-09 09:25 . 2013-01-09 09:27 -------- d-----w- c:\program files (x86)\vGrabber-software
2013-01-09 06:37 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 06:37 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 06:14 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 05:48 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-09 05:40 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 22:53 . 2013-01-08 22:53 -------- d-----w- c:\users\Troy\AppData\Local\join.me
2013-01-04 20:07 . 2013-01-04 20:07 -------- d-----w- c:\users\Troy\AppData\Local\Programs
2013-01-04 09:42 . 2013-01-04 09:42 -------- d-----w- c:\programdata\Alien Skin
2013-01-04 09:42 . 2013-01-04 09:42 -------- d-----w- c:\users\Troy\AppData\Local\Alien Skin
2013-01-04 09:32 . 2013-01-04 09:32 -------- d-----w- c:\program files (x86)\Alien Skin
2013-01-03 00:13 . 2013-01-03 00:13 -------- d-----w- c:\users\Public\Roaming
2013-01-01 21:50 . 2013-01-01 21:50 -------- d-----w- c:\program files\PhotomatixPro4
2013-01-01 21:50 . 2013-01-01 21:50 -------- d-----w- c:\users\Troy\AppData\Roaming\HDRsoft
2013-01-01 20:16 . 2013-01-01 20:52 -------- d-----w- c:\users\Troy\AppData\Roaming\Imagenomic
2013-01-01 20:14 . 2013-01-01 20:50 -------- d-----w- c:\program files (x86)\Imagenomic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 11:04 . 2012-06-05 10:53 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-22 22:23 . 2012-05-20 23:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-22 22:23 . 2012-05-20 23:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11 . 2012-12-21 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2012-05-06 02:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-09 05:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-21 05:09 . 2012-11-21 05:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-11-14 07:06 . 2012-12-14 01:52 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 01:52 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 01:52 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 01:52 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 01:52 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 01:52 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 01:52 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 01:52 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 01:52 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 01:52 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 01:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 01:52 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 01:52 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 01:52 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 01:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 01:52 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 01:52 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 01:52 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 01:52 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 01:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 01:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 01:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 02:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 02:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 02:02 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 02:02 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2010-01-26 18:11 . 2012-08-13 10:28 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\userinit.exe ---
Company: Microsoft Corporation
File Description: Userinit Logon Application
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: USERINIT.EXE.MUI
File size: 30720
Created time: 2010-11-21 03:24
Modified time: 2010-11-21 03:24
MD5: BAFE84E637BF7388C96EF48D4D3FDD53
SHA1: 47267F943F060E36604D56C8895A6EECE063D9A1
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{234D72B6-0A31-D400-BF59-AB9820A24223}]
2013-01-09 08:19 118784 ----a-w- c:\programdata\Vaudix\50ed2817d604b.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Cleaner Scheduler"="c:\program files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" [2012-05-12 1403640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-18 911160]
"Akamai NetSession Interface"="c:\users\Troy\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4409664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-01-09 295072]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-15 512360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-05-06 3037296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 114584]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-08 377800]
.
c:\users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Troy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-21 28538560]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\VaudiX\sprotector.dll
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2011-03-29 694888]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
R4 BroadCamService;BroadCam Video Streaming Server;c:\program files (x86)\NCH Software\BroadCam\broadcam.exe [2012-08-26 2584068]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
R4 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
R4 RLM-GenArts;RLM-GenArts;c:\program files (x86)\GenArts\rlm\rlm.exe [2010-04-02 1540096]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-03-29 27760]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys [2011-03-23 76912]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-03-29 2157680]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 04:16]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 04:16]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706292512-3240535162-4024994405-1000Core.job
- c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 17:39]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706292512-3240535162-4024994405-1000UA.job
- c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 17:39]
.
2013-01-29 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://websearch.just-browse.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{404474E3-A6C9-4F5B-A628-74EF9063583B}: NameServer = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\t1yvk9h7.default\
FF - ExtSQL: 2013-01-09 03:31; 50ed2817d5ed0@50ed2817d5f00.com; c:\users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\t1yvk9h7.default\extensions\50ed2817d5ed0@50ed2817d5f00.com
FF - ExtSQL: !HIDDEN! 2012-06-20 07:09; {EB132DB0-A4CA-11DF-9732-0E29E0D72085}; c:\program files (x86)\OApps\firefoxaddon
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:9e,f2,fa,f1,b9,f2,2b,ab,23,ce,0f,20,ba,52,9a,bd,5b,68,64,0b,17,
42,17,6c,9e,35,70,fb,00,d3,64,a9,a9,08,d9,b9,3c,80,48,0a,99,e3,b3,93,05,ce,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9e,f2,fa,f1,b9,f2,2b,ab,23,ce,0f,20,ba,52,9a,bd,5b,68,64,0b,17,
42,17,6c,9e,35,70,fb,00,d3,64,a9,a9,08,d9,b9,3c,80,48,0a,99,e3,b3,93,05,ce,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\01\15\08\128?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-29 09:13:53
ComboFix-quarantined-files.txt 2013-01-29 17:13
.
Pre-Run: 830,063,017,984 bytes free
Post-Run: 830,083,223,552 bytes free
.
- - End Of File - - EC982BD682F64E1BBB776D1FF8859507


View attachment ComboFix (2).zip

Truth

 

[Will]

Hi truth, apologies for the delay.

Unfortunately there was a major issue with Combofix today, copies downloaded over the last day have been infected with an older piece of malware known as Sality. The author is currently investigating the tool, but in the mean time the latest information is available from here. I sincerely apologise for this, our aim is to remove malware infections and not to make the situation worse. Combofix has been used by millions of users, this is the first occasion I've ever seen a problem like this. Fortunately, the malware put onto the system is a much older infection and relatively easy to deal with.

Please follow the steps below, this will remove the Sality infection. We can then proceed with cleaning up the remnants of ZeroAccess. Please also delete your copy of Combofix.exe, we will use alternative tools where needed.

---------------------

Please download SalityKiller from here:
http://support.kaspersky.com/downloads/utils/salitykiller.zip

Extract the file, right click on SalityKiller.exe and click Run as Administrator. This should remove Sality from the computer.

---------------------

Please download the following file:
View attachment Sality_RegKeys.zip

Extract the file, right click on SafeBootWin7.reg and select Merge. This should restore the damage done by the infection.


---------------------

• Download TDSSKiller.exe to your desktop
• Execute TDSSKiller.exe by doubleclicking on it.
• Press Start Scan
  
• If Malicious objects are found, ensure Skip is selected.
  NOTE: Please do not attempt any fix yet.
• Once complete, a log will be produced at the root drive which is typically C:\
  For example, C:\TDSSKiller.2.8.8.0_date_time_log.txt
• Attach that log, please.

---------------------

 

[truth]

Hi, Will, I'm just thankful you all are here helping me with this. I did all tasks and here's the log:View attachment TDSSKiller.2.8.15.0_29.01.2013_20.59.36_log.zip

Thanks
Truth

 

[Will]

Hi truth,

That's great. We're going to run a couple more tools to check if anything else is still on the system.

Please download aswMBR.exe and save it to your desktop.

• Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
• Click Yes to the prompt to download the latest virus definitions.
• Click Scan
• Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
• You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

--------------------------------------

You have this program installed, Malwarebytes Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

• Click the Update tab
• Click Check for Updates
• If an update is found, it will download and install the latest version.
• The program will close to update and reopen.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything else is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
--------------------------------------


It's important to run an online scan to search for any remnants that may be lurking. Please go to here to run an online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• If any threats were found, click the 'List of found threats' , then click Export to text file....
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

------------------------------------------------------

 

[truth]

Hello, Will I had a problem with the aswMBR.exe it found a lurking file but then it would chrash but I did get the log up to that point: View attachment aswMBR.zip Here's the dat file: View attachment MBR.zip Here's the eset report: View attachment eset_report.zip My Malware program is not working I tried to run it but I get this error message: Run-time error '372': Failed to load control 'Web Browser' From iframe.dll. Your version of iframe.dll may be outdated.

Truth

 

[Will]

Hi truth, sorry for the delay.

The detected file by aswMBR.exe is part of the Sality infection, it won't be causing aswMBR.exe to hang. Combofix appears to have taken out most of the infection, but as aswMBR is hanging I want to get a deeper look at the system.

I don't see any AV program listed, which program are you referring to? Not all malware programs are full AV programs, it's essentially to have an active AV program running and we'll need to resolve that before we finish.

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror which will download a randomly named file
• Zipped Mirror - Unzip the file to its own folder such as C:\gmer
• Disconnect from the Internet and close all running programs
• Temporarily disable any real-time active protection
• It is very important you do not use your computer while GMER is running
  
• Double-click on the randomly named GMER
  
  icon
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
• If you receive a warning about rootkit activity and are asked to fully scan your system click NO
• Please check in the Quick scan box
• Please uncheck the following:
  • IAT/EAT
  • Show All <<< Important
  
  
  
• Click Scan
• If you see a rootkit warning window click OK
• When the scan is finished, Save the results to your desktop as gmer.log
• Click Copy then paste the results in your reply
• Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

Note:

• If you encounter any problems, try running GMER in Safe Mode
• If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

---------------------------

I would also like to run Combofix again for us to clean up the files detected by ESET. A clean copy of Combofix has now been re-uploaded, the previous issue has been resolved.

1. Download ComboFix from the following location:
   
   Link 1
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
3. Double click on combofix.exe & follow the prompts.
   
   
4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
   
5. When finished, it shall produce a log for you. Post that log in your next reply
   
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
   
6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------

 

[truth]

Hi, Will I did both tasks without any problems and here are the logs: View attachment GMER.zip
View attachment ComboFix (3).zip

ComboFix 13-01-31.03 - Troy 01/31/2013 19:03:08.3.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.7657.5923 [GMT -8:00]
Running from: c:\users\Troy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\smartdl
c:\program files (x86)\smartdl\gunzip.exe
c:\program files (x86)\smartdl\header.bmp
c:\program files (x86)\smartdl\header2.bmp
c:\program files (x86)\smartdl\header3.bmp
c:\program files (x86)\smartdl\next.bmp
c:\program files (x86)\smartdl\skip.bmp
c:\program files (x86)\smartdl\status
c:\program files (x86)\smartdl\wget.exe
C:\torrent.exe
c:\users\Troy\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-01 to 2013-02-01 )))))))))))))))))))))))))))))))
.
.
2013-02-01 03:13 . 2013-02-01 03:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-01-31 23:29 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2235FBD-2988-459D-8298-9FA381B60D4F}\mpengine.dll
2013-01-30 21:32 . 2013-01-30 21:32 -------- d-----w- c:\program files (x86)\ESET
2013-01-30 20:39 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-30 17:44 . 2013-01-30 17:44 -------- d-----w- c:\users\Troy\AppData\Roaming\Malwarebytes
2013-01-30 01:55 . 2013-01-30 01:55 -------- d-----w- c:\program files (x86)\Citrix
2013-01-29 14:49 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02A1C392-B0F2-4634-A526-E191279DFF40}\mpengine.dll
2013-01-28 14:42 . 2013-01-28 14:42 -------- d-----w- c:\users\Troy\AppData\Roaming\Systweak
2013-01-28 14:42 . 2013-01-28 17:47 -------- d-----w- c:\program files (x86)\RegClean Pro
2013-01-28 14:11 . 2013-01-28 14:11 -------- d-----w- c:\users\Troy\AppData\Roaming\SpeedMaxPc
2013-01-28 09:15 . 2013-01-28 09:15 -------- d-----w- c:\users\Troy\AppData\Roaming\ParetoLogic
2013-01-28 09:15 . 2013-01-28 15:14 -------- d-----w- c:\programdata\ParetoLogic
2013-01-28 04:40 . 2013-01-28 04:46 -------- d-----w- c:\users\Troy\AppData\Roaming\FixCleaner
2013-01-28 04:40 . 2013-01-28 15:12 -------- d-----w- c:\program files (x86)\FixCleaner
2013-01-28 04:26 . 2013-01-28 04:26 -------- d-----w- c:\users\Troy\AppData\Roaming\SpeedyPC Software
2013-01-28 04:25 . 2013-01-28 15:15 -------- d-----w- c:\programdata\SpeedyPC Software
2013-01-26 06:20 . 2013-01-28 17:47 -------- d-----w- c:\program files (x86)\InfoAtoms
2013-01-25 18:53 . 2013-01-25 18:53 -------- d-----w- c:\users\Troy\AppData\Roaming\Foxit Software
2013-01-25 11:51 . 2013-01-25 19:32 -------- d-----w- c:\users\Troy\AppData\Roaming\Uniblue
2013-01-21 08:13 . 2013-01-21 08:13 -------- d-----w- c:\users\Troy\AppData\Local\cache
2013-01-21 08:09 . 2013-01-21 08:09 -------- d-----w- c:\programdata\VTech
2013-01-21 08:09 . 2013-01-21 08:09 -------- d-----w- c:\program files (x86)\VTech
2013-01-21 00:05 . 2013-01-21 00:08 -------- d-----w- c:\windows\$regcmp$
2013-01-20 08:51 . 2013-01-20 08:52 -------- d-----w- c:\program files\Microsoft Silverlight
2013-01-20 08:51 . 2013-01-20 08:52 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-01-18 12:52 . 2013-01-18 12:52 -------- d-----w- c:\users\Troy\AppData\Roaming\DriverCure
2013-01-18 12:52 . 2013-01-18 12:52 -------- d-----w- c:\users\Troy\AppData\Roaming\SparkTrust
2013-01-16 08:51 . 2013-01-28 17:47 -------- d-----w- c:\users\Troy\AppData\Roaming\Azureus
2013-01-16 06:53 . 2013-01-16 07:07 -------- d-----w- c:\users\Troy\AppData\Roaming\Apple Computer
2013-01-16 06:52 . 2013-01-31 10:00 -------- d-----w- c:\users\Troy\AppData\Local\Adobe
2013-01-16 06:39 . 2013-01-16 06:39 -------- d-----w- c:\users\Troy\AppData\Roaming\Ashampoo
2013-01-16 06:15 . 2013-01-16 06:15 -------- d-----w- c:\users\Troy\AppData\Roaming\CleanMyPC Software
2013-01-15 21:19 . 2013-01-15 21:19 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-15 21:19 . 2013-01-15 21:19 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-15 21:06 . 2013-01-18 12:55 -------- d-----w- c:\programdata\SparkTrust
2013-01-15 18:49 . 2013-01-15 18:49 -------- d-----w- c:\programdata\ErrorEND64
2013-01-15 03:54 . 2013-01-28 17:46 -------- d-----w- c:\users\Administrator
2013-01-15 02:40 . 2011-09-28 17:20 200704 ----a-w- c:\windows\SysWow64\vbalExpBar6.ocx
2013-01-15 02:40 . 2011-09-28 17:20 484352 ----a-w- c:\windows\SysWow64\lame_enc.dll
2013-01-15 02:40 . 2011-09-28 17:20 40960 ----a-w- c:\windows\SysWow64\SSubTmr6.dll
2013-01-15 02:40 . 2011-09-28 17:20 32768 ----a-w- c:\windows\SysWow64\CMDLGFR.DLL
2013-01-15 02:40 . 2011-09-28 17:20 15360 ----a-w- c:\windows\SysWow64\inetfr.DLL
2013-01-15 02:40 . 2011-09-28 17:20 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL
2013-01-15 02:40 . 2011-09-28 17:20 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL
2013-01-15 02:40 . 2011-09-28 17:20 115920 ----a-w- c:\windows\SysWow64\msinet.OCX
2013-01-15 02:40 . 2011-09-28 17:20 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL
2013-01-15 02:40 . 2013-01-15 02:40 -------- d-----w- c:\program files (x86)\Searchqu Toolbar
2013-01-15 02:39 . 2013-01-15 02:41 -------- d-----w- c:\program files (x86)\Free Easy CD DVD Burner
2013-01-14 23:56 . 2013-01-14 23:56 -------- d-----w- c:\program files (x86)\OI App Manager
2013-01-14 21:32 . 2013-01-28 17:47 -------- d-----w- c:\program files\Adobe
2013-01-14 21:25 . 2013-01-28 17:47 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-14 05:35 . 2013-01-14 05:35 3591 ----a-w- c:\users\Troy\Msirepair.reg
2013-01-13 22:08 . 2013-01-13 22:21 -------- d-----w- c:\users\Troy\Doctor Web
2013-01-12 00:26 . 2013-01-28 15:15 -------- d-----w- c:\programdata\SpeedMaxPc
2013-01-12 00:14 . 2010-06-02 12:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-01-12 00:14 . 2010-06-02 12:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-01-12 00:14 . 2010-06-02 12:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-01-12 00:14 . 2010-06-02 12:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-01-12 00:14 . 2010-05-26 19:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-01-12 00:14 . 2010-05-26 19:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-01-12 00:14 . 2010-05-26 19:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-01-12 00:13 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-01-12 00:13 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-01-12 00:12 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-01-12 00:12 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-01-12 00:12 . 2013-01-12 00:12 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-01-12 00:12 . 2013-01-12 00:12 -------- d-----r- c:\users\Troy\SkyDrive
2013-01-12 00:12 . 2013-01-12 00:12 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-01-12 00:11 . 2013-01-12 00:11 -------- d-----w- c:\users\Troy\AppData\Local\Windows Live
2013-01-12 00:10 . 2013-01-12 00:10 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-01-11 04:35 . 2002-01-05 23:48 974848 ----a-w- c:\windows\SysWow64\mfc70.dll
2013-01-11 04:35 . 2002-01-05 22:40 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2013-01-11 04:35 . 2002-01-05 10:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2013-01-11 02:57 . 2012-03-24 03:58 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2013-01-10 19:51 . 2013-01-11 04:54 -------- d-----w- c:\program files (x86)\AVS4YOU
2013-01-10 19:51 . 2013-01-11 02:58 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2013-01-10 19:51 . 2013-01-10 19:52 -------- d-----w- c:\programdata\AVS4YOU
2013-01-10 19:51 . 2012-03-24 03:59 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2013-01-10 19:51 . 2012-03-24 03:59 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-01-09 11:40 . 2013-01-09 11:40 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-01-09 11:40 . 2013-01-09 11:40 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-09 10:04 . 2013-01-09 10:04 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2013-01-09 10:03 . 2013-01-09 10:03 -------- d-----w- c:\program files (x86)\VaudiX
2013-01-09 10:00 . 2013-01-09 11:02 -------- d-----w- c:\programdata\Vaudix
2013-01-09 09:25 . 2013-01-09 09:27 -------- d-----w- c:\program files (x86)\vGrabber-software
2013-01-09 06:37 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 06:37 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 06:14 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 05:48 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-09 05:40 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 22:53 . 2013-01-08 22:53 -------- d-----w- c:\users\Troy\AppData\Local\join.me
2013-01-04 20:07 . 2013-01-04 20:07 -------- d-----w- c:\users\Troy\AppData\Local\Programs
2013-01-04 09:42 . 2013-01-04 09:42 -------- d-----w- c:\programdata\Alien Skin
2013-01-04 09:42 . 2013-01-04 09:42 -------- d-----w- c:\users\Troy\AppData\Local\Alien Skin
2013-01-04 09:32 . 2013-01-04 09:32 -------- d-----w- c:\program files (x86)\Alien Skin
2013-01-03 00:13 . 2013-01-03 00:13 -------- d-----w- c:\users\Public\Roaming
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 11:04 . 2012-06-05 10:53 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-22 22:23 . 2012-05-20 23:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-22 22:23 . 2012-05-20 23:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11 . 2012-12-21 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2012-05-06 02:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-09 05:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-21 05:09 . 2012-11-21 05:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-11-14 07:06 . 2012-12-14 01:52 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 01:52 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 01:52 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 01:52 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 01:52 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 01:52 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 01:52 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 01:52 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 01:52 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 01:52 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 01:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 01:52 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 01:52 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 01:52 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 01:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 01:52 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 01:52 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 01:52 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 01:52 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 01:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 01:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 01:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 02:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 02:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-01-26 18:11 . 2012-08-13 10:28 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{234D72B6-0A31-D400-BF59-AB9820A24223}]
2013-01-09 08:19 118784 ----a-w- c:\programdata\Vaudix\50ed2817d604b.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Cleaner Scheduler"="c:\program files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" [2012-05-12 1403640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-18 911160]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-01-09 295072]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-15 512360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-05-06 3037296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-01-30 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-08 377800]
.
c:\users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\VaudiX\sprotector.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2011-03-29 694888]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
R4 BroadCamService;BroadCam Video Streaming Server;c:\program files (x86)\NCH Software\BroadCam\broadcam.exe [2012-08-26 2584068]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
R4 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
R4 RLM-GenArts;RLM-GenArts;c:\program files (x86)\GenArts\rlm\rlm.exe [2010-04-02 1540096]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-03-29 27760]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys [2011-03-23 76912]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-03-29 2157680]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 62548380
*NewlyCreated* - PXLDIPOW
*Deregistered* - 62548380
*Deregistered* - aswMBR
*Deregistered* - pxldipow
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 04:16]
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-25 04:16]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706292512-3240535162-4024994405-1000Core.job
- c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 17:39]
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3706292512-3240535162-4024994405-1000UA.job
- c:\users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 17:39]
.
2013-02-01 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Troy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://websearch.just-browse.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{404474E3-A6C9-4F5B-A628-74EF9063583B}: NameServer = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\t1yvk9h7.default\
FF - ExtSQL: 2013-01-09 03:31; 50ed2817d5ed0@50ed2817d5f00.com; c:\users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\t1yvk9h7.default\extensions\50ed2817d5ed0@50ed2817d5f00.com
FF - ExtSQL: !HIDDEN! 2012-06-20 07:09; {EB132DB0-A4CA-11DF-9732-0E29E0D72085}; c:\program files (x86)\OApps\firefoxaddon
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Troy\AppData\Local\Akamai\netsession_win.exe
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:9e,f2,fa,f1,b9,f2,2b,ab,23,ce,0f,20,ba,52,9a,bd,5b,68,64,0b,17,
42,17,6c,9e,35,70,fb,00,d3,64,a9,a9,08,d9,b9,3c,80,48,0a,99,e3,b3,93,05,ce,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9e,f2,fa,f1,b9,f2,2b,ab,23,ce,0f,20,ba,52,9a,bd,5b,68,64,0b,17,
42,17,6c,9e,35,70,fb,00,d3,64,a9,a9,08,d9,b9,3c,80,48,0a,99,e3,b3,93,05,ce,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\01\15\08\128?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-31 19:28:53
ComboFix-quarantined-files.txt 2013-02-01 03:28
ComboFix2.txt 2013-01-29 17:13
.
Pre-Run: 871,222,280,192 bytes free
Post-Run: 871,270,543,360 bytes free
.
- - End Of File - - D6B4D83DC5390F044E72DA833ACCE34F


Thanks
Truth

 

[Will]

Hi truth,

I notice you have several registry cleaners installed on your system. In general, registry cleaners are a lot more trouble than they're worth. Very rarely is there any speed increase, but all too often registry cleaners suffer from "false positive" errors which can potentially leave your system unbootable. We strongly recommend you uninstall the following programs:

CleanMyPC - Registry Cleaner
Wise Registry Cleaner 7.55

We will run several tools in the following steps. This is a mixture of general cleanup, and checking for any remnants still on the system.

----------------------------

Your Java is out of date.

Java is frequently updated to address security vulnerabilities, having outdated Java versions is a frequent vector for infections. Click > Start > Control Panel > Programs and Features and uninstall the following programs:

Java 7 Update 7 (64-bit)
Java Auto Updater
Java(TM) 7 Update 5

You can download the latest version of Java from here:
Download Free Java Software

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • 
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

----------------------------

Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------------------------

Download OTL to your desktop.

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).

• Click Run Scan and let the program run uninterrupted.
• When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized
  .

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

 

[truth]

Hello, Will I can't install Java due to my windows installer can't be accessed and the OTL scan is giving me this error: Access violation at address 0052DFB7 in module'OTL.exe Read of 00000000 and then it just sits idle and doesn't scan anymore.

Here's the log from the AdwCleaner: View attachment AdwCleaner[R2].zip

Thanks
Truth

 

[Will]

Hi truth,

Let's run Rogue Killer again and see if ZA is still a problem. Please run the program and attack its log in your next reply.

I'm currently looking into the OTL and Windows Installer errors. Is this a work machine? If so you may be better off going to your support department and having them re-image the computer for you. Unfortunately advanced infections can cause errors that persist even after the malware itself is gone.

 

[truth]

Hi, Will here's the log from the rogue killer scan:View attachment RKreport[3]_S_02032013_02d0007.zip

Thanks
Truth