TechSpot

[Close] Removed Trojan.FakeAlert but still having problems

By lesterw
Jan 8, 2012
  1. On the 5th while I was browsing the internet (Not sure what site as I had several windows open - was searching for a wordpress theme) a pdf opened up and I got a lot of fake errors about windows.

    I rebooted and ran mbam in safe mode and here is the log:
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8322

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    05/01/2012 08:19:56
    mbam-log-2012-01-05 (08-19-55).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 695275
    Time elapsed: 1 hour(s), 13 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FiqVFmUcesohLm.exe (Trojan.FakeAlert) -> Value: FiqVFmUcesohLm.exe -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\fiqvfmucesohlm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\administrator\AppData\LocalLow\Sun\Java\deployment\cache\6.0\28\6110149c-62685924 (Trojan.FakeAlert) -> Quarantined and deleted successfully.


    I then ran unhide.exe to restore my start menu (read about that on another board).

    However my internet is still pretty slow especially using firefox and every so often I get a popup window telling me I am a winner or I can take one of the last free trials (not related to the site I'm on). Also sometimes when I do a Google search and click on a link, I get redirected to a different site.

    I have tried running Avast Antirootkit, but it won't start even in safe mode.

    Here is the mbam log from today:
    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.08.02

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Administrator :: DEFAULT [administrator]

    08/01/2012 12:20:57
    mbam-log-2012-01-08 (12-20-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 200328
    Time elapsed: 4 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    and the GMER (note that most of the check boxes were greyed out (even in safe mode) I could only run it with Services, Registry and Files ticked:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-08 12:56:51
    Windows 6.1.7600
    Running: xc37gd9f.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd60111e7
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x82 0x1D 0x63 0xED ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0x9E 0x31 0x2E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x18 0x2B 0xE2 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd60111e7 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x82 0x1D 0x63 0xED ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6E 0x9E 0x31 0x2E ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x18 0x2B 0xE2 ...

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\7IDN32Y3.txt 0 bytes
    File C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\570FKOVV.txt 67 bytes

    ---- EOF - GMER 1.0.15 ----

    Also when ever I restart the laptop, mbam stops working when I click the link I get an error about a missing mbam .sys file and I have to reinstall

    Hope you can help.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help with the malware, but will start off with 2 cautions:

    1. Do not follow instructions given to someone on another thread. Although we may have you run some of the same programs, we review the logs and give the user specific information for their problem. That includes the scan that are run, the order they are run in and any paticulars for that user only.

    2. Please do not run any scans or cleaning programs while I am helping you except for those I instruct you to run.
    =========================================
    I am not sure whether you are working from our thread so here it is:

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    You do not mention running DDS. Please refer to the link in the thread> it will produce 2 logs. Programs are to be run in Normal Mode unless told otherwise.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ====================================
    Please disable Avast Antirootkit,
    ==================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ==========================================
    You do not need to rerun GMER or MAlwarebytes again at this time. Please leave logs for DDS (2), Combofix and Eset in your next reply.
    ==========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  3. lesterw

    lesterw TS Rookie Topic Starter

    Thanks for agreeing to help me.

    DDS logs:

    DDS.txt:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Run by Administrator at 21:02:48 on 2012-01-08
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4021.1920 [GMT 0:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    D:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
    C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneLauncher.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    D:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe
    C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bigpond.com/
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = 69.147.249.24:49331
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - D:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - D:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
    uRun: [PC Suite Tray] "D:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    mRun: [VTP] C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneLauncher.exe watcher
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
    mRun: [BigPondWirelessBroadbandCM] "D:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - D:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - G:\Program Files\WinZip\WZQKPICK.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append to existing PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    Trusted Zone: rbworld.lv\www
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {FDF08AD8-FF1A-11D3-AD38-00105A49098D} - hxxps://www.rbworld.lv/MSSignData.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DBDFCA2D-86FE-480E-A9E4-AB240CD71FFD} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DBDFCA2D-86FE-480E-A9E4-AB240CD71FFD}\254514130343636575D2646314642464 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DBDFCA2D-86FE-480E-A9E4-AB240CD71FFD}\77C616E6D21607 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{EE8AD5A7-6272-40C3-ADF9-DED29FFD5448} : DhcpNameServer = 61.9.133.193 61.9.195.193
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    mRun-x64: [VTP] C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneLauncher.exe watcher
    mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
    mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
    mRun-x64: [BigPondWirelessBroadbandCM] "D:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" -tsr
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\62gtt5dw.default\
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
    R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-12-29 14904]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
    R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-9-2 308080]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-29 2314240]
    R3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 136176]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
    S2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-23 652872]
    S2 OracleDBConsoledove02;OracleDBConsoledove02;D:\app\Administrator\product\11.2.0\dbhome_1\BIN\nmesrvc.exe [2010-8-18 49152]
    S2 OracleJobSchedulerDOVE02;OracleJobSchedulerDOVE02;d:\app\administrator\product\11.2.0\dbhome_1\Bin\extjob.exe DOVE02 --> d:\app\administrator\product\11.2.0\dbhome_1\Bin\extjob.exe DOVE02 [?]
    S2 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;D:\app\Administrator\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS="EXTPROC_DLLS=ONLY:D:\app\Administrator\product\11.2.0\dbhome_1\bin\oraclr11.dll" --> D:\app\Administrator\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=EXTPROC_DLLS=ONLY:D:\app\Administrator\product\11.2.0\dbhome_1\bin\oraclr11.dll [?]
    S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;D:\app\Administrator\product\11.2.0\dbhome_1\BIN\TNSLSNR --> D:\app\Administrator\product\11.2.0\dbhome_1\BIN\TNSLSNR [?]
    S2 OracleServiceDOVE02;OracleServiceDOVE02;d:\app\administrator\product\11.2.0\dbhome_1\bin\ORACLE.EXE DOVE02 --> d:\app\administrator\product\11.2.0\dbhome_1\bin\ORACLE.EXE DOVE02 [?]
    S2 OracleVssWriterDOVE02;Oracle DOVE02 VSS Writer Service;d:\app\administrator\product\11.2.0\dbhome_1\bin\OraVSSW.exe DOVE02 --> d:\app\administrator\product\11.2.0\dbhome_1\bin\OraVSSW.exe DOVE02 [?]
    S3 ActionReplayDS;ActionReplayDS;C:\Windows\system32\Drivers\ActionReplayDS_x64.sys --> C:\Windows\system32\Drivers\ActionReplayDS_x64.sys [?]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 136176]
    S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\system32\DRIVERS\ewusbdev.sys --> C:\Windows\system32\DRIVERS\ewusbdev.sys [?]
    S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 swiwdmbus;Sierra Wireless USB Composite Bus;C:\Windows\system32\DRIVERS\swiwdmbusx64.sys --> C:\Windows\system32\DRIVERS\swiwdmbusx64.sys [?]
    S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\system32\DRIVERS\swnc8ua3.sys --> C:\Windows\system32\DRIVERS\swnc8ua3.sys [?]
    S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\system32\DRIVERS\swumxa3.sys --> C:\Windows\system32\DRIVERS\swumxa3.sys [?]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S4 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe [2009-12-29 44312]
    S4 VodafoneConnectorService;Vodafone Connector Service;C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneConnectorService.exe [2008-12-1 233472]
    .
    =============== File Associations ===============
    .
    vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    jsefile\shell\open2\command=C:\Windows\System32\CScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-01-08 12:09:36 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{623A3DF7-DB2D-422C-BE2B-E5C6AED3029A}\offreg.dll
    2012-01-08 03:21:09 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
    2012-01-07 23:54:16 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2012-01-07 23:37:47 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2012-01-07 15:19:11 -------- d--h--w- C:\ProgramData\Common Files
    2012-01-07 15:15:29 -------- d-----w- C:\ProgramData\AVG2012
    2012-01-07 14:56:59 -------- d-----w- C:\ProgramData\MFAData
    2012-01-07 01:42:13 -------- d-----w- C:\Users\Administrator\AppData\Local\Mozilla
    2012-01-06 13:31:05 -------- d-----w- C:\Program Files (x86)\ESET
    2012-01-06 13:01:49 388096 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-06 07:55:01 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{623A3DF7-DB2D-422C-BE2B-E5C6AED3029A}\mpengine.dll
    2012-01-05 19:50:49 -------- d-s---w- C:\ComboFix
    2012-01-05 19:46:48 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-12-27 00:18:03 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Affilorama
    2011-12-15 11:04:06 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-15 11:04:01 1197568 ----a-w- C:\Windows\System32\wininet.dll
    2011-12-15 11:04:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-12-15 11:02:24 3141632 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-15 11:02:23 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-15 11:02:22 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-15 11:02:20 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-15 11:02:20 2048 ----a-w- C:\Windows\System32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2012-01-07 22:02:53 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2011-12-15 11:29:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-23 22:50:00 6534 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
    2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
    2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
    2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
    .
    ============= FINISH: 21:11:45.32 ===============
     
  4. lesterw

    lesterw TS Rookie Topic Starter

    DDS attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 04/02/2010 08:42:44
    System Uptime: 08/01/2012 20:50:29 (1 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | N61Jq
    Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | Socket 989 | 1600/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 51.142 GiB free.
    D: is FIXED (NTFS) - 432 GiB total, 367.2 GiB free.
    E: is Removable
    F: is CDROM ()
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP386: 05/01/2012 19:52:32 - ComboFix created restore point
    RP387: 06/01/2012 07:54:34 - Windows Update
    RP388: 06/01/2012 12:44:02 - Removed AGT Pro - Betfair
    RP389: 06/01/2012 13:01:42 - Installed HiJackThis
    RP390: 07/01/2012 15:07:37 - Installed AVG 2012
    RP391: 07/01/2012 15:11:38 - Installed AVG 2012
    RP392: 07/01/2012 23:06:14 - Removed AVG 2012
    RP393: 07/01/2012 23:10:46 - Removed AVG 2012
    RP394: 07/01/2012 23:35:56 - Installed Ad-Aware
    RP395: 07/01/2012 23:37:22 - Installed Ad-Aware
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ÊÍÏíË áÜ Microsoft Office Excel 2007 Help (KB963678)
    ÊÍÏíË áÜ Microsoft Office Powerpoint 2007 Help (KB963669)
    ÊÍÏíË áÜ Microsoft Office Word 2007 Help (KB963665)
    2007 Microsoft Office system
    Acrobat.com
    Action Replay Code Manager
    Activation Assistant for the 2007 Microsoft Office suites
    Actualização do Microsoft Office Excel 2007 Help (KB963678)
    Actualização do Microsoft Office Powerpoint 2007 Help (KB963669)
    Actualização do Microsoft Office Word 2007 Help (KB963665)
    Ad-Aware
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe After Effects CS3 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Recommended Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Extra Settings
    Adobe Contribute CS3
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader 9.3.1 MUI
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Version Cue CS3 Server
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    Alcor Micro USB Card Reader
    Alice Greenfingers
    Apple Application Support
    Apple Software Update
    ASUS AI Recovery
    ASUS AP Bank
    ASUS CopyProtect
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS MultiFrame
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Video Magic
    ASUS Virtual Camera
    ASUS_N_Series_Screensaver
    ATK Generic Function Service
    ATK Hotkey
    ATK Media
    ATKOSD2
    Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
    Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
    Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
    Atualização do produto Microsoft Office Word 2007 Help (KB963665)
    AutoCashAndroid Platinum
    AviSynth 2.5
    AVStoDVD 2.3.0
    BettorsBot
    Bing Bar
    Camtasia Studio 6
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chicken Invaders v1.30
    Choice Guard
    ControlDeck
    CyberLink LabelPrint
    CyberLink MediaShow Espresso
    CyberLink Power2Go
    CyberLink PowerDVD 9
    DPG 3.0
    Dream Day Wedding Married in Manhattan
    e-Record 6
    ESET Online Scanner v3
    Express Gate
    FileZilla Client 3.3.3
    FLV Player 2.0 (build 25)
    Game Park Console
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    GoToMeeting 4.5.0.452
    GoWin!The Football Forecaster Deluxe Edition 2011
    Hama Double Action Air Grip
    HiJackThis
    Horse Racing Crazy Bot
    Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
    ImageMixer 3 SE Ver.3
    ImgBurn
    Impact PopUp 1.0
    Intel(R) Management Engine Components
    Island Wars 2
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) SE Development Kit 6 Update 18
    Junk Mail filter update
    LMT Internet
    Malwarebytes Anti-Malware version 1.60.0.1800
    Marble Blast Gold Demo (remove only)
    MarketFeeder Pro 6.4.1
    MarketFeederPro 6.5.0.23
    Meridian Software
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Arabic) 2007
    Microsoft Office Access MUI (Chinese (Simplified)) 2007
    Microsoft Office Access MUI (Chinese (Traditional)) 2007
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (French) 2007
    Microsoft Office Access MUI (Portuguese (Brazil)) 2007
    Microsoft Office Access MUI (Portuguese (Portugal)) 2007
    Microsoft Office Access MUI (Spanish) 2007
    Microsoft Office Access MUI (Thai) 2007
    Microsoft Office Access MUI (Turkish) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel 2007 Help ¸üР(KB963678)
    Microsoft Office Excel 2007 Help ©ºÑºÍѾഷ (KB963678)
    Microsoft Office Excel 2007 Help Actualización (KB963678)
    Microsoft Office Excel 2007 Help Güncelleþtirmesi (KB963678)
    Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678)
    Microsoft Office Excel MUI (Arabic) 2007
    Microsoft Office Excel MUI (Chinese (Simplified)) 2007
    Microsoft Office Excel MUI (Chinese (Traditional)) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (French) 2007
    Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
    Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
    Microsoft Office Excel MUI (Spanish) 2007
    Microsoft Office Excel MUI (Thai) 2007
    Microsoft Office Excel MUI (Turkish) 2007
    Microsoft Office IME (Chinese (Simplified)) 2007
    Microsoft Office IME (Chinese (Traditional)) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook 2007 Help ¸üР(KB963677)
    Microsoft Office Outlook 2007 Help Actualización (KB963677)
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Arabic) 2007
    Microsoft Office Outlook MUI (Chinese (Simplified)) 2007
    Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (French) 2007
    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
    Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
    Microsoft Office Outlook MUI (Spanish) 2007
    Microsoft Office Outlook MUI (Thai) 2007
    Microsoft Office Outlook MUI (Turkish) 2007
    Microsoft Office Powerpoint 2007 Help ¸üР(KB963669)
    Microsoft Office Powerpoint 2007 Help ©ºÑºÍѾഷ (KB963669)
    Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
    Microsoft Office Powerpoint 2007 Help Güncelleþtirmesi (KB963669)
    Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669)
    Microsoft Office PowerPoint 2007 §ó·sµ{¦¡ (KB963669)
    Microsoft Office PowerPoint MUI (Arabic) 2007
    Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
    Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (French) 2007
    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
    Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
    Microsoft Office PowerPoint MUI (Spanish) 2007
    Microsoft Office PowerPoint MUI (Thai) 2007
    Microsoft Office PowerPoint MUI (Turkish) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (Arabic) 2007
    Microsoft Office Proof (Basque) 2007
    Microsoft Office Proof (Catalan) 2007
    Microsoft Office Proof (Chinese (Simplified)) 2007
    Microsoft Office Proof (Chinese (Traditional)) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Galician) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Portuguese (Brazil)) 2007
    Microsoft Office Proof (Portuguese (Portugal)) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Thai) 2007
    Microsoft Office Proof (Turkish) 2007
    Microsoft Office Proofing (Arabic) 2007
    Microsoft Office Proofing (Chinese (Simplified)) 2007
    Microsoft Office Proofing (Chinese (Traditional)) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (French) 2007
    Microsoft Office Proofing (Portuguese (Brazil)) 2007
    Microsoft Office Proofing (Portuguese (Portugal)) 2007
    Microsoft Office Proofing (Spanish) 2007
    Microsoft Office Proofing (Thai) 2007
    Microsoft Office Proofing (Turkish) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Arabic) 2007
    Microsoft Office Publisher MUI (Chinese (Simplified)) 2007
    Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (French) 2007
    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
    Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
    Microsoft Office Publisher MUI (Spanish) 2007
    Microsoft Office Publisher MUI (Thai) 2007
    Microsoft Office Publisher MUI (Turkish) 2007
    Microsoft Office Shared MUI (Arabic) 2007
    Microsoft Office Shared MUI (Chinese (Simplified)) 2007
    Microsoft Office Shared MUI (Chinese (Traditional)) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (French) 2007
    Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
    Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
    Microsoft Office Shared MUI (Spanish) 2007
    Microsoft Office Shared MUI (Thai) 2007
    Microsoft Office Shared MUI (Turkish) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word 2007 Help ¸üР(KB963665)
    Microsoft Office Word 2007 Help ©ºÑºÍѾഷ (KB963665)
    Microsoft Office Word 2007 Help Actualización (KB963665)
    Microsoft Office Word 2007 Help Güncelleþtirmesi (KB963665)
    Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665)
    Microsoft Office Word 2007 §ó·sµ{¦¡ (KB963665)
    Microsoft Office Word MUI (Arabic) 2007
    Microsoft Office Word MUI (Chinese (Simplified)) 2007
    Microsoft Office Word MUI (Chinese (Traditional)) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (French) 2007
    Microsoft Office Word MUI (Portuguese (Brazil)) 2007
    Microsoft Office Word MUI (Portuguese (Portugal)) 2007
    Microsoft Office Word MUI (Spanish) 2007
    Microsoft Office Word MUI (Thai) 2007
    Microsoft Office Word MUI (Turkish) 2007
    Microsoft Office XP Web Components
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual Basic 2010 Express - ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)
    Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
    Mise à jour Microsoft Office Word 2007 Help (KB963665)
    Moyea Flash Video MX Pro Version: 5.0.16.932
    Mozilla Firefox 9.0.1 (x86 en-GB)
    MSVC80_x86_v2
    MSVC90_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    NEC Electronics USB 3.0 Host Controller Driver
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    OpenOffice.org 3.2
    Oracle Data Provider for .NET Help
    PC Connectivity Solution
    PDF Settings
    Peltarion Synapse
    Piggly
    PL/SQL Developer
    Playinator 3 Professional
    QuickTime
    RapidMiner 5
    Realtek High Definition Audio Driver
    S3 Ripper 2.0
    Safari
    Safebet Investment Plan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
    Simpo PDF to Word 2.0.1.0
    Skype™ 5.5
    Smileyville
    Solid MP4 Video Converter 3.8.5
    SONIC HEROES
    SONIC HEROES TRIAL
    Swarm 3.0
    Swarm Spawn 1.0.0
    Telstra Mobile Broadband Manager
    TextPad 5
    The Staking Machine V2.0
    TheBestSpinner
    Traffic Travis 4.1.0
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update or Uninstall SENukeX
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 1.0.5
    Vodafone Mobile Connect Smartplug
    Vodafone Mobile Connect via the phone
    Web CEO 8.1
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinFlash
    WinRAR archiver
    Wireless Console 3
    Yahoo! Messenger
    Yahoo!7 Messenger
    YouTube Downloader 2.7.4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    08/01/2012 21:02:36, Error: Service Control Manager [7034] - The OracleDBConsoledove02 service terminated unexpectedly. It has done this 1 time(s).
    08/01/2012 20:59:16, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    08/01/2012 20:54:39, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
    08/01/2012 20:54:39, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
    08/01/2012 13:20:45, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    08/01/2012 11:53:43, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    08/01/2012 11:50:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    08/01/2012 11:50:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    08/01/2012 11:50:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    08/01/2012 11:50:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    08/01/2012 11:50:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    08/01/2012 11:49:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    08/01/2012 11:49:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
    08/01/2012 11:49:49, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    08/01/2012 11:49:49, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    08/01/2012 11:49:49, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    08/01/2012 11:49:49, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    08/01/2012 11:49:49, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    08/01/2012 11:49:49, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    08/01/2012 11:49:49, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    08/01/2012 11:49:42, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    08/01/2012 11:49:42, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    08/01/2012 11:49:42, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    08/01/2012 11:49:42, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    08/01/2012 11:49:23, Error: sptd [4] - Driver detected an internal error in its data structures for .
    08/01/2012 08:13:00, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    07/01/2012 22:48:11, Error: Service Control Manager [7022] - The Intel(R) Management & Security Application User Notification Service service hung on starting.
    07/01/2012 22:04:18, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
    07/01/2012 21:59:19, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    07/01/2012 21:59:15, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    07/01/2012 21:59:15, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    07/01/2012 21:59:10, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    07/01/2012 15:46:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx64 Avgmfx64 Avgtdia cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
    07/01/2012 15:44:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    07/01/2012 15:44:59, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/01/2012 15:44:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
    07/01/2012 15:44:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
    07/01/2012 15:44:29, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/01/2012 15:43:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiServiceHost service.
    07/01/2012 15:43:59, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/01/2012 15:43:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    07/01/2012 15:43:29, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/01/2012 15:42:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    07/01/2012 15:42:59, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/01/2012 15:42:29, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    07/01/2012 15:42:29, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/01/2012 15:41:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ServiceLayer service to connect.
    07/01/2012 15:41:58, Error: Service Control Manager [7000] - The ServiceLayer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/01/2012 15:36:40, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
    06/01/2012 23:29:01, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    06/01/2012 07:43:07, Error: Service Control Manager [7023] - The OracleMTSRecoveryService service terminated with the following error: The wait operation timed out.
    05/01/2012 11:31:32, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    05/01/2012 11:25:09, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    05/01/2012 08:29:48, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
    05/01/2012 08:26:48, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.
    05/01/2012 08:24:48, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
    05/01/2012 08:24:48, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    05/01/2012 08:24:48, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    05/01/2012 08:24:48, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    05/01/2012 08:23:33, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Location Awareness service, but this action failed with the following error: An instance of the service is already running.
    05/01/2012 08:23:32, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    05/01/2012 08:23:32, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    05/01/2012 08:23:32, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    05/01/2012 08:23:32, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    05/01/2012 07:04:04, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf
    04/01/2012 05:29:28, Error: Service Control Manager [7034] - The OracleOraDb11g_home1TNSListener service terminated unexpectedly. It has done this 1 time(s).
    04/01/2012 05:29:00, Error: Service Control Manager [7034] - The Oracle DOVE02 VSS Writer Service service terminated unexpectedly. It has done this 1 time(s).
    04/01/2012 05:28:56, Error: Service Control Manager [7034] - The OracleOraDb11g_home1ClrAgent service terminated unexpectedly. It has done this 1 time(s).
    04/01/2012 05:28:53, Error: Service Control Manager [7034] - The OracleServiceDOVE02 service terminated unexpectedly. It has done this 1 time(s).
    04/01/2012 04:41:52, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.1.1.4 with the system having network hardware address 00-24-01-EE-D1-0F. Network operations on this system may be disrupted as a result.
    01/01/2012 04:37:49, Error: Service Control Manager [7034] - The OracleMTSRecoveryService service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  5. lesterw

    lesterw TS Rookie Topic Starter

    ComboFix log:

    ComboFix 12-01-07.03 - Administrator 08/01/2012 21:35:17.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4021.2176 [GMT 0:00]
    Running from: c:\users\Administrator\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Common Files\ASPG_icon.ico
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-08 22:16 . 2012-01-08 22:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{623A3DF7-DB2D-422C-BE2B-E5C6AED3029A}\offreg.dll
    2012-01-08 03:21 . 2012-01-08 03:21 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
    2012-01-07 23:54 . 2012-01-07 23:53 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2012-01-07 23:37 . 2011-12-23 07:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2012-01-07 23:37 . 2012-01-07 23:37 -------- d-----w- c:\programdata\Lavasoft
    2012-01-07 15:19 . 2012-01-07 15:19 -------- d--h--w- c:\programdata\Common Files
    2012-01-07 15:15 . 2012-01-07 23:14 -------- d-----w- c:\programdata\AVG2012
    2012-01-07 14:56 . 2012-01-07 23:13 -------- d-----w- c:\programdata\MFAData
    2012-01-07 01:42 . 2012-01-07 01:42 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
    2012-01-06 13:31 . 2012-01-06 13:31 -------- d-----w- c:\program files (x86)\ESET
    2012-01-06 13:01 . 2012-01-06 13:01 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-06 07:55 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{623A3DF7-DB2D-422C-BE2B-E5C6AED3029A}\mpengine.dll
    2011-12-27 00:18 . 2011-12-27 00:18 -------- d-----w- c:\users\Administrator\AppData\Roaming\Affilorama
    2011-12-15 11:29 . 2011-12-15 11:29 -------- d-----w- c:\windows\system32\Macromed
    2011-12-15 11:04 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 11:04 . 2011-11-05 05:26 1197568 ----a-w- c:\windows\system32\wininet.dll
    2011-12-15 11:04 . 2011-11-05 04:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-12-15 11:02 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 11:02 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 11:02 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-15 11:02 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 11:02 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-07 22:02 . 2010-02-07 22:48 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2011-12-15 11:29 . 2011-05-31 12:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-25 20:10 . 2011-11-25 20:10 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
    2011-11-23 22:50 . 2010-06-03 23:10 6534 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
    2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-01-22 210192]
    "PC Suite Tray"="d:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
    "VTP"="c:\program files (x86)\Vodafone\Via The Phone\VodafoneLauncher.exe" [2008-12-01 204800]
    "UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-11-13 210216]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\Cyberlink\PowerDVD9\Language\Language.exe" [2009-04-28 50472]
    "BigPondWirelessBroadbandCM"="d:\program files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" [2011-04-19 6606232]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ImageMixer 3 SE Camera Monitor Ver.3.lnk - d:\program files (x86)\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe [2010-5-24 253952]
    SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2009-12-29 156952]
    WinZip Quick Pick.lnk - g:\program files\WinZip\WZQKPICK.EXE [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-01-07 2152152]
    R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS_x64.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
    R3 BlackBox;BlackBox SR2; [x]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
    R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbusx64.sys [x]
    R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [x]
    R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [x]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    R4 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
    R4 VodafoneConnectorService;Vodafone Connector Service;c:\program files (x86)\Vodafone\Via The Phone\VodafoneConnectorService.exe [2008-12-01 233472]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
    S2 OracleDBConsoledove02;OracleDBConsoledove02;d:\app\Administrator\product\11.2.0\dbhome_1\bin\nmesrvc.exe [2010-03-02 49152]
    S2 OracleJobSchedulerDOVE02;OracleJobSchedulerDOVE02;d:\app\administrator\product\11.2.0\dbhome_1\Bin\extjob.exe DOVE02 [x]
    S2 OracleOraDb11g_home1ClrAgent;OracleOraDb11g_home1ClrAgent;d:\app\Administrator\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe [2010-02-28 38400]
    S2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;d:\app\Administrator\product\11.2.0\dbhome_1\BIN\TNSLSNR [x]
    S2 OracleServiceDOVE02;OracleServiceDOVE02;d:\app\administrator\product\11.2.0\dbhome_1\bin\ORACLE.EXE DOVE02 [x]
    S2 OracleVssWriterDOVE02;Oracle DOVE02 VSS Writer Service;d:\app\administrator\product\11.2.0\dbhome_1\bin\OraVSSW.exe DOVE02 [x]
    S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-09-02 308080]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 08:15]
    .
    2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 08:15]
    .
    2012-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1087994414-33227477-2167509355-500Core.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 03:05]
    .
    2012-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1087994414-33227477-2167509355-500UA.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 03:05]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
    "Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-10-25 60264]
    "EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
    "combofix"="c:\combofix\CF23054.3XE" [2009-07-14 344576]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bigpond.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = 69.147.249.24:49331
    IE: Append to existing PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - d:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: rbworld.lv\www
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DBDFCA2D-86FE-480E-A9E4-AB240CD71FFD}: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DBDFCA2D-86FE-480E-A9E4-AB240CD71FFD}\254514130343636575D2646314642464: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DBDFCA2D-86FE-480E-A9E4-AB240CD71FFD}\77C616E6D21607: DhcpNameServer = 192.168.1.254
    DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
    DPF: {FDF08AD8-FF1A-11D3-AD38-00105A49098D} - hxxps://www.rbworld.lv/MSSignData.cab
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\62gtt5dw.default\
    .
    .
    ------- File Associations -------
    .
    vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
    jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home1ClrAgent]
    "ImagePath"="d:\app\Administrator\product\11.2.0\dbhome_1\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 ENVS=\"EXTPROC_DLLS=ONLY:d:\app\Administrator\product\11.2.0\dbhome_1\bin\oraclr11.dll\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb11g_home1TNSListener]
    "ImagePath"="d:\app\Administrator\product\11.2.0\dbhome_1\BIN\TNSLSNR "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,6a,1d,47,5b,09,f1,40,94,c4,60,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,6a,1d,47,5b,09,f1,40,94,c4,60,\
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AVI"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\TextPad.exe"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Excel.CSV"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="dat_auto_file"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Word.Document.8"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htaccess\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="htaccess_auto_file"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="inffile"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\TextPad.exe"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\TextPad.exe"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\TextPad.exe"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.m3u"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M4A"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\vlc.exe"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nns\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\TextPad.exe"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ORA\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ORA_auto_file"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.php\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="php_auto_file"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TPM\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="TPM_auto_file"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ttffile"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1087994414-33227477-2167509355-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\EXCEL.EXE"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    d:\app\administrator\product\11.2.0\dbhome_1\Bin\extjob.exe
    d:\app\Administrator\product\11.2.0\dbhome_1\bin\omtsreco.exe
    d:\app\Administrator\product\11.2.0\dbhome_1\BIN\TNSLSNR.exe
    d:\app\administrator\product\11.2.0\dbhome_1\bin\ORACLE.EXE
    d:\app\administrator\product\11.2.0\dbhome_1\bin\OraVSSW.exe
    d:\app\Administrator\product\11.2.0\dbhome_1\bin\extproc.EXE
    d:\app\Administrator\product\11.2.0\dbhome_1\perl\bin\perl.exe
    d:\app\Administrator\product\11.2.0\dbhome_1\jdk\bin\java.exe
    d:\app\Administrator\product\11.2.0\dbhome_1\bin\emagent.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
    c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
    c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
    c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    c:\windows\AsScrPro.exe
    c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-08 22:50:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-08 22:50
    ComboFix2.txt 2012-01-05 11:53
    .
    Pre-Run: 54,815,404,032 bytes free
    Post-Run: 54,529,019,904 bytes free
    .
    - - End Of File - - 10815BBA0697B9B6D148A66E8C99D0D2

    No log from ESET: No Threats found.

    More information on the mbam error I get on start up: mbamswissarmyknife,sys not found.

    The problem of being redicrected to other sites from licks clicked in Google search is also present in Internet Explorer, but not in Chrome.
     
  6. lesterw

    lesterw TS Rookie Topic Starter

    OK, I think I have managed to fix it.

    I tried various rootkit finders /fixers but they all wouldn't start (perhaps becuase I am running Windows 7 64 bit? Or maybe it was the virus)

    Eventually I read about someone with the same problem - searches being redirected - and they suggested Kaspersky TDSSKiller

    I downloaded and ran it and it found a rootkit in my Windows system32 folder. It fixed it and my laptop appears back to normal.

    The mbam problem was fixed by running mbam-clean.exe from the mbam site and reinstalling.

    So unless you think I need to run more checks, you can close this thread.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The subject of this thread is: Removed Trojan.FakeAlert but still having problems.

    I cautioned you about following someone else's instructions.

    This thread is closed.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...