MalwareBytes scan causes shutdown of computer

Solved
By skybluecodeflyr
Apr 17, 2012
Topic Status:
Not open for further replies.
  1. Hey all,

    I tried doing a full scan with Malwarebytes yesterday and at some point while it was running, my computer shut down/restarted. There was no warning, no dialog box or anything. It just shut down. I ran a scan with Bitdefender Plus 2012- nothing. So this morning I uninstalled Malwarebytes, reinstalled it fresh, and went through your preliminary process for cleaning a computer (http://www.techspot.com/community/t...lware-preliminary-removal-instructions.58138/), and the results of the scans are listed below.

    As a side note, I have had a problem recently with my fonts which is detailed here: http://superuser.com/questions/406790/garbled-mismatched-text-in-firefox-and-visual-studio-2010. For some reason that problem is not appearing anymore- I've run all kinds of scans, but nothing has come up, it just seemed to resolve itself ??. But that issue could be totally unrelated and not even malware.

    Thank you so much beforehand! And if I'm barking up the wrong tree, let me know. Anyways, here are the results of the initial scans:

    Malwarebytes "Quick Scan":

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.17.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    wiebe :: WIEBE-SIRIUSPC [administrator]

    4/17/2012 8:30:42 AM
    mbam-log-2012-04-17 (08-30-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 215812
    Time elapsed: 2 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    -------------------------------------------------------------------------------
    The GMER initial scan picked up nothing.
    -------------------------------------------------------------------------------
    DDS.txt:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by wiebe at 8:49:14 on 2012-04-17
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8097.5211 [GMT -6:00]
    .
    AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
    FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\GManager.exe
    C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
    C:\Program Files (x86)\Switch Mouse Driver\KMWDSrv.exe
    C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\System32\vds.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
    C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
    C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
    C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Ditto\Ditto.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\USBChargerPlus\UsbChargerPlus.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
    C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
    C:\Program Files (x86)\Switch Mouse Driver\SwitchMouseMonitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [instanteyedropper] "C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe"
    uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [Ditto] C:\Program Files\Ditto\Ditto.exe
    mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [USBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
    mRun: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
    mRun: [SWitchMouse] "C:\Program Files (x86)\Switch Mouse Driver\SwitchMouseMonitor.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVOLUE~1.LNK - C:\Windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{515DBB04-B991-460C-A056-251C3682A34C} : DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{E62469E9-0580-4BF9-B748-E94FA08E5142} : DhcpNameServer = 10.0.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO-X64: IESpeakDoc - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO-X64: Google Dictionary Compression sdch - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun-x64: [USBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
    mRun-x64: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
    mRun-x64: [SWitchMouse] "C:\Program Files (x86)\Switch Mouse Driver\SwitchMouseMonitor.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\wiebe\AppData\Roaming\Mozilla\Firefox\Profiles\rp5lin0z.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 assd;assd;C:\Windows\system32\drivers\assd.sys --> C:\Windows\system32\drivers\assd.sys [?]
    R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
    R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
    R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
    R0 mctkmdldr;mctkmdldr;C:\Windows\system32\drivers\mctkmdldr64.sys --> C:\Windows\system32\drivers\mctkmdldr64.sys [?]
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
    R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
    R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
    R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
    R1 EUFDDISK;EUFDDISK;\??\C:\Windows\system32\drivers\EuFdDisk.sys --> C:\Windows\system32\drivers\EuFdDisk.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
    R2 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-1-7 61064]
    R2 GManager;GManager;C:\Windows\system32\GManager.exe --> C:\Windows\system32\GManager.exe [?]
    R2 Guard Agent;Guard Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-1-7 23176]
    R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files (x86)\Switch Mouse Driver\KMWDSrv.exe [2012-1-10 193024]
    R2 MCTDesktopSvr;MCTDesktopSvr;C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [2012-4-13 199296]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-5 2009704]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-23 1153368]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-5 2656280]
    R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-13 66096]
    R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
    R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
    R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\Windows\system32\drivers\EvoMouseDriverMini.sys --> C:\Windows\system32\drivers\EvoMouseDriverMini.sys [?]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 mctkmd;mctkmd;C:\Windows\system32\drivers\mctkmd64.sys --> C:\Windows\system32\drivers\mctkmd64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 t1pusb64;Trigger 1+ Graphics Card;C:\Windows\system32\drivers\t1pusb64.sys --> C:\Windows\system32\drivers\t1pusb64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
    S3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
    S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
    S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
    S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
    S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\Windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys --> C:\Windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    SUnknown mbamchameleon;mbamchameleon; [x]
    .
    =============== Created Last 30 ================
    .
    2012-04-17 14:25:15 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-17 14:25:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-04-12 03:37:09 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-12 03:37:09 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-12 03:37:09 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-04-12 03:37:09 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-12 03:37:09 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-12 03:37:09 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-12 03:37:09 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-10 15:26:50 -------- d-----w- C:\Users\wiebe\AppData\Roaming\Ditto
    2012-04-10 15:26:46 -------- d-----w- C:\Program Files\Ditto
    2012-04-10 15:08:53 -------- d-----w- C:\Program Files (x86)\FileSeek
    2012-04-05 15:02:24 -------- d-----w- C:\Program Files (x86)\FontFrenzy
    2012-04-03 12:09:28 -------- d-----w- C:\bd_logs
    2012-04-02 19:54:15 -------- d-----w- C:\Users\wiebe\AppData\Roaming\SUPERAntiSpyware.com
    2012-04-02 19:53:44 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-04-02 19:53:44 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-04-02 19:42:56 967680 ----a-r- C:\Users\wiebe\AppData\Roaming\Microsoft\Installer\{0A8CA3C1-F88C-49D2-97E8-3E72A32151EA}\Snoop.exe
    2012-04-02 18:46:03 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
    2012-04-02 18:46:03 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2012-04-02 18:46:02 -------- d-----w- C:\Program Files (x86)\PC Tools
    2012-04-02 18:44:16 -------- d-----w- C:\Users\wiebe\AppData\Roaming\TestApp
    2012-04-02 18:44:16 -------- d-----w- C:\ProgramData\PC Tools
    2012-04-02 18:40:19 -------- d-----w- C:\Users\wiebe\AppData\Roaming\Malwarebytes
    2012-04-02 18:40:15 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-02 01:56:07 -------- d-----w- C:\Program Files\iPod
    2012-04-02 01:56:06 -------- d-----w- C:\Program Files\iTunes
    2012-04-02 01:56:06 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-03-30 23:24:12 489156 ----a-w- C:\ProgramData\1333148289.bdinstall.bin
    2012-03-30 23:23:40 -------- d-----w- C:\ProgramData\BDLogging
    2012-03-30 23:23:16 -------- d-----w- C:\Users\wiebe\AppData\Roaming\Bitdefender
    2012-03-30 23:23:12 -------- d-----w- C:\ProgramData\Bitdefender
    2012-03-30 23:01:39 -------- d-----w- C:\Users\wiebe\AppData\Roaming\QuickScan
    2012-03-30 23:00:26 -------- d-----w- C:\Program Files\Bitdefender
    2012-03-30 23:00:15 442088 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
    2012-03-30 23:00:15 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
    2012-03-30 22:56:07 -------- d-----w- C:\Program Files\Common Files\Bitdefender
    2012-03-30 22:53:52 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
    2012-03-30 14:48:59 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-03-30 14:21:14 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6183C802-684E-42A0-9392-F61C9FF397E7}\mpengine.dll
    2012-03-30 14:20:20 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-03-29 19:20:50 -------- d-----w- C:\Users\wiebe\AppData\Local\Microsoft_Corporation
    2012-03-23 15:23:21 -------- d-----w- C:\Program Files (x86)\Klok2
    2012-03-22 19:45:45 -------- d-----w- C:\Users\wiebe\AppData\Local\CrashRpt
    2012-03-22 19:45:32 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays
    2012-03-22 19:45:31 -------- d-----w- C:\Program Files\TortoiseSVN
    2012-03-22 19:45:31 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
    2012-03-21 02:22:46 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys
    2012-03-19 19:03:03 -------- d-----w- C:\Users\wiebe\AppData\Local\ReworkSorting
    .
    ==================== Find3M ====================
    .
    2012-04-17 03:58:17 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2012-04-14 18:49:16 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-18 20:57:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-03-14 01:31:52 311160 ----a-w- C:\Windows\System32\GManager.exe
    2012-03-08 19:38:04 135296 ----a-w- C:\Windows\System32\drivers\mctkmd64.sys
    2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-02 21:49:46 13440 ----a-w- C:\Windows\System32\drivers\u3hpatch64.sys
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-23 15:18:36 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
    2012-02-17 22:45:56 545064 ----a-w- C:\Windows\System32\drivers\avckf.sys
    2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2012-02-15 00:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
    2012-02-15 00:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
    2012-02-15 00:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
    2012-02-15 00:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
    2012-02-15 00:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
    2012-02-15 00:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
    2012-02-15 00:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
    2012-02-15 00:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
    2012-02-15 00:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
    2012-02-15 00:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
    2012-02-15 00:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
    2012-02-15 00:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin
    2012-02-15 00:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin
    2012-02-15 00:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
    2012-02-15 00:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
    2012-02-15 00:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
    2012-02-15 00:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
    2012-02-15 00:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
    2012-02-15 00:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
    2012-02-15 00:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
    2012-02-15 00:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
    2012-02-14 23:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
    2012-02-14 23:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
    2012-02-14 23:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
    2012-02-14 23:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
    2012-02-14 23:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
    2012-02-14 23:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
    2012-02-14 23:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
    2012-02-14 23:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
    2012-02-14 23:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
    2012-02-14 23:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
    2012-02-14 23:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
    2012-02-14 23:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
    2012-02-14 23:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
    2012-02-14 23:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
    2012-02-14 23:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
    2012-02-14 23:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
    2012-02-14 23:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
    2012-02-14 23:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
    2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-07 17:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2012-02-04 00:15:02 272512 ----a-w- C:\Windows\System32\U2VSvr.exe
    2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    .
    ============= FINISH: 8:49:35.34 ===============


    -----------------------------------------------------------------------------------------------------------
    Attach.txt:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/22/2011 6:34:27 PM
    System Uptime: 4/17/2012 8:12:39 AM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | U36SD
    Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz | CPU 1 | 2701/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 124 GiB total, 50.114 GiB free.
    E: is FIXED (NTFS) - 466 GiB total, 321.488 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP81: 4/8/2012 5:22:37 PM - Programs running fast
    RP82: 4/11/2012 9:37:01 PM - Windows Update
    RP83: 4/13/2012 11:17:40 AM - Removed Magic Control Technology - MWS
    RP84: 4/13/2012 11:28:45 AM - Installed Magic Control Technology - MWS
    RP85: 4/13/2012 11:28:57 AM - Device Driver Package Install: Magic Control Technology Corp. Universal Serial Bus controllers
    RP86: 4/13/2012 11:29:05 AM - Device Driver Package Install: Magic Control Technology Corp. Universal Serial Bus controllers
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ??????? Windows Live Mesh ActiveX ??(????)
    ??????? Windows Live Mesh ActiveX ???
    AceBackup 3
    Adobe AIR
    Advertising Center
    Alcor Micro USB Card Reader
    Apple Application Support
    Apple Software Update
    ASUS AI Recovery
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS USB Charger Plus
    ASUS Virtual Camera
    ASUS WebStorage
    AsusScr_U Series_ENG
    AsusVibe2.0
    Atheros Client Installation Program
    ATK Package
    Audacity 1.3.14 (Unicode)
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    Dia (remove only)
    doxygen 1.7.6.1
    EaseUS Todo Backup Free 4.0
    EQATEC Profiler
    FileSeek 2.1.3
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    GIMP 2.6.11
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Horizontal XSection
    Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    HTML Help Workshop
    ImagXpress
    Inkscape 0.48.2
    Instant Eyedropper 1.501
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    Kaxaml
    Klok 2
    Malwarebytes Anti-Malware version 1.61.0.1400
    Menu Templates - Starter Kit
    Mesh Runtime
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server System CLR Types
    Microsoft Visual C# 2010 Express - ENU
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 Express - ENU
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Service Pack 1
    Movie Templates - Starter Kit
    Mozilla Firefox 11.0 (x86 en-US)
    Mozilla Thunderbird 11.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multi-Targeting Pack for Microsoft .NET Framework 4.0.3 (KB2600213)
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express Help
    Nero InfoTool
    Nero Installer
    Nero Online Upgrade
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero Vision Help
    NeroExpress
    neroxml
    Notepad++
    Nuance PDF Reader
    QuickTime
    Realtek High Definition Audio Driver
    Sandcastle
    Sandcastle Help File Builder
    SceneSwitch
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Skype™ 5.8
    Snoop
    Sonic Focus
    Spybot - Search & Destroy
    StyleCop 4.6.3.0
    SugarSync Manager
    Switch Mouse Driver
    syncables desktop SE
    TreeSize Free V2.5
    Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211)
    Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    USB Display Device (Trigger Family) 12.01.0315.3679
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows SDK IntellisenseNFX
    WinFlash
    Wireless Console 3
    WPF Inspector 0.9.7
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/17/2012 8:42:12 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    4/17/2012 8:13:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    4/15/2012 10:47:12 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    4/14/2012 8:03:24 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    4/13/2012 10:06:56 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    .
    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I'll be glad to help you resolve this issue. Give me a few minutes to check these logs to see what our next step should be. Okay?
    -----------------------------------
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
  3. skybluecodeflyr

    skybluecodeflyr Newcomer, in training Topic Starter

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This could have been caused by a momentary power outage.

    Questions:
    1. Why were you doing the Malwarebytes scan? Did you suspect malware? Why? Or was the scan just routine.
    2. Several entries indicate this is work computer:

    1. 2012-04-02 19:42:56 967680 ----a-r- C:\Users\wiebe\AppData\Roaming\Microsoft\Installer\{0A8CA3C1-F88C-49D2-97E8-3E72A32151EA}\Snoop.exe
    Added by the Spyware.Snoop surveillance program. You should uninstall this program immediately if you did not install it yourself:
    Spyware.Snoop must be manually installed. It is a spyware program that monitors user activity, such as URLs visited and emails sent. It also logs keystrokes and sends the logs to a predefined email address.

    2. 2012-04-05 15:02:24 -------- d-----w- C:\Program Files (x86)\FontFrenzy
    This program removes and stores all fonts except those that were present when Windows was first installed.

    3. 2012-03-23 15:23:21 -------- d-----w- C:\Program Files (x86)\Klok2>> Klok Desktop Application>> Keep track of your time.

    4. 2012-03-19 19:03:03 -------- d-----w- C:\Users\wiebe\AppData\Local\ReworkSorting?

    5. Instanteyedropper.exe with description> InstantEyedropper.exe is a process file from an unknown company belonging to an unknown product.
    The file is not digitally signed. This file is not signed by it's author. It is a small utility called Instant Eyedropper that runs in your system tray and will let you easily select a color from anywhere on the screen.

    6. 2012-04-10 15:26:46 -------- d-----w- C:\Program Files\Ditto>> Ditto is an extension to the standard windows clipboard.

    7. 2012-04-10 15:08:53 -------- d-----w- C:\Program Files (x86)\FileSeek
    FileSeek was designed to be a lightning fast, small and super easy to use tool. It can even be integrated right into the Windows Explorer right-click menu to provide quick and easy access. Search for text string matches inside any kind of file. Match Regular Expressions inside any kind of file.
    ========================================================
    I would appreciate it if you would give me some information about the use of this system, if you are working in an office environment, if you are connecting to an office network..
  5. skybluecodeflyr

    skybluecodeflyr Newcomer, in training Topic Starter

    This is a laptop (so a momentary power failure couldn't be the cause) for my use at work. We don't have IT here, as we are a small company (to be honest, I AM the IT here, informally). We have no office network at all.

    The reason I was trying to run Malwarebytes was because I didn't have time to run it at my usual time this last Friday. It was just a routine scan. I actually tried to run it several times and the computer shut down each time (though I didn't always witness the shut-down directly- sometimes I was away from my computer doing other things). I haven't tried a full scan since I re-installed it. I can try that if you would like.

    By the way, Snoop.exe was installed intentionally by me - it is a utility that I use in my development work http://snoopwpf.codeplex.com/. FontFrenzy was an attempt to deal with the problems indicated in the link I sent you to superuser.com. That attempt failed- in fact I had to do a system restore to get my fonts back in line, and it didn't solve any of the strange screen problems. The strange screen problems have since inexplicably disappeared. Klok2 is legit. ReworkSorting- I don't know why it is storing data there- it is a small example program in C# I downloaded for help with my work. The other three were all for help at work.

    Do you have a policy against helping people with their work computers? If so, I apologize, I'm just trying to find some help.
  6. skybluecodeflyr

    skybluecodeflyr Newcomer, in training Topic Starter

    I have been extra-touchy about potential malware since the issue described on superuser.com, so that's partly my reason for posting here. Thanks for your help!
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    No, TechSpot doesn't have a written policy about not working on Work computer. However, I do have some of my own. There have been times when a computer tech is working on a 'client's computer' and can't resolve the problem so posts a thread for us to handle it. Then when fixed, the tech gives the now clean and well-running system back to the client and gets paid for fixing it.

    There are also time when a user want to bypass the IT in the office> this happens for various reason. Depending on the reason, I will either continue or refer them back to the IT. Since I volunteer my help here, I don't see any problems with this.

    The programs I asked about are legitimate, but a couple fit descriptions of software that could also have been installed by others. Because of this, it is my practice to question the user.There can also be a possible conflict with some work software and Windows files.

    These logs are all clean. However, you can run the following if you'd like:
    I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

    Download AppRemoverand save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.
    Temporary AV: Use one:
    Microsoft Security Essentials
    Comodo AV
    Avast! Free Antivirus
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HEREand save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =============================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===============================================
    When I suggested a momentary power failure, I was referring to the electric company, not the laptop. However, it the laptop was running on battery and not connected electrically the entire time you were running Malwarebytes, then an electrical interruption could not have been an issue.
    ================================================
    Please leave the Combofix and Eset scan logs in your next reply.
  8. skybluecodeflyr

    skybluecodeflyr Newcomer, in training Topic Starter

    Ok, thanks for the clarification. I can understand your reasons for asking.

    I don't have the program AVG running on my computer- I have Bitdefender running. Do I need to uninstall that and install Avast! or some other antivirus?
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    No sorry- you don't have to uninstall BitDefender. Just about everyone I've helped today had AVG- that was my mistake.

    You do need to disable the security though, per the directions before you run the scans.
  10. skybluecodeflyr

    skybluecodeflyr Newcomer, in training Topic Starter

    No problem. I will do those scans a little later today. Thanks!
  11. skybluecodeflyr

    skybluecodeflyr Newcomer, in training Topic Starter

    By the way, I have had my external drive (drive E) connected during this for the last couple days. ComboFix quarantined some files from it- will the harddrive still work if those files are removed? How do you re-install the autorun?

    ESET:
    C:\Users\wiebe\Downloads\Unlocker1.9.1-x64.exe a variant of Win32/Toolbar.Babylon application

    ComboFix:

    ComboFix 12-04-17.01 - wiebe 04/17/2012 15:41:46.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8097.5009 [GMT -6:00]
    Running from: c:\users\wiebe\Downloads\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
    FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
    SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\wiebe\AppData\Local\assembly\tmp
    c:\windows\AsPatch10430001.exe
    E:\Autorun.inf
    E:\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-17 14:25 . 2012-04-17 14:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-17 14:25 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-12 03:37 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-12 03:37 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-12 03:37 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-12 03:37 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-12 03:37 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dllhttp://www.emptyloop.com/unlocker/
    2012-04-12 03:37 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-12 03:37 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-04-10 15:26 . 2012-04-17 21:39 -------- d-----w- c:\users\wiebe\AppData\Roaming\Ditto
    2012-04-10 15:26 . 2012-04-10 15:26 -------- d-----w- c:\program files\Ditto
    2012-04-10 15:08 . 2012-04-10 15:08 -------- d-----w- c:\program files (x86)\FileSeek
    2012-04-05 15:02 . 2012-04-05 19:17 -------- d-----w- c:\program files (x86)\FontFrenzy
    2012-04-03 12:09 . 2012-04-03 18:37 -------- d-----w- C:\bd_logs
    2012-04-02 19:54 . 2012-04-02 19:54 -------- d-----w- c:\users\wiebe\AppData\Roaming\SUPERAntiSpyware.com
    2012-04-02 19:53 . 2012-04-05 19:17 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-02 19:53 . 2012-04-02 19:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-04-02 19:42 . 2012-04-02 19:42 967680 ----a-r- c:\users\wiebe\AppData\Roaming\Microsoft\Installer\{0A8CA3C1-F88C-49D2-97E8-3E72A32151EA}\Snoop.exe
    2012-04-02 18:46 . 2012-04-02 23:55 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-04-02 18:46 . 2012-02-24 16:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-04-02 18:46 . 2012-04-02 23:55 -------- d-----w- c:\program files (x86)\PC Tools
    2012-04-02 18:44 . 2012-04-02 20:14 -------- d-----w- c:\programdata\PC Tools
    2012-04-02 18:44 . 2012-04-02 18:44 -------- d-----w- c:\users\wiebe\AppData\Roaming\TestApp
    2012-04-02 18:40 . 2012-04-02 18:40 -------- d-----w- c:\users\wiebe\AppData\Roaming\Malwarebytes
    2012-04-02 18:40 . 2012-04-02 18:40 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-02 01:56 . 2012-04-02 01:56 -------- d-----w- c:\program files\iPod
    2012-04-02 01:56 . 2012-04-02 01:56 -------- d-----w- c:\program files\iTunes
    2012-04-02 01:56 . 2012-04-02 01:56 -------- d-----w- c:\program files (x86)\iTunes
    2012-03-30 23:24 . 2012-03-30 23:24 489156 ----a-w- c:\programdata\1333148289.bdinstall.bin
    2012-03-30 23:23 . 2012-03-30 23:23 -------- d-----w- c:\programdata\BDLogging
    2012-03-30 23:23 . 2012-03-30 23:23 -------- d-----w- c:\users\wiebe\AppData\Roaming\Bitdefender
    2012-03-30 23:23 . 2012-03-30 23:23 -------- d-----w- c:\programdata\Bitdefender
    2012-03-30 23:01 . 2012-03-30 23:01 -------- d-----w- c:\users\wiebe\AppData\Roaming\QuickScan
    2012-03-30 23:00 . 2012-03-30 23:00 -------- d-----w- c:\program files\Bitdefender
    2012-03-30 23:00 . 2011-10-27 21:07 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
    2012-03-30 23:00 . 2011-08-16 20:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2012-03-30 22:56 . 2012-03-30 23:00 -------- d-----w- c:\program files\Common Files\Bitdefender
    2012-03-30 22:53 . 2012-03-30 22:53 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
    2012-03-30 17:52 . 2012-03-30 17:52 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-03-30 17:52 . 2012-03-30 17:52 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2012-03-30 14:48 . 2012-04-14 18:49 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-03-30 14:21 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6183C802-684E-42A0-9392-F61C9FF397E7}\mpengine.dll
    2012-03-30 14:20 . 2012-04-14 18:49 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-03-29 19:20 . 2012-04-05 19:17 -------- d-----w- c:\users\wiebe\AppData\Local\Microsoft_Corporation
    2012-03-28 01:25 . 2012-03-28 01:25 -------- d-----w- c:\windows\Sun
    2012-03-26 02:32 . 2012-03-28 01:41 -------- d-----w- c:\programdata\DVD Shrink
    2012-03-26 02:25 . 2012-03-26 02:25 -------- d-----w- c:\users\wiebe\AppData\Roaming\Nero
    2012-03-23 15:23 . 2012-03-23 15:23 -------- d-----w- c:\program files (x86)\Klok2
    2012-03-22 19:45 . 2012-03-22 19:45 -------- d-----w- c:\users\wiebe\AppData\Local\CrashRpt
    2012-03-22 19:45 . 2012-03-22 19:45 -------- d-----w- c:\program files (x86)\Common Files\TortoiseOverlays
    2012-03-22 19:45 . 2012-03-22 19:45 -------- d-----w- c:\program files\TortoiseSVN
    2012-03-22 19:45 . 2012-03-22 19:45 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
    2012-03-21 02:22 . 2012-03-21 02:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-03-19 19:03 . 2012-03-19 19:03 -------- d-----w- c:\users\wiebe\AppData\Local\ReworkSorting
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-17 03:58 . 2011-10-05 09:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2012-04-14 18:49 . 2011-12-23 19:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-18 20:57 . 2012-03-17 15:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-06 23:15 . 2011-12-23 22:59 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-02-23 15:18 . 2011-12-28 19:16 279656 ----a-w- c:\windows\system32\MpSigStub.exe
    2012-02-17 22:45 . 2012-02-17 22:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-02-17 06:38 . 2012-03-14 14:14 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 05:34 . 2012-03-14 14:14 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-02-17 04:58 . 2012-03-14 14:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:57 . 2012-03-14 14:14 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-15 00:55 . 2012-02-15 00:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
    2012-02-15 00:55 . 2012-02-15 00:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
    2012-02-15 00:55 . 2012-02-15 00:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
    2012-02-15 00:55 . 2012-02-15 00:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
    2012-02-15 00:55 . 2012-02-15 00:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
    2012-02-15 00:55 . 2012-02-15 00:55 250136 ----a-w- c:\windows\system32\igfxext.exe
    2012-02-15 00:55 . 2012-02-15 00:55 184600 ----a-w- c:\windows\system32\difx64.exe
    2012-02-15 00:55 . 2012-02-15 00:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
    2012-02-15 00:53 . 2012-02-15 00:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
    2012-02-15 00:47 . 2011-07-27 04:59 8086528 ----a-w- c:\windows\system32\igdumd64.dll
    2012-02-15 00:47 . 2012-02-15 00:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
    2012-02-15 00:47 . 2012-02-15 00:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
    2012-02-15 00:47 . 2012-02-15 00:47 79360 ----a-w- c:\windows\system32\igdde64.dll
    2012-02-15 00:47 . 2012-02-15 00:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
    2012-02-15 00:44 . 2011-07-27 04:59 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
    2012-02-15 00:44 . 2012-02-15 00:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
    2012-02-15 00:42 . 2011-07-27 04:59 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
    2012-02-15 00:35 . 2011-10-22 00:13 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
    2012-02-15 00:07 . 2012-02-15 00:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
    2012-02-14 23:59 . 2012-02-14 23:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
    2012-02-14 23:57 . 2012-02-14 23:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
    2012-02-14 23:57 . 2012-02-14 23:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
    2012-02-14 23:57 . 2012-02-14 23:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
    2012-02-14 23:57 . 2012-02-14 23:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
    2012-02-14 23:57 . 2012-02-14 23:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
    2012-02-14 23:57 . 2011-07-27 04:59 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
    2012-02-14 23:56 . 2011-07-27 04:59 110592 ----a-w- c:\windows\system32\hccutils.dll
    2012-02-14 23:56 . 2012-02-14 23:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
    2012-02-14 23:56 . 2012-02-14 23:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
    2012-02-14 23:56 . 2012-02-14 23:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
    2012-02-14 23:56 . 2012-02-14 23:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
    2012-02-14 23:56 . 2012-02-14 23:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
    2012-02-14 23:56 . 2011-07-27 04:59 9007616 ----a-w- c:\windows\system32\igfxress.dll
    2012-02-14 23:55 . 2012-02-14 23:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
    2012-02-14 23:54 . 2012-02-14 23:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
    2012-02-14 23:53 . 2012-02-14 23:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
    2012-02-14 23:53 . 2012-02-14 23:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
    2012-02-14 23:53 . 2012-02-14 23:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
    2012-02-14 23:53 . 2012-02-14 23:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
    2012-02-14 23:53 . 2012-02-14 23:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
    2012-02-14 23:53 . 2012-02-14 23:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
    2012-02-14 23:53 . 2012-02-14 23:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
    2012-02-14 23:53 . 2012-02-14 23:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
    2012-02-10 06:36 . 2012-03-14 14:15 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-10 05:38 . 2012-03-14 14:15 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-02-07 17:02 . 2012-02-07 17:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-02-03 04:34 . 2012-03-14 14:15 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-01-26 04:16 . 2011-12-23 18:47 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
    2012-01-26 04:16 . 2012-01-06 16:39 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
    2012-01-25 06:38 . 2012-03-14 14:14 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-01-25 06:38 . 2012-03-14 14:14 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-01-25 06:33 . 2012-03-14 14:14 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "instanteyedropper"="c:\program files (x86)\InstantEyedropper\InstantEyedropper.exe" [2006-12-05 315392]
    "SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
    "Ditto"="c:\program files\Ditto\Ditto.exe" [2012-01-04 1620480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
    "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-01 2018032]
    "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
    "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
    "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
    "USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-03-28 495536]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
    "EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-12-26 743560]
    "SWitchMouse"="c:\program files (x86)\Switch Mouse Driver\SwitchMouseMonitor.exe" [2011-08-02 3176448]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 548528]
    Evoluent Mouse Manager.lnk - c:\windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe [2012-3-10 4286]
    FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-12-23 12862]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 135664]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
    R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-15 276248]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 135664]
    S0 assd;assd; [x]
    S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
    S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
    S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
    S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
    S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
    S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
    S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-12-23 61064]
    S2 GManager;GManager;c:\windows\system32\GManager.exe [x]
    S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-23 23176]
    S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Switch Mouse Driver\KMWDSrv.exe [2009-04-07 193024]
    S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
    S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;c:\windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [x]
    S3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [x]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:49]
    .
    2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 07:34]
    .
    2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 07:34]
    .
    2012-04-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2011-12-23 22:31]
    .
    2012-04-13 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    - c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2011-12-23 22:31]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-15 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-15 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-15 440600]
    "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1067256]
    "MCTDUtil"="c:\program files (x86)\Common Files\DesktopUtil\Util-Desktop.exe" [2011-05-04 195200]
    "FDispPos"="c:\program files (x86)\Common Files\DesktopUtil\Util-Desktop.exe" [2011-05-04 195200]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    FF - ProfilePath - c:\users\wiebe\AppData\Roaming\Mozilla\Firefox\Profiles\rp5lin0z.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-04-17 15:46:37
    ComboFix-quarantined-files.txt 2012-04-17 21:46
    .
    Pre-Run: 54,548,754,432 bytes free
    Post-Run: 55,928,889,344 bytes free
    .
    - - End Of File - - ED6AACB5E5743530E33443930AF1803F
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Answering your questions:
    1. If Combofix quarantined the files, they had malware. It should not affect the working of the drive- unless there is a file to replace.
    2. What do you mean "how do you re-install the autorun"?
    3. You should disinfect all of the removable driver: make sure the external drive is connected:
    • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
    • Install and run it.
    • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
    =============================================
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Users\wiebe\Downloads\Unlocker1.9.1-x64.exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===========================================
    It looks like when you downloaded the Unlocker, that there was either a prechecked option form the Babylon Toolbar:
    c:\windows\SysWow64\wintrust.dllhttp://www.emptyloop.com/unlocker/

    The infected file is being removed in OTM. But if you need the Unlocker, I advise you to uninstall what you now have, then download again taking care to note any pre-checked options and uncheck them.
    ==========================================

    I am still hard pressed to find any other malware. Is the only problem what you had after running Mbam? If you want to try Mbam, update and go ahead with the scan. FYI: here is the link and directions that we use:

    [​IMG]
    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      Note: on opening Notepad, click on Format> make sure Word Wrap is unchecked.
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ========================
  13. skybluecodeflyr

    skybluecodeflyr Newcomer, in training Topic Starter

    1. Very well... What do I do with the quarantined files? Just delete them?
    2. This question came more from a lack of understanding of external drives. When you plug in an external drive, the computer is able to access it- so something must get installed in order for the computer to access the files. ComboFix quarantined "Autorun.inf" and "Setup.exe" and I just got a little concerned that that would make the external harddrive unaccessible. If there is nothing to worry, though, then I won't worry about it.
    3. My usb harddrive is NTFS. When I tried to run Panda USB vaccine, it says that the NTFS vaccination feature is experimental. Should I still do it? What is the risk?
    4. Out of curiousity, why do you use "OTMovit by Old Timer" to remove the file found by ESET? Why not just use ESET?
    5. Do I need to remove the "c:\windows\SysWow64\wintrust.dll" file? How does it connect to the bad toolbar?
    6. Yes, the only issue I had that caused me to want to destroy malware was that Malwarebytes was shutting down mid-scan. I will try and scan with it. Why do your instructions ask people to just scan with the "Quick Scan" and not the "Full Scan"? It was the "Full scan" that caused shut-down last time.
  14. skybluecodeflyr

    skybluecodeflyr Newcomer, in training Topic Starter

    Thanks so much for your help, by the way!
  15. skybluecodeflyr

    skybluecodeflyr Newcomer, in training Topic Starter

    Ok. So interesting news. I'm sending this from another device since my computer won't connect to the Internet anymore. So after I did all the stuff you mentioned in the previous message, I ran a quick scan with male warebytes and it came out clean. Then I ran a full scan with malewarebytes and watched it closely as it scanned. It was part way through scanning c/windows/winsxs when the computer shut down, much like before. When it came back up again, I got that dos-like screen that said that windows had not been shut down properly. I told it to start normally. It proceeded to freeze during restart - as in, when the colored lights were coming together to
    Make the windows symbol. This is windows 7, that is. The processor was really working hard too, as indicated by the fan on my laptop going. I then held down the power button until it shut down and I restarted again. The computer started normally, but could not connect to the Internet when I had booted up. Sugar sync was really working hard, so I quit that. I also got a message saying that acmon had stopped working. Even though windows said that it couldn't connect to the Internet (diagnostics said the dns server was not responding), something was going on because my iPod wouldn't connect to the Wireless. I physically disconnected my computer, and now my iPod can connect to the Internet. Any ideas here? Unfortunately I didn't think to disconnect my external hard drive from my computer before any of this. I don't want to move until I figure out what's happening here.
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome. In answer to your questions:

    1.Quarantine files will be removed at the end of cleaning as well as the tools we used.
    2. No worry here.
    3. It is safe. Run it.
    4. Because OTM removed other temporary internet files.
    5. You used the wintrust in downloading the Unlocker. The Unlocker has adware you missed. But me instruction was to remove the unlocker, not the wintrust file.
    6. The Quick Scan is all we need in the preliminary scans. Occasionally we have need for a Full Scan at a later date.

    We structure our scans as we think best. Since you are the IT for your office, if you help anyone there, you can choose what you want them to run.

    The system is clean.

    Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin
    =====================================================
    Edit: You were posting at the same time I was. Your problems are system/driver/settings related, not malware. You my start a new thread in the Windows BSOD forum if it continues.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.