TechSpot

[A] Boot loop

Inactive
By stormgarde
Aug 13, 2012
Topic Status:
Not open for further replies.
  1. Seeing a lot of posts like these, not sure if mine is the same as any of the others...

    I am usually pretty good with this stuff. This one has me stumped though. It started with hearing ads playing in the background when nothing was running (I.e. computer booted up, heard an ad for the new spiderman movie without even opening anything). Did a few scans with superantispyware, malwarebytes, and ccleaner. Found some trojans, negligible cookies, and a rootkit. Upon restarting after cleaning the infections, my desktop icons have aligned to the side of the monitor and when I move them and hit refresh, they go right back to where they were before. upon doing some research it would seem that the rootkit is the culprit... I have not dealt with one of these before, and it would seem that cleaning it did not repair the damage it caused.

    I checked up on some other programs and noticed that microsoft security essentials apaprently disappeared, and I am unable to enable windows defender. So I downloaded MSE (again?) and started scanning with it. about 15 minutes into the scan it threw the critical problem error and is now stuck in a boot loop.

    so that brings me here where apparently this is a hot topic, and from the looks of it you request a farbar log, which I have provided below. This is beyond my virus cleaning capabilities. Please help! Also if you see any unnecessary stuff running, feel free to give me some pointers on clearing them up. The computer is ~4 years old, but still a near-top-of-the-line gaming computer and I would like to have it running at full capacity again.

    Scan result of Farbar Recovery Scan Tool Version: 14-08-2012
    Ran by SYSTEM at 13-08-2012 19:15:46
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2342800 2009-06-01] (Microsoft Corporation)
    HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [16896 2007-11-23] (Creative Technology Ltd.)
    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1680976 2010-10-28] (Logitech, Inc.)
    HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [5889816 2011-12-07] (Logitech Inc.)
    HKLM\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot [384232 2012-07-12] (BillP Studios)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry [x]
    HKLM-x32\...\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r [57344 2005-02-15] (Creative Technology Ltd)
    HKLM-x32\...\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{EC6D5F08-1694-431F-8200-3B0A8A61AC5A}\AMBSPISyncService.exe /StartRunKey [1233199 2008-08-12] (Creative Technology Ltd)
    HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [384232 2012-07-12] (BillP Studios)
    HKU\Will\...\Run: [AdobeBridge] [x]
    HKU\Will\...\Run: [Google Update] "C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-16] (Google Inc.)
    HKU\Will\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-07-09] (SUPERAntiSpyware.com)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
    Startup: C:\Users\Will\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

    ==================== Services (Whitelisted) ======

    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
    3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
    2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [111616 2009-09-17] (Andrea Electronics Corporation)
    2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    4 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-05-24] ()

    ========================== Drivers (Whitelisted) =============

    3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [478208 2009-09-17] (Analog Devices, Inc.)
    3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [14392 2007-12-17] ()
    3 L6PODX3LV; C:\Windows\System32\Drivers\L6PODX3LV64.sys [770816 2010-09-07] (Line 6)
    3 MCfilt; C:\Windows\System32\drivers\MCfilt64.sys [25600 2009-09-17] (Creative Technology Ltd.)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
    3 P17; C:\Windows\System32\Drivers\P17.sys [1309696 2009-10-16] (Creative Technology Ltd.)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-23] (Duplex Secure Ltd.)
    3 ALSysIO; \??\C:\Users\Will\AppData\Local\Temp\ALSysIO64.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-13 19:14 - 2012-08-13 19:15 - 00000000 ____D C:\FRST
    2012-08-13 18:06 - 2012-08-13 18:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0B6E413111EA478
    2012-08-13 18:06 - 2012-08-13 18:06 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\uyganlrc.sys
    2012-08-13 18:02 - 2012-08-13 18:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B24BF0B1C2B09403
    2012-08-13 17:55 - 2012-08-13 17:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D4E46280C8B8F45
    2012-08-13 17:50 - 2012-08-13 17:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.37EFFD7460A91135
    2012-08-13 17:41 - 2012-08-13 17:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB7654E947CB0EFE
    2012-08-13 17:27 - 2012-08-13 17:27 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-13 17:27 - 2012-08-13 17:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-13 17:27 - 2012-08-13 17:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-08-13 17:25 - 2012-08-13 17:26 - 12621696 ____A (Microsoft Corporation) C:\Users\Will\Downloads\mseinstall.exe
    2012-08-13 17:24 - 2012-08-13 17:28 - 00004199 ____A C:\Windows\WindowsUpdate.log
    2012-08-13 17:16 - 2012-08-13 17:16 - 00000000 ____D C:\Users\Will\AppData\Roaming\WinPatrol
    2012-08-13 17:16 - 2012-08-13 17:16 - 00000000 ____D C:\Users\All Users\InstallMate
    2012-08-13 17:16 - 2012-08-13 17:16 - 00000000 ____D C:\Program Files (x86)\BillP Studios
    2012-08-13 17:09 - 2012-08-13 17:09 - 00885448 ____A (BillP Studios) C:\Users\Will\Downloads\wpsetup.exe
    2012-08-13 16:55 - 2012-08-13 16:55 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-08-13 16:45 - 2012-08-13 16:45 - 00607260 ____A (Swearware) C:\Users\Will\Downloads\dds.com
    2012-08-13 16:44 - 2012-08-13 16:44 - 00881494 ____A C:\Users\Will\Downloads\SecurityCheck.exe
    2012-08-13 16:41 - 2012-08-13 16:41 - 00050477 ____A C:\Users\Will\Downloads\Defogger.exe
    2012-08-13 16:41 - 2012-08-13 16:41 - 00000650 ____A C:\Users\Will\Downloads\defogger_disable.log
    2012-08-13 16:41 - 2012-08-13 16:41 - 00000188 ____A C:\Users\Will\defogger_reenable
    2012-08-13 16:35 - 2012-08-13 16:35 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-08-13 16:30 - 2012-08-13 16:31 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Will\Downloads\tdsskiller.exe
    2012-08-12 05:24 - 2012-08-12 05:24 - 00001651 ____A C:\Users\Will\Desktop\Wow - Shortcut.lnk
    2012-08-12 04:39 - 2012-08-13 17:43 - 00000726 ____A C:\Windows\PFRO.log
    2012-08-12 00:00 - 2012-08-13 18:04 - 00001288 ____A C:\Windows\setupact.log
    2012-08-12 00:00 - 2012-08-12 00:00 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-11 22:23 - 2012-08-11 22:23 - 03907920 ____A (Piriform Ltd) C:\Users\Will\Downloads\ccsetup321.exe
    2012-08-11 22:15 - 2012-08-11 22:15 - 00000000 ____D C:\Users\Will\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-11 22:15 - 2012-08-11 22:15 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-08-11 22:15 - 2012-08-11 22:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-08-11 22:13 - 2012-08-11 22:14 - 19113832 ____A (SUPERAntiSpyware.com) C:\Users\Will\Downloads\SUPERAntiSpyware.exe
    2012-08-07 16:40 - 2012-08-07 16:40 - 00000000 ____D C:\Users\All Users\ATI
    2012-08-07 16:40 - 2012-08-07 16:40 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-08-07 16:23 - 2012-08-07 16:29 - 158124424 ____A (Advanced Micro Devices, Inc.) C:\Users\Will\Downloads\12-6_vista_win7_64_dd_ccc.exe
    2012-07-28 09:34 - 2012-07-28 09:35 - 00000000 ____D C:\Users\Will\Documents\lifted_ultimate_guitar_songs
    2012-07-16 16:28 - 2012-08-13 17:38 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922222807-1611373505-41519391-1001UA.job
    2012-07-16 16:28 - 2012-08-13 16:38 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922222807-1611373505-41519391-1001Core.job
    2012-07-15 09:45 - 2012-07-15 09:45 - 00000000 ____D C:\Users\Will\Downloads\Interface368
    2012-07-14 17:30 - 2012-07-14 17:31 - 00000000 ____D C:\Users\Will\AppData\Roaming\TS3Client
    2012-07-14 17:30 - 2012-07-14 17:30 - 00000000 ____D C:\Users\Will\AppData\Roaming\ts3overlay
    2012-07-14 17:29 - 2012-07-14 17:29 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client

    ============ 3 Months Modified Files ========================

    2012-08-13 18:06 - 2012-08-13 18:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0B6E413111EA478
    2012-08-13 18:06 - 2012-08-13 18:06 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\uyganlrc.sys
    2012-08-13 18:04 - 2012-08-12 00:00 - 00001288 ____A C:\Windows\setupact.log
    2012-08-13 18:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-13 18:02 - 2012-08-13 18:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B24BF0B1C2B09403
    2012-08-13 17:58 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-08-13 17:55 - 2012-08-13 17:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D4E46280C8B8F45
    2012-08-13 17:52 - 2012-04-07 16:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-13 17:50 - 2012-08-13 17:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.37EFFD7460A91135
    2012-08-13 17:43 - 2012-08-12 04:39 - 00000726 ____A C:\Windows\PFRO.log
    2012-08-13 17:41 - 2012-08-13 17:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB7654E947CB0EFE
    2012-08-13 17:38 - 2012-07-16 16:28 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922222807-1611373505-41519391-1001UA.job
    2012-08-13 17:28 - 2012-08-13 17:24 - 00004199 ____A C:\Windows\WindowsUpdate.log
    2012-08-13 17:27 - 2012-08-13 17:27 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-13 17:27 - 2010-05-24 13:31 - 00760780 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-13 17:26 - 2012-08-13 17:25 - 12621696 ____A (Microsoft Corporation) C:\Users\Will\Downloads\mseinstall.exe
    2012-08-13 17:09 - 2012-08-13 17:09 - 00885448 ____A (BillP Studios) C:\Users\Will\Downloads\wpsetup.exe
    2012-08-13 16:49 - 2009-07-13 20:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-13 16:49 - 2009-07-13 20:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-13 16:45 - 2012-08-13 16:45 - 00607260 ____A (Swearware) C:\Users\Will\Downloads\dds.com
    2012-08-13 16:44 - 2012-08-13 16:44 - 00881494 ____A C:\Users\Will\Downloads\SecurityCheck.exe
    2012-08-13 16:41 - 2012-08-13 16:41 - 00050477 ____A C:\Users\Will\Downloads\Defogger.exe
    2012-08-13 16:41 - 2012-08-13 16:41 - 00000650 ____A C:\Users\Will\Downloads\defogger_disable.log
    2012-08-13 16:41 - 2012-08-13 16:41 - 00000188 ____A C:\Users\Will\defogger_reenable
    2012-08-13 16:38 - 2012-07-16 16:28 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922222807-1611373505-41519391-1001Core.job
    2012-08-13 16:31 - 2012-08-13 16:30 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Will\Downloads\tdsskiller.exe
    2012-08-12 05:24 - 2012-08-12 05:24 - 00001651 ____A C:\Users\Will\Desktop\Wow - Shortcut.lnk
    2012-08-12 00:00 - 2012-08-12 00:00 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-11 22:23 - 2012-08-11 22:23 - 03907920 ____A (Piriform Ltd) C:\Users\Will\Downloads\ccsetup321.exe
    2012-08-11 22:14 - 2012-08-11 22:13 - 19113832 ____A (SUPERAntiSpyware.com) C:\Users\Will\Downloads\SUPERAntiSpyware.exe
    2012-08-11 17:16 - 2009-07-13 21:13 - 00743686 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-07 16:29 - 2012-08-07 16:23 - 158124424 ____A (Advanced Micro Devices, Inc.) C:\Users\Will\Downloads\12-6_vista_win7_64_dd_ccc.exe
    2012-08-07 13:39 - 2009-07-13 20:45 - 03303728 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-03 18:52 - 2012-04-07 16:10 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-03 18:52 - 2011-05-15 07:19 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-25 06:09 - 2012-01-13 19:47 - 00003158 ____A C:\Users\Will\Documents\dragon_soul_tank_guide.txt
    2012-07-16 16:28 - 2010-05-21 19:59 - 00117504 ____A C:\Users\Will\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-12 16:30 - 2010-12-02 18:32 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
    2012-07-10 20:49 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-07-10 20:46 - 2010-05-25 22:37 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-06 18:17 - 2012-07-06 18:17 - 01287016 ____A (Microsoft Corporation) C:\Users\Will\Downloads\wlsetup-web.exe
    2012-07-04 12:12 - 2012-07-04 12:12 - 00000427 ____A C:\Users\Will\Downloads\61166.torrent
    2012-07-03 12:46 - 2011-11-26 11:15 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-27 20:34 - 2012-06-27 20:34 - 00061440 ____A C:\Windows\SysWOW64\nvPhotoshopUtil.dll
    2012-06-27 20:34 - 2012-06-27 20:34 - 00040960 ____A C:\Windows\SysWOW64\nvISWOW64.dll
    2012-06-27 20:34 - 2012-06-27 20:33 - 18518446 ____A (InstallShield Software Corporation) C:\Users\Will\Downloads\Photoshop_Plugins_x64_8.54.0625.1800.exe
    2012-06-27 20:34 - 2012-06-27 20:32 - 00151552 ____A C:\Windows\SysWOW64\nvRegDev.dll
    2012-06-27 20:33 - 2012-06-27 20:33 - 01815240 ____A (InstallShield Software Corporation) C:\Users\Will\Downloads\DDS_viewer.exe
    2012-06-27 20:32 - 2012-06-27 20:31 - 10690888 ____A (InstallShield Software Corporation) C:\Users\Will\Downloads\DDS_Utilities_8.31.1127.1645.exe
    2012-06-24 15:49 - 2012-06-24 15:49 - 00013895 ____A C:\Users\Will\Downloads\BSA_Unpacker-4804-1-0.rar
    2012-06-24 09:55 - 2012-06-24 09:55 - 00000146 ____A C:\Users\Will\Desktop\Sound - Shortcut.lnk
    2012-06-15 06:57 - 2012-06-15 06:57 - 00001070 ____A C:\Users\Will\Documents - Shortcut.lnk
    2012-06-14 20:16 - 2012-06-14 17:49 - 3442802688 ____A C:\Users\Will\Downloads\air-nexus2.iso
    2012-06-11 19:08 - 2012-07-10 20:49 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 12:50 - 2012-06-11 12:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-06-11 12:50 - 2012-06-11 12:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-06-11 12:49 - 2012-06-11 12:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
    2012-06-11 10:29 - 2011-12-05 19:18 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
    2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-06-11 09:24 - 2012-06-11 09:24 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-06-11 09:23 - 2010-08-04 00:54 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-06-11 09:16 - 2012-06-11 09:16 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-06-11 09:01 - 2010-08-04 00:37 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-06-11 08:51 - 2011-01-26 14:32 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
    2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-06-11 08:43 - 2012-06-11 08:43 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-06-11 08:36 - 2011-01-26 14:21 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-06-11 08:27 - 2011-12-05 18:13 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-06-11 08:26 - 2011-12-05 18:12 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-06-11 08:26 - 2011-12-05 18:12 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-06-11 08:25 - 2012-06-11 08:25 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-06-11 08:25 - 2011-01-26 14:12 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-06-11 08:25 - 2010-04-06 17:22 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-06-11 08:24 - 2012-06-11 08:24 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-06-10 16:38 - 2012-06-10 16:38 - 16474544 ____A (Nullsoft, Inc.) C:\Users\Will\Downloads\winamp5623_full_emusic-7plus_all.exe
    2012-06-09 20:33 - 2012-06-09 20:33 - 03862112 ____A (Piriform Ltd) C:\Users\Will\Downloads\ccsetup319.exe
    2012-06-08 21:43 - 2012-07-10 20:08 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-10 20:08 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-10 20:08 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-10 20:08 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-10 20:08 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-10 20:08 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-10 20:08 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-10 20:08 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 14:19 - 2012-06-23 06:16 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-23 06:16 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-23 06:16 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-23 06:16 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-23 06:16 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-23 06:16 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-23 06:16 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-23 06:16 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-23 06:16 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:49 - 2012-07-10 20:45 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-10 20:45 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-10 20:45 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-10 20:45 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-10 20:45 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-10 20:45 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-10 20:45 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-10 20:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-10 20:45 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-10 20:45 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-10 20:45 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-10 20:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-10 20:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-10 20:45 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-10 20:45 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-10 20:45 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-10 20:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-10 20:45 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-10 20:45 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-10 20:45 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-10 20:45 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-10 20:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-10 20:45 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-10 20:45 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-10 20:45 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-10 20:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-10 20:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-10 20:45 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:50 - 2012-07-10 20:08 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-10 20:08 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-10 20:08 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-10 20:08 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-10 20:08 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-10 20:08 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-10 20:08 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-10 20:08 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-10 20:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-25 14:30 - 2012-05-25 14:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
    2012-05-25 14:30 - 2012-05-25 14:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_lgSSBW_01_00_00.Wdf
    2012-05-21 06:01 - 2012-05-20 13:07 - 00000290 ____A C:\Users\Will\Documents\diablo_3_barbarian_tank_setup.txt

    ZeroAccess:
    C:\Windows\Installer\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b}
    C:\Windows\Installer\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b}\@
    C:\Windows\Installer\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b}\L
    C:\Windows\Installer\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b}\U
    C:\Windows\Installer\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b}\U\00000001.@
    C:\Windows\Installer\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b}\U\80000000.@
    C:\Windows\Installer\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b}\U\800000cb.@

    ZeroAccess:
    C:\Users\Will\AppData\Local\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b}
    C:\Users\Will\AppData\Local\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b}\@
    C:\Users\Will\AppData\Local\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b}\L
    C:\Users\Will\AppData\Local\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 7%
    Total physical RAM: 16382.18 MB
    Available physical RAM: 15175.64 MB
    Total Pagefile: 16380.33 MB
    Available Pagefile: 15184.04 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:596.07 GB) (Free:80.43 GB) NTFS
    2 Drive e: (GRMCHPXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    3 Drive f: (CORSAIR) (Removable) (Total:14.93 GB) (Free:14.93 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 14 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 596 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 596 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F CORSAIR FAT32 Removable 14 GB Healthy

    ==================================================================================

    Last Boot: 2012-08-07 05:30

    ======================= End Of Log ==========================
     
  2. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.
     
  3. stormgarde

    stormgarde TS Rookie Topic Starter

    The search ran for a really long time... don't know if this is the information you were looking for.

    Farbar Recovery Scan Tool Version: 14-08-2012
    Ran by SYSTEM at 2012-08-13 20:38:55
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-08-13 17:58] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  4. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    Please post BOTH logs, rKill.txt and Combofix.txt.
     

    Attached Files:

  5. stormgarde

    stormgarde TS Rookie Topic Starter

    fixlog.txt below, combofix is running now (I have been posting from another computer since the start).


    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-08-2012
    Ran by SYSTEM at 2012-08-13 21:44:29 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg Value deleted successfully.
    C:\Windows\System32\services.exe.A0B6E413111EA478 moved successfully.
    C:\Windows\System32\Drivers\uyganlrc.sys not found.
    C:\Windows\System32\services.exe.B24BF0B1C2B09403 moved successfully.
    C:\Windows\System32\services.exe.6D4E46280C8B8F45 moved successfully.
    C:\Windows\System32\services.exe.37EFFD7460A91135 moved successfully.
    C:\Windows\System32\services.exe.CB7654E947CB0EFE moved successfully.
    C:\Windows\Installer\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b} moved successfully.
    C:\Users\Will\AppData\Local\{fced1ba1-e047-b75d-b9a3-bc3eb4af449b} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  6. stormgarde

    stormgarde TS Rookie Topic Starter

    Here is the Combofix log. Don't know that it matters, but my computer reset while I was afk and when it came back up all my antivirus stuff ran and MSE found a virus "Win64/Sirefef.B" I have not done anything with it yet... running rkill now

    ComboFix 12-08-13.01 - Will 08/13/2012 21:55:54.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16382.14114 [GMT -7:00]
    Running from: c:\users\Will\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    c:\windows\w32dasm8.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-14 03:34 . 2012-08-14 03:34328704----a-w-c:\windows\system32\services.exe.AFB7D2A119A2B5D3
    2012-08-14 03:14 . 2012-08-14 03:15--------d-----w-C:\FRST
    2012-08-14 01:33 . 2012-02-09 21:17927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF6B0914-3988-41F2-8AA5-BCD3355461F1}\gapaengine.dll
    2012-08-14 01:32 . 2012-07-16 09:409133488------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{583FE901-1D82-4567-9FBE-4DB394AE6F05}\mpengine.dll
    2012-08-14 01:27 . 2012-08-14 01:27--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-08-14 01:27 . 2012-08-14 01:27--------d-----w-c:\program files\Microsoft Security Client
    2012-08-14 01:16 . 2012-08-14 01:16--------d-----w-c:\users\Will\AppData\Roaming\WinPatrol
    2012-08-14 01:16 . 2012-08-14 01:16--------d-----w-c:\programdata\InstallMate
    2012-08-14 01:16 . 2012-08-14 01:16--------d-----w-c:\program files (x86)\BillP Studios
    2012-08-14 00:55 . 2012-08-14 00:55--------d-----w-c:\program files (x86)\ESET
    2012-08-14 00:35 . 2012-08-14 00:35--------d-----w-C:\TDSSKiller_Quarantine
    2012-08-12 06:15 . 2012-08-12 06:15--------d-----w-c:\users\Will\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-12 06:15 . 2012-08-12 06:15--------d-----w-c:\program files\SUPERAntiSpyware
    2012-08-12 06:15 . 2012-08-12 06:15--------d-----w-c:\programdata\SUPERAntiSpyware.com
    2012-08-12 00:34 . 2012-08-12 00:34--------d-----w-c:\program files (x86)\Konami
    2012-08-08 02:31 . 2012-08-08 02:31--------d-----w-c:\program files (x86)\BIOGame
    2012-08-08 02:28 . 2012-08-08 02:28--------d--h--w-c:\program files (x86)\Common Files\EAInstaller
    2012-08-08 02:11 . 2012-08-08 02:11--------d-----w-c:\program files (x86)\Mass Effect 3
    2012-08-08 00:40 . 2012-08-08 00:40--------d-----w-c:\programdata\ATI
    2012-08-08 00:40 . 2012-08-08 00:40--------d-----w-c:\program files (x86)\AMD APP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-04 02:52 . 2012-04-08 00:10426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-04 02:52 . 2011-05-15 15:1970344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-13 00:30 . 2010-12-03 02:3218960----a-w-c:\windows\system32\drivers\LNonPnP.sys
    2012-07-11 04:46 . 2010-05-26 06:3759701280----a-w-c:\windows\system32\MRT.exe
    2012-07-03 20:46 . 2011-11-26 19:1524904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-29 10:04 . 2012-08-10 13:439133488------w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCBB7657-CC95-45DE-A6F5-9151C801098F}\mpengine.dll
    2012-06-28 04:34 . 2012-06-28 04:3461440----a-w-c:\windows\SysWow64\nvPhotoshopUtil.dll
    2012-06-28 04:34 . 2012-06-28 04:3440960----a-w-c:\windows\SysWow64\nvISWOW64.dll
    2012-06-28 04:34 . 2012-06-28 04:32151552----a-w-c:\windows\SysWow64\nvRegDev.dll
    2012-06-12 03:08 . 2012-07-11 04:493148800----a-w-c:\windows\system32\win32k.sys
    2012-06-11 20:50 . 2012-06-11 20:50187392----a-w-c:\windows\system32\clinfo.exe
    2012-06-11 20:50 . 2012-06-11 20:5075264----a-w-c:\windows\system32\OpenVideo64.dll
    2012-06-11 20:50 . 2012-06-11 20:5065024----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-06-11 20:50 . 2012-06-11 20:5063488----a-w-c:\windows\system32\OVDecode64.dll
    2012-06-11 20:50 . 2012-06-11 20:5056320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-06-11 20:50 . 2012-06-11 20:5016457728----a-w-c:\windows\system32\amdocl64.dll
    2012-06-11 20:49 . 2012-06-11 20:4913008896----a-w-c:\windows\SysWow64\amdocl.dll
    2012-06-11 18:59 . 2012-06-11 18:5910248192----a-w-c:\windows\system32\drivers\atikmdag.sys
    2012-06-11 18:35 . 2012-06-11 18:3570144----a-w-c:\windows\system32\coinst_8.98.dll
    2012-06-11 18:29 . 2011-12-06 03:1824826368----a-w-c:\windows\system32\atio6axx.dll
    2012-06-11 18:00 . 2012-06-11 18:0020467712----a-w-c:\windows\SysWow64\atioglxx.dll
    2012-06-11 17:25 . 2012-06-11 17:25163840----a-w-c:\windows\system32\atiapfxx.exe
    2012-06-11 17:24 . 2012-06-11 17:24924160----a-w-c:\windows\SysWow64\aticfx32.dll
    2012-06-11 17:23 . 2010-08-04 08:541090560----a-w-c:\windows\system32\aticfx64.dll
    2012-06-11 17:20 . 2012-06-11 17:20442368----a-w-c:\windows\system32\ATIDEMGX.dll
    2012-06-11 17:19 . 2012-06-11 17:19532992----a-w-c:\windows\system32\atieclxx.exe
    2012-06-11 17:19 . 2012-06-11 17:19239616----a-w-c:\windows\system32\atiesrxx.exe
    2012-06-11 17:17 . 2012-06-11 17:17120320----a-w-c:\windows\system32\atitmm64.dll
    2012-06-11 17:17 . 2012-06-11 17:1721504----a-w-c:\windows\system32\atimuixx.dll
    2012-06-11 17:17 . 2012-06-11 17:1759392----a-w-c:\windows\system32\atiedu64.dll
    2012-06-11 17:17 . 2012-06-11 17:1743520----a-w-c:\windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16 . 2012-06-11 17:166301696----a-w-c:\windows\SysWow64\atidxx32.dll
    2012-06-11 17:01 . 2010-08-04 08:376914560----a-w-c:\windows\system32\atidxx64.dll
    2012-06-11 16:51 . 2011-01-26 22:324246528----a-w-c:\windows\system32\atiumd6a.dll
    2012-06-11 16:45 . 2012-06-11 16:4551200----a-w-c:\windows\system32\aticalrt64.dll
    2012-06-11 16:45 . 2012-06-11 16:4546080----a-w-c:\windows\SysWow64\aticalrt.dll
    2012-06-11 16:45 . 2012-06-11 16:455480448----a-w-c:\windows\SysWow64\atiumdag.dll
    2012-06-11 16:45 . 2012-06-11 16:4544544----a-w-c:\windows\system32\aticalcl64.dll
    2012-06-11 16:45 . 2012-06-11 16:4544032----a-w-c:\windows\SysWow64\aticalcl.dll
    2012-06-11 16:45 . 2012-06-11 16:4515703040----a-w-c:\windows\system32\aticaldd64.dll
    2012-06-11 16:43 . 2012-06-11 16:434729344----a-w-c:\windows\SysWow64\atiumdva.dll
    2012-06-11 16:40 . 2012-06-11 16:4013277696----a-w-c:\windows\SysWow64\aticaldd.dll
    2012-06-11 16:36 . 2011-01-26 22:216605824----a-w-c:\windows\system32\atiumd64.dll
    2012-06-11 16:27 . 2011-12-06 02:13539136----a-w-c:\windows\system32\atiadlxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26368640----a-w-c:\windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26 . 2011-12-06 02:1217920----a-w-c:\windows\system32\atig6pxx.dll
    2012-06-11 16:26 . 2012-06-11 16:2614848----a-w-c:\windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:2614848----a-w-c:\windows\system32\atiglpxx.dll
    2012-06-11 16:26 . 2011-12-06 02:1241984----a-w-c:\windows\system32\atig6txx.dll
    2012-06-11 16:26 . 2012-06-11 16:2633280----a-w-c:\windows\SysWow64\atigktxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26367616----a-w-c:\windows\system32\drivers\atikmpag.sys
    2012-06-11 16:25 . 2010-04-07 01:2254784----a-w-c:\windows\system32\atiuxp64.dll
    2012-06-11 16:25 . 2012-06-11 16:2542496----a-w-c:\windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25 . 2011-01-26 22:1245056----a-w-c:\windows\system32\atiu9p64.dll
    2012-06-11 16:24 . 2012-06-11 16:2432768----a-w-c:\windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24 . 2012-06-11 16:2453248----a-w-c:\windows\system32\drivers\ati2erec.dll
    2012-06-11 16:23 . 2012-06-11 16:2356320----a-w-c:\windows\system32\atimpc64.dll
    2012-06-11 16:23 . 2012-06-11 16:2356320----a-w-c:\windows\system32\amdpcom64.dll
    2012-06-11 16:23 . 2012-06-11 16:2356832----a-w-c:\windows\SysWow64\atimpc32.dll
    2012-06-11 16:23 . 2012-06-11 16:2356832----a-w-c:\windows\SysWow64\amdpcom32.dll
    2012-06-09 05:43 . 2012-07-11 04:0814172672----a-w-c:\windows\system32\shell32.dll
    2012-06-09 01:18 . 2012-06-09 01:211261568----a-w-c:\windows\system\SYNSOACC.dll
    2012-06-06 06:06 . 2012-07-11 04:082004480----a-w-c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 04:081881600----a-w-c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 04:081133568----a-w-c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 04:081390080----a-w-c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 04:081236992----a-w-c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 04:08805376----a-w-c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-23 14:1638424----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-23 14:162428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-23 14:1657880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-23 14:1644056----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-23 14:16186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-23 14:16701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-23 14:162622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-23 14:1636864----a-w-c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-23 14:1699840----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 12:49 . 2012-07-11 04:4517807360----a-w-c:\windows\system32\mshtml.dll
    2012-06-02 12:17 . 2012-07-11 04:4510924032----a-w-c:\windows\system32\ieframe.dll
    2012-06-02 12:12 . 2012-07-11 04:452311680----a-w-c:\windows\system32\jscript9.dll
    2012-06-02 12:05 . 2012-07-11 04:451346048----a-w-c:\windows\system32\urlmon.dll
    2012-06-02 12:05 . 2012-07-11 04:451392128----a-w-c:\windows\system32\wininet.dll
    2012-06-02 12:04 . 2012-07-11 04:451494528----a-w-c:\windows\system32\inetcpl.cpl
    2012-06-02 12:04 . 2012-07-11 04:45237056----a-w-c:\windows\system32\url.dll
    2012-06-02 12:03 . 2012-07-11 04:4585504----a-w-c:\windows\system32\jsproxy.dll
    2012-06-02 12:01 . 2012-07-11 04:45173056----a-w-c:\windows\system32\ieUnatt.exe
    2012-06-02 12:00 . 2012-07-11 04:45818688----a-w-c:\windows\system32\jscript.dll
    2012-06-02 11:59 . 2012-07-11 04:452144768----a-w-c:\windows\system32\iertutil.dll
    2012-06-02 11:57 . 2012-07-11 04:4596768----a-w-c:\windows\system32\mshtmled.dll
    2012-06-02 11:57 . 2012-07-11 04:452382848----a-w-c:\windows\system32\mshtml.tlb
    2012-06-02 11:54 . 2012-07-11 04:45248320----a-w-c:\windows\system32\ieui.dll
    2012-06-02 08:33 . 2012-07-11 04:451800192----a-w-c:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25 . 2012-07-11 04:451129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-06-02 08:25 . 2012-07-11 04:451427968----a-w-c:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-11 04:45142848----a-w-c:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-11 04:452382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:50 . 2012-07-11 04:08458704----a-w-c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 04:0895600----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-11 04:08151920----a-w-c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-11 04:08340992----a-w-c:\windows\system32\schannel.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "P17RunE"="P17RunE.dll" [2008-03-28 14848]
    "CTSysVol"="c:\program files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
    "CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{EC6D5F08-1694-431F-8200-3B0A8A61AC5A}\AMBSPISyncService.exe" [2008-08-12 1233199]
    "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-02-03 237693]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
    "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]
    .
    c:\users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2012-7-14 0]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
    R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6144]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-05 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-05 79360]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-05-29 25992]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-06-06 1038088]
    R3 L6PODX3LV;POD X3 Live Service;c:\windows\system32\Drivers\L6PODX3LV64.sys [2010-09-07 770816]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
    R3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt64.sys [2009-09-17 25600]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 9216]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1255736]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-23 834544]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
    S3 ALSysIO;ALSysIO;c:\users\Will\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
    S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-10-31 79360]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 02:52]
    .
    2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922222807-1611373505-41519391-1001Core.job
    - c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17 00:28]
    .
    2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922222807-1611373505-41519391-1001UA.job
    - c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17 00:28]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 2342800]
    "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2007-11-23 16896]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
    "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-07-13 384232]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://mail.yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0ov6jb1g.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.http - 24.113.173.21
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 2
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
    36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
    "{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
    68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
    f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:74,89,dc,08,7c,22,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:3c,1d,71,90,85,83,3d,03,1e,6d,51,b8,11,cc,50,9e,1f,ea,a1,72,db,
    7b,3a,37,c7,b6,cc,0c,af,b5,9e,5b,df,8e,a6,7b,ee,9d,89,0c,1a,c9,13,18,40,b0,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:3c,1d,71,90,85,83,3d,03,1e,6d,51,b8,11,cc,50,9e,1f,ea,a1,72,db,
    7b,3a,37,c7,b6,cc,0c,af,b5,9e,5b,df,8e,a6,7b,ee,9d,89,0c,1a,c9,13,18,40,b0,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\DAODx.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\users\Will\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-13 22:15:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-14 05:15
    .
    Pre-Run: 86,157,713,408 bytes free
    Post-Run: 86,151,077,888 bytes free
    .
    - - End Of File - - 61DDAA75D756FFE0A5347506624269D1
     
  7. stormgarde

    stormgarde TS Rookie Topic Starter

    And here is the rkill log.

    Rkill 2.1.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 08/13/2012 10:21:46 PM in x64 mode.
    Windows Version: Windows 7

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * C:\Users\Will\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 (PID: 3696) [UP-HEUR]

    1 proccess terminated!

    Checking Registry for malware related settings.

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    * HKLM\Software\Classes\.com "@" has been changed to ComFile!
    * HKLM\Software\Classes\.com "@" was reset to comfile!


    Performing miscellaneous checks.

    * No issues found.

    Searching for Missing Digital Signatures:

    * No issues found.

    Restarting Explorer.exe in order to apply changes.

    Program finished at: 08/13/2012 10:22:01 PM
    Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
     
  8. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    At what location? Most likely in FRST quarantine folder.

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\services.exe.AFB7D2A119A2B5D3
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  9. stormgarde

    stormgarde TS Rookie Topic Starter

    I will do this when I get home tonight. Computer seemed to be running fine this morning, thanks for your help!
     
  10. Broni

    Broni Malware Annihilator Posts: 46,860   +254

  11. stormgarde

    stormgarde TS Rookie Topic Starter

    ComboFix 12-08-14.05 - Will 08/14/2012 17:38:44.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16382.14221 [GMT -7:00]
    Running from: c:\users\Will\Desktop\ComboFix.exe
    Command switches used :: c:\users\Will\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\services.exe.AFB7D2A119A2B5D3"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\services.exe.AFB7D2A119A2B5D3
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-15 00:46 . 2012-08-15 00:46--------d-----w-c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-08-15 00:46 . 2012-08-15 00:46--------d-----w-c:\users\Default\AppData\Local\temp
    2012-08-14 03:14 . 2012-08-14 03:15--------d-----w-C:\FRST
    2012-08-14 01:27 . 2012-08-14 01:27--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-08-14 01:27 . 2012-08-14 01:27--------d-----w-c:\program files\Microsoft Security Client
    2012-08-14 01:16 . 2012-08-14 01:16--------d-----w-c:\users\Will\AppData\Roaming\WinPatrol
    2012-08-14 00:55 . 2012-08-14 00:55--------d-----w-c:\program files (x86)\ESET
    2012-08-14 00:35 . 2012-08-14 00:35--------d-----w-C:\TDSSKiller_Quarantine
    2012-08-12 06:15 . 2012-08-12 06:15--------d-----w-c:\users\Will\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-12 06:15 . 2012-08-12 06:15--------d-----w-c:\program files\SUPERAntiSpyware
    2012-08-12 06:15 . 2012-08-12 06:15--------d-----w-c:\programdata\SUPERAntiSpyware.com
    2012-08-12 00:34 . 2012-08-12 00:34--------d-----w-c:\program files (x86)\Konami
    2012-08-08 02:31 . 2012-08-08 02:31--------d-----w-c:\program files (x86)\BIOGame
    2012-08-08 02:28 . 2012-08-08 02:28--------d--h--w-c:\program files (x86)\Common Files\EAInstaller
    2012-08-08 02:11 . 2012-08-08 02:11--------d-----w-c:\program files (x86)\Mass Effect 3
    2012-08-08 00:40 . 2012-08-08 00:40--------d-----w-c:\programdata\ATI
    2012-08-08 00:40 . 2012-08-08 00:40--------d-----w-c:\program files (x86)\AMD APP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-15 00:48 . 2012-08-15 00:4869000----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{583FE901-1D82-4567-9FBE-4DB394AE6F05}\offreg.dll
    2012-08-04 02:52 . 2012-04-08 00:10426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-04 02:52 . 2011-05-15 15:1970344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-16 09:40 . 2012-08-14 01:329133488------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{583FE901-1D82-4567-9FBE-4DB394AE6F05}\mpengine.dll
    2012-07-13 00:30 . 2010-12-03 02:3218960----a-w-c:\windows\system32\drivers\LNonPnP.sys
    2012-07-11 04:46 . 2010-05-26 06:3759701280----a-w-c:\windows\system32\MRT.exe
    2012-07-03 20:46 . 2011-11-26 19:1524904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-29 10:04 . 2012-08-10 13:439133488------w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCBB7657-CC95-45DE-A6F5-9151C801098F}\mpengine.dll
    2012-06-28 04:34 . 2012-06-28 04:3461440----a-w-c:\windows\SysWow64\nvPhotoshopUtil.dll
    2012-06-28 04:34 . 2012-06-28 04:3440960----a-w-c:\windows\SysWow64\nvISWOW64.dll
    2012-06-28 04:34 . 2012-06-28 04:32151552----a-w-c:\windows\SysWow64\nvRegDev.dll
    2012-06-12 03:08 . 2012-07-11 04:493148800----a-w-c:\windows\system32\win32k.sys
    2012-06-11 20:50 . 2012-06-11 20:50187392----a-w-c:\windows\system32\clinfo.exe
    2012-06-11 20:50 . 2012-06-11 20:5075264----a-w-c:\windows\system32\OpenVideo64.dll
    2012-06-11 20:50 . 2012-06-11 20:5065024----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-06-11 20:50 . 2012-06-11 20:5063488----a-w-c:\windows\system32\OVDecode64.dll
    2012-06-11 20:50 . 2012-06-11 20:5056320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-06-11 20:50 . 2012-06-11 20:5016457728----a-w-c:\windows\system32\amdocl64.dll
    2012-06-11 20:49 . 2012-06-11 20:4913008896----a-w-c:\windows\SysWow64\amdocl.dll
    2012-06-11 18:59 . 2012-06-11 18:5910248192----a-w-c:\windows\system32\drivers\atikmdag.sys
    2012-06-11 18:35 . 2012-06-11 18:3570144----a-w-c:\windows\system32\coinst_8.98.dll
    2012-06-11 18:29 . 2011-12-06 03:1824826368----a-w-c:\windows\system32\atio6axx.dll
    2012-06-11 18:00 . 2012-06-11 18:0020467712----a-w-c:\windows\SysWow64\atioglxx.dll
    2012-06-11 17:25 . 2012-06-11 17:25163840----a-w-c:\windows\system32\atiapfxx.exe
    2012-06-11 17:24 . 2012-06-11 17:24924160----a-w-c:\windows\SysWow64\aticfx32.dll
    2012-06-11 17:23 . 2010-08-04 08:541090560----a-w-c:\windows\system32\aticfx64.dll
    2012-06-11 17:20 . 2012-06-11 17:20442368----a-w-c:\windows\system32\ATIDEMGX.dll
    2012-06-11 17:19 . 2012-06-11 17:19532992----a-w-c:\windows\system32\atieclxx.exe
    2012-06-11 17:19 . 2012-06-11 17:19239616----a-w-c:\windows\system32\atiesrxx.exe
    2012-06-11 17:17 . 2012-06-11 17:17120320----a-w-c:\windows\system32\atitmm64.dll
    2012-06-11 17:17 . 2012-06-11 17:1721504----a-w-c:\windows\system32\atimuixx.dll
    2012-06-11 17:17 . 2012-06-11 17:1759392----a-w-c:\windows\system32\atiedu64.dll
    2012-06-11 17:17 . 2012-06-11 17:1743520----a-w-c:\windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16 . 2012-06-11 17:166301696----a-w-c:\windows\SysWow64\atidxx32.dll
    2012-06-11 17:01 . 2010-08-04 08:376914560----a-w-c:\windows\system32\atidxx64.dll
    2012-06-11 16:51 . 2011-01-26 22:324246528----a-w-c:\windows\system32\atiumd6a.dll
    2012-06-11 16:45 . 2012-06-11 16:4551200----a-w-c:\windows\system32\aticalrt64.dll
    2012-06-11 16:45 . 2012-06-11 16:4546080----a-w-c:\windows\SysWow64\aticalrt.dll
    2012-06-11 16:45 . 2012-06-11 16:455480448----a-w-c:\windows\SysWow64\atiumdag.dll
    2012-06-11 16:45 . 2012-06-11 16:4544544----a-w-c:\windows\system32\aticalcl64.dll
    2012-06-11 16:45 . 2012-06-11 16:4544032----a-w-c:\windows\SysWow64\aticalcl.dll
    2012-06-11 16:45 . 2012-06-11 16:4515703040----a-w-c:\windows\system32\aticaldd64.dll
    2012-06-11 16:43 . 2012-06-11 16:434729344----a-w-c:\windows\SysWow64\atiumdva.dll
    2012-06-11 16:40 . 2012-06-11 16:4013277696----a-w-c:\windows\SysWow64\aticaldd.dll
    2012-06-11 16:36 . 2011-01-26 22:216605824----a-w-c:\windows\system32\atiumd64.dll
    2012-06-11 16:27 . 2011-12-06 02:13539136----a-w-c:\windows\system32\atiadlxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26368640----a-w-c:\windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26 . 2011-12-06 02:1217920----a-w-c:\windows\system32\atig6pxx.dll
    2012-06-11 16:26 . 2012-06-11 16:2614848----a-w-c:\windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:2614848----a-w-c:\windows\system32\atiglpxx.dll
    2012-06-11 16:26 . 2011-12-06 02:1241984----a-w-c:\windows\system32\atig6txx.dll
    2012-06-11 16:26 . 2012-06-11 16:2633280----a-w-c:\windows\SysWow64\atigktxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26367616----a-w-c:\windows\system32\drivers\atikmpag.sys
    2012-06-11 16:25 . 2010-04-07 01:2254784----a-w-c:\windows\system32\atiuxp64.dll
    2012-06-11 16:25 . 2012-06-11 16:2542496----a-w-c:\windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25 . 2011-01-26 22:1245056----a-w-c:\windows\system32\atiu9p64.dll
    2012-06-11 16:24 . 2012-06-11 16:2432768----a-w-c:\windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24 . 2012-06-11 16:2453248----a-w-c:\windows\system32\drivers\ati2erec.dll
    2012-06-11 16:23 . 2012-06-11 16:2356320----a-w-c:\windows\system32\atimpc64.dll
    2012-06-11 16:23 . 2012-06-11 16:2356320----a-w-c:\windows\system32\amdpcom64.dll
    2012-06-11 16:23 . 2012-06-11 16:2356832----a-w-c:\windows\SysWow64\atimpc32.dll
    2012-06-11 16:23 . 2012-06-11 16:2356832----a-w-c:\windows\SysWow64\amdpcom32.dll
    2012-06-09 05:43 . 2012-07-11 04:0814172672----a-w-c:\windows\system32\shell32.dll
    2012-06-09 01:18 . 2012-06-09 01:211261568----a-w-c:\windows\system\SYNSOACC.dll
    2012-06-06 06:06 . 2012-07-11 04:082004480----a-w-c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 04:081881600----a-w-c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 04:081133568----a-w-c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 04:081390080----a-w-c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 04:081236992----a-w-c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 04:08805376----a-w-c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-23 14:1638424----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-23 14:162428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-23 14:1657880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-23 14:1644056----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-23 14:16186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-23 14:16701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-23 14:162622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-23 14:1636864----a-w-c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-23 14:1699840----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 12:49 . 2012-07-11 04:4517807360----a-w-c:\windows\system32\mshtml.dll
    2012-06-02 12:17 . 2012-07-11 04:4510924032----a-w-c:\windows\system32\ieframe.dll
    2012-06-02 12:12 . 2012-07-11 04:452311680----a-w-c:\windows\system32\jscript9.dll
    2012-06-02 12:05 . 2012-07-11 04:451346048----a-w-c:\windows\system32\urlmon.dll
    2012-06-02 12:05 . 2012-07-11 04:451392128----a-w-c:\windows\system32\wininet.dll
    2012-06-02 12:04 . 2012-07-11 04:451494528----a-w-c:\windows\system32\inetcpl.cpl
    2012-06-02 12:04 . 2012-07-11 04:45237056----a-w-c:\windows\system32\url.dll
    2012-06-02 12:03 . 2012-07-11 04:4585504----a-w-c:\windows\system32\jsproxy.dll
    2012-06-02 12:01 . 2012-07-11 04:45173056----a-w-c:\windows\system32\ieUnatt.exe
    2012-06-02 12:00 . 2012-07-11 04:45818688----a-w-c:\windows\system32\jscript.dll
    2012-06-02 11:59 . 2012-07-11 04:452144768----a-w-c:\windows\system32\iertutil.dll
    2012-06-02 11:57 . 2012-07-11 04:4596768----a-w-c:\windows\system32\mshtmled.dll
    2012-06-02 11:57 . 2012-07-11 04:452382848----a-w-c:\windows\system32\mshtml.tlb
    2012-06-02 11:54 . 2012-07-11 04:45248320----a-w-c:\windows\system32\ieui.dll
    2012-06-02 08:33 . 2012-07-11 04:451800192----a-w-c:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25 . 2012-07-11 04:451129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-06-02 08:25 . 2012-07-11 04:451427968----a-w-c:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-11 04:45142848----a-w-c:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-11 04:452382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:50 . 2012-07-11 04:08458704----a-w-c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 04:0895600----a-w-c:\windows\system32\drivers\ksecdd.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-14_05.09.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-05-22 04:00 . 2012-08-14 06:1871070 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-08-14 06:1833590 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-05-22 03:54 . 2012-08-14 06:1827716 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2922222807-1611373505-41519391-1001_UserData.bin
    - 2012-08-14 05:08 . 2012-08-14 05:082048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-15 00:48 . 2012-08-15 00:482048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-15 00:48 . 2012-08-15 00:482048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-14 05:08 . 2012-08-14 05:082048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-05-23 04:25 . 2012-08-15 00:27623514 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    - 2009-07-14 02:36 . 2012-08-14 01:27637962 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-08-15 00:33637962 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-08-14 01:27112436 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-08-15 00:33112436 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-08-14 05:07494312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-15 00:47494312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2010-07-23 15:28 . 2012-08-15 00:475622784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2010-07-23 15:28 . 2012-08-14 05:075622784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2010-11-08 02:45 . 2012-08-15 00:4713675856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2922222807-1611373505-41519391-1001-12288.dat
    - 2010-11-08 02:45 . 2012-08-14 05:0713675856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2922222807-1611373505-41519391-1001-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "P17RunE"="P17RunE.dll" [2008-03-28 14848]
    "CTSysVol"="c:\program files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
    "CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{EC6D5F08-1694-431F-8200-3B0A8A61AC5A}\AMBSPISyncService.exe" [2008-08-12 1233199]
    "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-02-03 237693]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
    .
    c:\users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2012-7-14 0]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
    R3 ALSysIO;ALSysIO;c:\users\Will\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-05 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-05 79360]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-05-29 25992]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-06-06 1038088]
    R3 L6PODX3LV;POD X3 Live Service;c:\windows\system32\Drivers\L6PODX3LV64.sys [2010-09-07 770816]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
    R3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt64.sys [2009-09-17 25600]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1255736]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-23 834544]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6144]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 9216]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
    S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-10-31 79360]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 02:52]
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922222807-1611373505-41519391-1001Core.job
    - c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17 00:28]
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922222807-1611373505-41519391-1001UA.job
    - c:\users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-17 00:28]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 2342800]
    "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2007-11-23 16896]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://mail.yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\0ov6jb1g.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.http - 24.113.173.21
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 2
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
    36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
    "{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
    68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
    f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:74,89,dc,08,7c,22,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:3c,1d,71,90,85,83,3d,03,1e,6d,51,b8,11,cc,50,9e,1f,ea,a1,72,db,
    7b,3a,37,c7,b6,cc,0c,af,b5,9e,5b,df,8e,a6,7b,ee,9d,89,0c,1a,c9,13,18,40,b0,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:3c,1d,71,90,85,83,3d,03,1e,6d,51,b8,11,cc,50,9e,1f,ea,a1,72,db,
    7b,3a,37,c7,b6,cc,0c,af,b5,9e,5b,df,8e,a6,7b,ee,9d,89,0c,1a,c9,13,18,40,b0,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Will\AppData\Local\Google\Chrome\Application\chrome.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-14 17:54:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-15 00:54
    ComboFix2.txt 2012-08-14 05:15
    .
    Pre-Run: 87,573,622,784 bytes free
    Post-Run: 87,190,953,984 bytes free
    .
    - - End Of File - - 03BB114BDBDE8AF72BBB533365A053D8
     
     
  12. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Looks good :)

    Any current issues?

    ================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. stormgarde

    stormgarde TS Rookie Topic Starter

    Everything seems to be running smoothly! Thanks again for all your help!

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.12.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Will :: MIDIAN [administrator]

    8/14/2012 6:27:21 PM
    mbam-log-2012-08-14 (18-27-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199237
    Time elapsed: 1 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  14. Broni

    Broni Malware Annihilator Posts: 46,860   +254

  15. Broni

    Broni Malware Annihilator Posts: 46,860   +254

  16. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.