Google redirecting and desktop.ini infection

Inactive
By nsrguy
Sep 6, 2011
Topic Status:
Not open for further replies.
  1. Hi, I have been struggling with this problem for about 5 days and have read the instructions in the six step preliminary removal link and have pasted results below, hoping you are able to help me please. as per instructions i installed avast free and that cleared a few problems, butI want to make sure its completely clean now, thankyou

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7661

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    6/09/2011 3:17:07 PM
    mbam-log-2011-09-06 (15-17-07).txt

    Scan type: Quick scan
    Objects scanned: 182086
    Time elapsed: 2 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    gmer.log was empty

    is it just a log of the first scan when the programme starts or do I need to do a different scan?

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 22/12/2010 5:28:54 PM
    System Uptime: 6/09/2011 12:59:02 PM (3 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | G53JW
    Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | Socket 989 | 1734/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 116 GiB total, 42.742 GiB free.
    D: is FIXED (NTFS) - 328 GiB total, 279.875 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 233 GiB total, 75.292 GiB free.
    G: is FIXED (NTFS) - 233 GiB total, 144.942 GiB free.
    H: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Windows Firewall Authorization Driver
    Device ID: ROOT\LEGACY_MPSDRV\0000
    Manufacturer:
    Name: Windows Firewall Authorization Driver
    PNP Device ID: ROOT\LEGACY_MPSDRV\0000
    Service: mpsdrv
    .
    ==== System Restore Points ===================
    .
    RP127: 3/09/2011 4:22:03 PM - Windows Update
    RP128: 6/09/2011 9:56:26 AM - RegRun Virus Scan
    RP129: 6/09/2011 10:06:19 AM - RegRun Virus Scan
    RP130: 6/09/2011 10:36:40 AM - RegRun Virus Scan
    RP131: 6/09/2011 11:07:33 AM - Removed Microsoft Flight Simulator X: Acceleration
    RP132: 6/09/2011 11:17:40 AM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2 MUI
    Advanced JPEG Compressor 2009 r.3
    Amazon Kindle For PC v1.0
    Apple Application Support
    Apple Software Update
    ASUS AI Recovery
    ASUS AP Bank
    ASUS LifeFrame3
    ASUS Live Update
    ASUS MultiFrame
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS WebStorage
    Asus_GSeries_Screensaver
    ATK Package
    µTorrent
    avast! Free Antivirus
    Boilsoft Video Joiner 6.34
    Boingo Wi-Fi
    Bookworm Deluxe
    Choice Guard
    ControlDeck
    Cooking Dash
    CyberLink LabelPrint
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink WaveEditor
    DAEMON Tools Lite
    DirectX 9 Runtime
    DiRT 3
    DVD43 Plug-in v1.0.0.5
    eMule
    ExpressGate Cloud
    FileZilla Client 3.4.0
    FinalBurner Free v2.24.0.195
    Free M4a to MP3 Converter 6.1
    FreeRIP v3.5
    Game Park Console
    Governor of Poker
    Grand Theft Auto IV
    Grand Theft Auto IV - Episodes From Liberty City
    Guitar Pro 6
    Hotel Dash Suite Success
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 23
    Jewel Quest 3
    Junk Mail filter update
    Luxor 3
    Mahjongg dimensions
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MediaMonkey 3.2
    MegaTrainer eXperience V1.0.4.0c
    Microsoft Flight Simulator X
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MotoGP 08
    Mozilla Firefox 6.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser (KB973685)
    Need for Speed(TM) Hot Pursuit
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OpenAL
    Opera 11.50
    Pinball Master 3D
    Plants vs Zombies
    QuickTime
    Rapture3D 2.4.8 Game
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    Rockstar Games Social Club
    Roxio AACS Certificate
    Roxio Activation Module
    Roxio CinePlayer
    Samsung Kies
    SBK®2011 FIM Superbike World Championship
    SBK®X Superbike World Championship
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    SHIFT 2 UNLEASHED™
    Skype Toolbars
    Skype™ 5.3
    SmartSound Quicktracks 5
    Spybot - Search & Destroy
    syncables desktop SE
    THX TruStudio
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    USB2.0 2.0M UVC WebCam
    VideoCam Suite 2.0
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.6
    Vuze
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinFlash
    Wireless Console 3
    World of Goo
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/09/2011 9:57:02 AM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\regguard.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/09/2011 3:01:48 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    6/09/2011 2:53:17 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    6/09/2011 2:53:17 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    6/09/2011 12:02:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    6/09/2011 12:02:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    6/09/2011 10:34:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Partizan
    5/09/2011 9:02:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8007ba0060, 0xfffff80000b9c518, 0xfffffa800d140010). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090511-19437-01.
    5/09/2011 11:38:00 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    5/09/2011 11:37:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    5/09/2011 11:37:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    5/09/2011 11:37:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/09/2011 11:37:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    5/09/2011 11:37:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr sptd Wanarpv6
    5/09/2011 11:37:42 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    5/09/2011 11:37:22 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    5/09/2011 11:35:06 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    5/09/2011 11:34:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    5/09/2011 11:34:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    5/09/2011 11:34:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf
    5/09/2011 11:34:31 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/09/2011 11:34:31 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/09/2011 11:34:31 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    5/09/2011 11:34:31 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/09/2011 11:34:31 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/09/2011 11:34:31 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    5/09/2011 11:34:31 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/09/2011 11:34:31 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/09/2011 11:34:31 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/09/2011 11:34:31 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    .
    ==== End Of File ===========================


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by nsrguy21 at 15:31:46 on 2011-09-06
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.8117.6031 [GMT 10:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\bgsvcgen.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
    C:\Windows\WebCam\S6000\S6000Mnt.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\nsrguy21\Desktop\f72q6xyy.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://asus.msn.com
    uDefault_Page_URL = hxxp://asus.msn.com
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [UnHackMe Monitor] C:\Program Files (x86)\UnHackMe\hackmon.exe
    uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
    mRun: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
    mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIDEOC~1.LNK - G:\p\VideoCamSuiteAutoStart.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Open using &Advanced JPEG Compressor - D:\Advanced JPEG Compressor\ajcieex.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5D5F7791-9EFB-486A-B27F-69EB730AC41A} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5D5F7791-9EFB-486A-B27F-69EB730AC41A}\7514250535451425D2631433644413 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{5D5F7791-9EFB-486A-B27F-69EB730AC41A}\875627F6 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{7501F80C-8C28-43EF-B248-F1AFB1FB011F} : DhcpNameServer = 10.5.50.1 203.24.100.125 203.123.69.15
    TCP: Interfaces\{E78E3B09-FF2B-4510-9689-C239AEE61A9F} : NameServer = 61.122.241.179,61.122.241.180
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
    mRun-x64: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
    mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\nsrguy21\AppData\Roaming\Mozilla\Firefox\Profiles\wy8zr472.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 32997937;32997937;C:\Windows\system32\DRIVERS\32997937.sys --> C:\Windows\system32\DRIVERS\32997937.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-6 42184]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-6 366640]
    R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [2011-2-18 386344]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-5 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-7 235624]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-5 2314240]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 S6000KNT;S6000KNT_WebCam Driver;C:\Windows\system32\Drivers\S6000KNT.sys --> C:\Windows\system32\Drivers\S6000KNT.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    R3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-5 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-5 79360]
    S3 dgderdrv;dgderdrv;C:\Windows\system32\drivers\dgderdrv.sys --> C:\Windows\system32\drivers\dgderdrv.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-12-22 24176]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
    S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2011-7-23 16392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-09-06 05:13:02 -------- d-----w- C:\Users\nsrguy21\AppData\Roaming\Malwarebytes
    2011-09-06 05:12:57 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-09-06 05:12:57 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-09-06 05:12:53 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-09-06 05:12:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-09-06 01:18:00 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-09-06 01:18:00 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-09-06 01:17:51 40112 ----a-w- C:\Windows\avastSS.scr
    2011-09-06 01:17:46 -------- d-----w- C:\ProgramData\AVAST Software
    2011-09-06 01:17:46 -------- d-----w- C:\Program Files\AVAST Software
    2011-09-06 00:19:07 -------- d-----w- C:\Program Files (x86)\Trojan Remover
    2011-09-05 23:57:09 37600 ----a-w- C:\Windows\System32\Partizan.exe
    2011-09-05 23:53:01 2 --shatr- C:\Windows\winstart.bat
    2011-09-05 23:52:56 -------- d-----w- C:\Program Files (x86)\UnHackMe
    2011-09-05 13:09:50 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2011-09-05 13:09:28 460888 ----a-w- C:\Windows\System32\drivers\32997937.sys
    2011-09-05 12:22:24 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-09-05 12:22:24 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-09-05 12:01:24 -------- d--h--w- C:\ProgramData\Common Files
    2011-09-05 11:57:37 -------- d-----w- C:\ProgramData\MFAData
    2011-09-03 06:22:44 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1676DBD-54FB-4B9D-8A0D-EC931C150D47}\mpengine.dll
    2011-09-02 04:29:39 -------- d-sh--w- C:\ProgramData\SecuROM
    2011-09-02 04:22:14 -------- d-----we C:\Windows\system64
    2011-08-31 03:50:05 -------- d-----w- C:\Anuman Interactive
    2011-08-29 06:32:49 -------- d-sh--w- C:\ProgramData\DSS
    2011-08-29 06:32:48 -------- d-----w- C:\ProgramData\Codemasters
    2011-08-29 06:27:52 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
    2011-08-29 06:27:52 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
    2011-08-29 06:27:51 -------- d-----w- C:\Program Files (x86)\BRS
    2011-08-29 06:27:50 -------- d-----w- C:\Program Files (x86)\OpenAL
    2011-08-29 06:27:49 809496 ----a-r- C:\Windows\SysWow64\tmpFCF.tmp
    2011-08-27 10:58:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2011-08-27 10:58:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2011-08-27 10:58:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2011-08-27 10:58:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2011-08-27 10:58:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2011-08-27 10:58:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2011-08-27 10:58:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2011-08-24 05:42:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-08-24 05:42:51 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-08-24 02:59:11 -------- d-----w- C:\Users\nsrguy21\AppData\Roaming\Guitar Pro 6
    2011-08-24 02:59:11 -------- d-----w- C:\ProgramData\Guitar Pro 6
    2011-08-23 23:51:20 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
    2011-08-23 23:51:20 785368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-08-23 23:51:20 478168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-08-23 23:51:20 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
    2011-08-23 23:51:20 1846232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2011-08-23 23:51:20 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
    2011-08-23 23:51:20 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-08-23 23:51:19 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2011-08-23 11:14:48 -------- d-----w- C:\Windows\Internet Logs
    2011-08-23 03:54:42 -------- d-----w- C:\Users\nsrguy21\AppData\Roaming\CheckPoint
    2011-08-23 03:41:49 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
    2011-08-23 03:41:18 456280 ----a-w- C:\Windows\System32\drivers\~GLH0023.TMP
    2011-08-23 03:40:46 -------- d-----w- C:\ProgramData\CheckPoint
    2011-08-11 08:29:50 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-08-11 08:27:55 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-08-11 08:27:54 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-08-11 08:27:54 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-08-08 08:02:02 -------- d-----w- C:\Users\nsrguy21\AppData\Roaming\RSS
    2011-08-08 07:59:57 1519616 ----a-w- C:\Windows\SysWow64\6.dat
    2011-08-08 07:59:57 132880 ----a-w- C:\Windows\SysWow64\2.dat
    2011-08-08 07:59:56 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
    2011-08-07 23:35:32 -------- d-----w- C:\ProgramData\ASUS
    2011-08-07 23:35:31 -------- d-----w- C:\Users\nsrguy21\AppData\Local\ASUS
    .
    ==================== Find3M ====================
    .
    2011-09-06 02:55:09 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-07-05 08:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-07-05 08:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
    2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 15:32:44.71 ===============
  2. nsrguy

    nsrguy Newcomer, in training Topic Starter

    gmer.log

    i think i figured out the correct gmer log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-09-06 16:10:47
    Windows 6.1.7600
    Running: f72q6xyy.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06db29d7a
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x21 0x43 0x67 0xC8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x79 0x85 0x43 0xE1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0x80 0x5B 0x3E ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06db29d7a (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0x14 0xBB 0x22 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x79 0x85 0x43 0xE1 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF6 0x17 0x0A 0x0E ...

    ---- EOF - GMER 1.0.15 ----
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll help with the redirect. Please note the following:

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    You do not indicate the problem with desktop.ini. but if you are seeing the icon for the on your desktop, it's because you have the 'show hidden files and folders' checked:>>>
    Click on the Control Panel or Tools in IE to access Folder Options> then click on View tab> check 'do not show hidden files and folders'> Check 'Hide protected system files (Recommended)> Apply> OK
    ======================================
    Okay, let me go over a couple of points with you:
    1.You have the RegRun Security Suite installed It appears to include an antivirus program> Therefore you did not have to install Avast. So get the AV down to one functioning, updated antivirus and uninstall the other.If you decide to keep RegRun, please disable the registry cleaning feature.
    2. P2P 'file sharing Warning:
    You have 3 file sharing programs on the system:
    µTorrent
    eMule
    Vuze

    Please disable all of these or better, uninstall them while I am helping clean the system:

    • I suggest that you uninstall them for the following reasons:
    • Even if you are using a "safe" P2P program, it is only the program that is safe.
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.
    Please read the information on P2P Warning to help you better understand these dangers.
    =============================================
    3. The Java is out of date> The current version is v6u27. Please update now: Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    -----------------------------------
    There will be malware in the Java cache< so it should be emptied:
    1. . Click Start > Control Panel.
    2. . Double-click the Java icon [​IMG] in the Control Panel.
    3. . Click Settings under Temporary Internet Files.
      http://www.java.com/en/img/download/5000020303.jpg[/b]
      There are three options on this window to clear the cache.(Version dependent)
      [o]. Delete Files
      [o]. View Applications
      [o]. View Applets
      [*]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [*]. Click OK on Temporary Files Settings window. [/list]
      ============================================
      Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, [b]if needed[/b][list]
      [*] Click START> then RUN
      [*] Now type [b]Combofix /Uninstall[/b] in the runbox and click OK. Note the space between the X and the U, it needs to be there.[/list]
      --------------------------------------
      [b]Download Combofix from [url=http://www.bleepingcomputer.com/download/anti-virus/combofix]HERE[/url] or [url=http://www.forospyware.com/sUBs/ComboFix.exe]HERE[/b][/url] and save to the desktop[list]
      [*]Double click combofix.exe & follow the prompts.
      [*] ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      [b]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/b]
      [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      [*]Once installed, you should see a blue screen prompt that says:
      [b]The Recovery Console was successfully installed.[/b]
      [*].Click on Yes, to continue scanning for malware
      [*].If Combofix asks you to [B]update[/B] the program, [B]allow[/B]
      [*].[b]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.[/b]
      [*].Close any open browsers.
      [*].Double click [b]combofix.exe[/b][IMG]http://www.bleepstatic.com/combofix/en/cf-icon.jpg & follow the prompts to run.
    4. When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    Please leave logs for Combofix and the Eset scan in th next reply.
    Note- if the reference to desktop.ini is different from what I went over, please explain.
  4. nsrguy

    nsrguy Newcomer, in training Topic Starter

    desktop.ini

    Hi,
    thankyou for your advice and steps to take, it is really appreciated.

    upon checking your reply you said to uninstall one of the antivirus products on my system, I have no recollection of installing regrun and cant find it in the add remove programs list.

    In regards to the desktop.ini that was picked up in avast boot time scan which reported

    c:\Windows\assembly\GAC_32\desktop.ini
    c:\Windows\assembly\GAC_64\desktop.ini

    Threat Win32-malware-gen
    Error - the file was not repaired\deleted (42060)

    Also this pops up every 10 minutes or so with avast
    Infection DetailsURL: file://C:%5CWindows%5Cassembly%5Ctmp%5CU%5C800000cf.@
    Process: file://C:%5CWindows%5CSystem32%5Ccsrss.exe
    Infection: win32:Malware-gen

    I have also updated Java and removed all previos versions as instructed, am now downloading combofix and will post details soon, thankyou again
  5. nsrguy

    nsrguy Newcomer, in training Topic Starter

    combofix log

    Here is the combofix log

    ComboFix 11-09-06.03 - nsrguy21 07/09/2011 1:50.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.8117.5384 [GMT 10:00]
    Running from: c:\users\nsrguy21\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
    c:\programdata\FullRemove.exe
    c:\users\nsrguy21\AppData\Roaming\inst.exe
    c:\windows\system32\consrv.dll
    c:\windows\System64
    c:\windows\SysWow64\muzapp.exe
    D:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-06 15:57 . 2011-09-06 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-06 15:39 . 2011-09-06 15:39 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-09-06 05:13 . 2011-09-06 05:13 -------- d-----w- c:\users\nsrguy21\AppData\Roaming\Malwarebytes
    2011-09-06 05:12 . 2011-09-06 05:12 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-06 05:12 . 2011-07-06 09:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-09-06 05:12 . 2011-09-06 05:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-09-06 05:12 . 2011-07-06 09:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-06 01:18 . 2011-07-04 11:36 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 01:18 . 2011-07-04 11:32 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-06 01:18 . 2011-07-04 11:32 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 01:18 . 2011-07-04 11:35 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 01:18 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 01:18 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 01:18 . 2011-07-04 11:32 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-06 01:17 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
    2011-09-06 01:17 . 2011-07-04 11:43 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-09-06 01:17 . 2011-09-06 01:17 -------- d-----w- c:\programdata\AVAST Software
    2011-09-06 01:17 . 2011-09-06 01:17 -------- d-----w- c:\program files\AVAST Software
    2011-09-06 00:19 . 2011-09-06 03:09 -------- d-----w- c:\program files (x86)\Trojan Remover
    2011-09-05 23:57 . 2011-09-05 23:57 37600 ----a-w- c:\windows\system32\Partizan.exe
    2011-09-05 23:53 . 2011-09-05 23:53 2 --shatr- c:\windows\winstart.bat
    2011-09-05 23:52 . 2011-09-06 01:11 -------- d-----w- c:\program files (x86)\UnHackMe
    2011-09-05 13:09 . 2011-09-05 13:09 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-09-05 13:09 . 2011-09-05 04:59 460888 ----a-w- c:\windows\system32\drivers\32997937.sys
    2011-09-05 12:22 . 2011-09-05 13:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-09-05 12:22 . 2011-09-05 13:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-09-05 12:01 . 2011-09-05 12:01 -------- d--h--w- c:\programdata\Common Files
    2011-09-05 11:57 . 2011-09-05 14:03 -------- d-----w- c:\programdata\MFAData
    2011-09-03 06:22 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1676DBD-54FB-4B9D-8A0D-EC931C150D47}\mpengine.dll
    2011-09-02 04:29 . 2011-09-02 04:29 -------- d-sh--w- c:\programdata\SecuROM
    2011-08-31 03:50 . 2011-08-31 03:50 -------- d-----w- C:\Anuman Interactive
    2011-08-29 06:32 . 2011-08-29 06:32 -------- d-sh--w- c:\programdata\DSS
    2011-08-29 06:32 . 2011-08-29 06:32 -------- d-----w- c:\programdata\Codemasters
    2011-08-29 06:27 . 2011-03-19 05:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
    2011-08-29 06:27 . 2010-09-22 03:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
    2011-08-29 06:27 . 2011-08-29 06:27 -------- d-----w- c:\program files (x86)\BRS
    2011-08-29 06:27 . 2011-08-29 06:27 -------- d-----w- c:\program files (x86)\OpenAL
    2011-08-29 06:27 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmpFCF.tmp
    2011-08-27 10:58 . 2011-08-27 10:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2011-08-27 10:58 . 2011-08-27 10:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2011-08-27 10:58 . 2011-08-27 10:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2011-08-27 10:58 . 2011-08-27 10:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2011-08-27 10:58 . 2011-08-27 10:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2011-08-27 10:58 . 2011-08-27 10:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2011-08-27 10:58 . 2011-08-27 10:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2011-08-27 10:58 . 2011-08-27 10:58 -------- d-----w- c:\program files (x86)\QuickTime
    2011-08-27 10:58 . 2011-08-27 10:58 -------- d-----w- c:\programdata\Apple Computer
    2011-08-27 10:56 . 2011-08-27 10:56 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-08-24 05:42 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-24 05:42 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-08-24 02:59 . 2011-08-24 03:02 -------- d-----w- c:\users\nsrguy21\AppData\Roaming\Guitar Pro 6
    2011-08-24 02:59 . 2011-08-24 03:02 -------- d-----w- c:\programdata\Guitar Pro 6
    2011-08-23 23:51 . 2011-09-05 10:25 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2011-08-23 23:51 . 2011-09-05 10:25 785368 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-08-23 23:51 . 2011-09-05 10:25 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-08-23 23:51 . 2011-09-05 10:25 1846232 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2011-08-23 23:51 . 2011-09-05 10:25 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2011-08-23 23:51 . 2011-09-05 10:25 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-08-23 23:51 . 2011-08-12 03:16 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
    2011-08-23 23:51 . 2011-08-12 03:16 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2011-08-23 11:14 . 2011-08-23 11:14 -------- d-----w- c:\windows\Internet Logs
    2011-08-23 03:54 . 2011-08-23 03:54 -------- d-----w- c:\users\nsrguy21\AppData\Roaming\CheckPoint
    2011-08-23 03:41 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-08-23 03:41 . 2010-06-09 09:16 456280 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
    2011-08-23 03:40 . 2011-08-23 03:40 -------- d-----w- c:\programdata\CheckPoint
    2011-08-11 08:29 . 2011-06-21 06:27 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-08-11 08:27 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-11 08:27 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-08-11 08:27 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-08-08 08:02 . 2011-08-08 08:02 -------- d-----w- c:\users\nsrguy21\AppData\Roaming\RSS
    2011-08-08 07:59 . 2007-06-08 06:15 1519616 ----a-w- c:\windows\SysWow64\6.dat
    2011-08-08 07:59 . 2004-03-09 05:45 132880 ----a-w- c:\windows\SysWow64\2.dat
    2011-08-08 07:59 . 2001-08-23 04:00 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
    2011-08-07 23:35 . 2011-08-07 23:35 -------- d-----w- c:\programdata\ASUS
    2011-08-07 23:35 . 2011-08-07 23:35 -------- d-----w- c:\users\nsrguy21\AppData\Local\ASUS
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-06 15:59 . 2010-12-22 07:29 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2011-07-18 19:05 . 2011-01-13 13:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-07-16 04:32 . 2011-08-11 08:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-05 08:37 . 2011-07-05 08:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-07-05 08:37 . 2011-07-05 08:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2011-06-28 05:32 . 2011-07-23 03:07 81122288 ----a-w- c:\users\nsrguy21\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
    2011-06-11 02:56 . 2011-07-17 00:17 3134464 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-05 2429]
    "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-03-24 899072]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-08-12 1597440]
    "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-06-12 84464]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    VideoCam Suite 2.0.lnk - g:\p\VideoCamSuiteAutoStart.exe [2011-2-18 181592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux9"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 50833902;50833902; [x]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-05 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-05 79360]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 icsak;icsak; [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-06 24176]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
    R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-12-20 16392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 32997937;32997937;c:\windows\system32\DRIVERS\32997937.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\Cyberlink\Shared files\RichVideo64.exe [2010-08-19 386344]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-06 235624]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
    S3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b6122a1-1a2a-11e0-8159-806e6f6e6963}]
    \shell\AutoRun\command - H:\pinballmaster3d_setup.exe
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
    "THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    "combofix"="c:\combofix\CF396.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://asus.msn.com
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Open using &Advanced JPEG Compressor - d:\advanced jpeg compressor\ajcieex.htm
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{E78E3B09-FF2B-4510-9689-C239AEE61A9F}: NameServer = 61.122.241.179,61.122.241.180
    FF - ProfilePath - c:\users\nsrguy21\AppData\Roaming\Mozilla\Firefox\Profiles\wy8zr472.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-UnHackMe Monitor - c:\program files (x86)\UnHackMe\hackmon.exe
    Wow6432Node-HKLM-Run-S6000Mnt - S6000Rmv.dll
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    .
    .
    "ImagePath"="\"c:\program files\Cyberlink\Shared files\RichVideo64.exe\"\00Z
    [\]^_¸\00\00¸\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~¸\00\00¸\00\00\00\00f\00\00\00\00\00\00\00\00‘’“"
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\SysWOW64\bgsvcgen.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
    c:\windows\WebCam\S6000\S6000Mnt.exe
    c:\windows\AsScrPro.exe
    c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe
    c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-07 02:04:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-06 16:04
    .
    Pre-Run: 49,008,939,008 bytes free
    Post-Run: 48,312,012,800 bytes free
    .
    - - End Of File - - C8D5AE7CA33D7FAFDA8ED754D3CDAA71


    After the scan ran and rebooted itself malwarebytes poped up with an option to ignore or quarantine this file

    C:\PROGRAM FILES (X86)\MEGADEV\MD-TRAINERS\MT-X\MT-EXPERIENCE.EXE (TROJAN.AVKILLER.GEN)

    im guessing yes to quarantine but will await your advice, i know the file it is a game trainer i used rarely a couple of months ago and am happy to also uninstall as i dont use anymore

    As for the eset online scanner i have run it in IE and is currently stuck on 99% for about 15mins with 0 infections so far, maybe this is waiting for the malwarebytes quarantine choice before completing?, but should i also run in fireox and opera (the browsers i was having redirecting issues with)?

    thanks
  6. nsrguy

    nsrguy Newcomer, in training Topic Starter

    Eset online

    Hi, eset finished without any infected or suspicious files, thanks
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    RegRun Virus Scan
    These restore points were set;
    RP128: 6/09/2011 9:56:26 AM - RegRun Virus Scan
    RP129: 6/09/2011 10:06:19 AM - RegRun Virus Scan
    RP130: 6/09/2011 10:36:40 AM - RegRun Virus Scan


    You also installed UnHackMe from Greatis and Trojan Remover on the same date.
    Please uninstall the previous program you ran. I don't want them running in the background.
    ====================================================
    Regarding GAC:
    c:\Windows\assembly\GAC_32\desktop.ini
    c:\Windows\assembly\GAC_64\desktop.ini
    See Windows Explorer and the Global Assembly Cache (GAC) for instructions in handling.
    =================================================
    Were you using any antivirus program before you installed Avast? RP132: 6/09/2011 11:17:40 AM - avast! Free Antivirus Setup
    I note c:\programdata\Kaspersky Lab on 9/5/2011.
    ===============================================
    After Combofix: "malwarebytes poped up with an option to ignore or quarantine this file"

    C:\PROGRAM FILES (X86)\MEGADEV\MD-TRAINERS\MT-X\MT-EXPERIENCE.EXE (TROJAN.AVKILLER.GEN)

    The scan we have you run with malwarebytes is not the full version with real time protection. Did you activate the full version with real-time protection, scheduled scanning, and scheduled updating. For consumers and personal use, it is a one time fee of $24.95?

    Security programs are supposed to be disabled while running Combofix> Had you disabled them and then enable them already?

    "am happy to also uninstall as i dont use anymore" It's good practice to remove programs you no longer use.
    ==========================================
    Please run this Security Check:
    Download Security Check by screen317 from one of these links:
    Link1
    Link 2
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  8. nsrguy

    nsrguy Newcomer, in training Topic Starter

    checkup

    Results of screen317's Security Check version 0.99.18
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 27
    Flash Player Out of Date!
    Adobe Flash Player 10.2.153.1
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Adobe Reader 9.0 Reader plug_ins\AvastSvc.exe -?-
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````

    I have uninstalled the unhackme and trojan remover. I tried kaspesky but it caused conflicts with some of my games, so I will be buying malwarebytes this weekend also. so I wasn't using any antivirus for a couple of months it seems.

    I had also disabled all the security programs while running combofix.

    The browser redirecting has stopped in opera and firefox now, when we are finished should I install new versions of the browsers also?

    Thankyou for your time
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Perhaps you were in a trial for Malwarebytes? I can't tell which version of Firefox you have, so you should check for updated version> I don't think you need to reinstall the browsers.

    What are you using from Check Point? The most common product from them is Zone Alarm> usually firewall, but they do have other security products.
    ==============================
    I'm finishing up some script for you to run through Combofix and there's a block of entries I need to check out:
    Can you ID the following:
    2011-08-29 06:32 . c:\programdata\DSS
    2011-08-29 06:27 . c:\program files (x86)\BRS
    ======================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\SysWow64\tmpFCF.tmp
    c:\windows\system32\Partizan.exe
    c:\windows\winstart.bat
    DDS::
    uRun: [UnHackMe Monitor] C:\Program Files (x86)\UnHackMe\hackmon.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    FileLook::
    c:\windows\system32\drivers\32997937.sys
    Folder::
    c:\program files (x86)\UnHackMe
    c:\program files (x86)\Trojan Remover
    c:\programdata\Kaspersky Lab
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"=-"
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.