TechSpot

Possible rootkit? 30+ conhost.exe & ping.exe processes randomly opening

Inactive
By Carlsb3rgg
Sep 6, 2012
  1. Hi,

    My brother's computer seems to have some kind of virus or what I believe to be a rootkit. Being the technological person in our family, he asked me to try sort it out. Now, I'm pretty knowledgeable when it comes to computer hardware but software and virus removal I'm less informed. I tried the usual Malwarebytes and Avast scan but came up with nothing, so I'm now seeking help from someone more professional.

    At some point after start-up, not sure if it is at start-up, or when I run a particular program, 30+ conhost.exe and PING.EXE processes open themselves, and constantly open and close, sometimes where there'll be 50-60 of them, until I reboot the system, which then come back around 5-10 minutes after.

    Here are my Malwarebytes, GMER, and DDS logs:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.06.12

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Tom :: TOM-PC [administrator]

    07/09/2012 00:52:21
    mbam-log-2012-09-07 (00-52-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 246574
    Time elapsed: 4 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-09-07 01:02:29
    Windows 6.1.7600 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 MAXTOR_STM3320820AS rev.3.AAE
    Running: u4upkuxm.exe; Driver: C:\Users\Tom\AppData\Local\Temp\uwldipow.sys
    ---- System - GMER 1.0.15 ----
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9173B966]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.7.2
    Run by Tom at 1:03:48 on 2012-09-07
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3581.1622 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\BlueStacks\HD-LogRotatorService.exe
    C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
    C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files\REALTEK\Wireless LAN Utility\RtlService.exe
    C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\ProgramData\TVersity\Media Server\MediaServer.exe
    C:\Program Files\ZTE Join Air\AssistantServices.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\REALTEK\Wireless LAN Utility\RtWlan.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Core Temp\Core Temp.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe
    C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
    C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
    C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Java\jre7\bin\javaw.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\Downloads\u4upkuxm.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\arp.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=GB&userid=5cc53e4f-7174-48c8-bad6-1c1541c3cbf2&searchtype=hp&isid=9860
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=GB&userid=5cc53e4f-7174-48c8-bad6-1c1541c3cbf2&searchtype=ds&isid=9860&q={searchTerms}
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    {ae07101b-46d4-4a98-af68-0333ea26e113}
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File
    uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [KPeerNexonEU] c:\nexon\nexon_eu_downloader\nxEULauncher.exe
    mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
    mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
    mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN
    mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\cpu-z.lnk - c:\program files\cpuid\cpu-z\cpuz.exe
    StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\tom\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\ezmacr~1.lnk - c:\program files\american systems\ez macros\EZMacros.exe
    StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\intelb~1.lnk - c:\users\tom\desktop\IntelBurnTestV2.exe
    StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\realte~1.lnk - c:\users\tom\desktop\bechmarking\realtemp_370\RealTemp.exe
    StartupFolder: c:\users\tom\appdata\roaming\microsoft\windows\start menu\programs\startup\Update Tool Notifier.exe
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{1F5F8ACB-FECC-44A5-A6AC-4A05426F2BEE} : NameServer = 194.168.4.100,194.168.8.100
    TCP: Interfaces\{34B7E911-1D99-4CE5-9E09-9E58A8AC3AD1} : DhcpNameServer = 192.168.42.129
    TCP: Interfaces\{4B2F6658-E239-4F33-A109-C1C60B0B8E8C} : DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{5B50C29E-FD9A-4B9D-BE5D-FADA34DC04BB} : DhcpNameServer = 192.168.42.129
    TCP: Interfaces\{75527D3F-4CC4-432B-9FEE-D709CD22AEC1} : DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{793A9529-1CB1-4012-A831-78F696DC3318} : DhcpNameServer = 192.168.42.129
    TCP: Interfaces\{82776395-BAA2-4FC6-AB10-4D13A73C75E5} : DhcpNameServer = 192.168.42.129
    TCP: Interfaces\{E122F914-A677-4D56-83DC-6D6012C6BC99} : DhcpNameServer = 192.168.43.1
    TCP: Interfaces\{E122F914-A677-4D56-83DC-6D6012C6BC99}\244584572633D285336323 : DhcpNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{E785BBFE-99F4-476E-BD1F-94377CDE76AA} : DhcpNameServer = 192.168.42.129
    TCP: Interfaces\{F993B901-F6D1-4217-8559-F4587169A4F4} : DhcpNameServer = 194.168.4.100 194.168.8.100
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\ncw00eah.default\
    FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=GB&userid=5cc53e4f-7174-48c8-bad6-1c1541c3cbf2&searchtype=hp&isid=9860
    FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=GB&userid=5cc53e4f-7174-48c8-bad6-1c1541c3cbf2&searchtype=ds&isid=9860&q=
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll
    FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
    FF - plugin: c:\users\tom\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\users\tom\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\tom\appdata\roaming\mozilla\firefox\profiles\ncw00eah.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\plugins\np-mswmp.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.autoDisableScopes - 14
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-8-13 56496]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-8-13 12464]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-9-6 729752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-9-6 355632]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2012-3-17 96896]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-9-6 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-9-6 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-6 44808]
    R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-4-26 66912]
    R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2012-4-26 385376]
    R2 CDMA Device Service;CDMA Device Service;c:\program files\samsung\usb drivers\26_via_driver2\x86\VIAService.exe [2012-1-14 63488]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-16 21992]
    R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2012-8-7 1406264]
    R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-12-29 89376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-6 655944]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-2-20 2253120]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]
    R2 Realtek11nSU;Realtek11nSU;c:\program files\realtek\wireless lan utility\RtlService.exe [2012-1-8 36864]
    R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2012-8-6 689464]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R2 UI Assistant Service;UI Assistant Service;c:\program files\zte join air\AssistantServices.exe [2012-1-22 241664]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-1-14 80184]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-5 22344]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-1-14 181432]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-4-4 27136]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2012-5-18 563200]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2012-4-26 401760]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-1-22 9216]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-20 113120]
    S3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-8-5 750592]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-3-27 20080]
    S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2012-8-26 36928]
    S3 PTLIBUSB0;PRUFTECHNIK-USB-WIN-KERNEL DRIVER 02/25/2008, 1.12.0.1;c:\windows\system32\drivers\PTLIBUSB0.SYS [2012-8-10 22144]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-4-4 16472]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-4-4 11104]
    S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2012-1-8 375808]
    S3 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2012-4-4 736104]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\tom\desktop\bechmarking\realtemp_370\WinRing0.sys [2012-6-23 14416]
    .
    =============== Created Last 30 ================
    .
    2012-09-06 23:07:5056200----a-w-c:\programdata\microsoft\windows defender\definition updates\{2d492d3d-e56a-42b5-a2a8-6db2ea3cf94f}\offreg.dll
    2012-09-06 22:34:4293672----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2012-09-06 22:12:4844784----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-09-06 22:12:47729752----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-09-06 22:12:4658680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-09-06 22:12:1841224----a-w-c:\windows\avastSS.scr
    2012-09-06 16:00:31--------d-----w-C:\server
    2012-09-06 13:27:36--------d-sh--w-C:\$RECYCLE.BIN
    2012-09-06 13:12:2598816----a-w-c:\windows\sed.exe
    2012-09-06 13:12:25518144----a-w-c:\windows\SWREG.exe
    2012-09-06 13:12:25256000----a-w-c:\windows\PEV.exe
    2012-09-06 13:12:25208896----a-w-c:\windows\MBR.exe
    2012-09-06 13:12:18--------d-----w-C:\ComboFix
    2012-08-26 22:52:46--------d-----w-c:\program files\XBC
    2012-08-26 19:33:14--------d-----w-c:\program files\PFPortChecker
    2012-08-26 19:06:22--------d-----w-c:\users\tom\appdata\roaming\PFStaticIP
    2012-08-26 19:04:10--------d-----w-c:\program files\PFStaticIP
    2012-08-26 19:04:09--------d-----w-c:\users\tom\appdata\local\APN
    2012-08-26 16:47:4836928----a-w-c:\windows\system32\drivers\pssdk41.sys
    2012-08-26 16:47:46--------d-----w-c:\users\tom\appdata\roaming\XLink Kai
    2012-08-26 16:47:343046912----a-r-c:\users\tom\appdata\roaming\microsoft\installer\{57bc1feb-421d-469c-b07b-c8095596a224}\kaiEngine.exe
    2012-08-26 16:47:32--------d-----w-c:\program files\XLink Kai
    2012-08-26 12:47:28--------d-----w-C:\therun
    2012-08-22 02:33:03--------d-----w-c:\users\tom\appdata\local\XboxMB
    2012-08-22 02:32:43--------d-----w-c:\users\tom\appdata\local\Xenocode
    2012-08-22 02:32:43--------d-----w-c:\program files\Xenocode
    2012-08-22 00:16:03--------d-----w-c:\users\tom\appdata\local\Team_360h
    2012-08-22 00:09:3015360----a-w-c:\windows\system32\INETFR.DLL
    2012-08-22 00:09:30132880----a-w-c:\windows\system32\MSINET.OCX
    2012-08-22 00:09:2461440----a-w-c:\windows\system32\search.ocx
    2012-08-22 00:09:2434304----a-w-c:\windows\system32\RCHTXFR.DLL
    2012-08-22 00:09:24212240----a-w-c:\windows\system32\RICHTX32.OCX
    2012-08-22 00:09:24141312----a-w-c:\windows\system32\MSCMCFR.DLL
    2012-08-22 00:09:23--------d-----w-c:\program files\exiso-GUI
    2012-08-21 22:48:07--------d-----w-c:\users\tom\appdata\roaming\Datel
    2012-08-21 22:47:53--------d-----w-c:\program files\Datel
    2012-08-17 00:23:04--------d-----w-c:\users\tom\appdata\roaming\Mael
    2012-08-17 00:22:32--------d-----w-c:\program files\HxD
    2012-08-13 11:13:24--------d-----w-c:\program files\Aimersoft
    2012-08-13 10:58:1112464----a-w-c:\windows\system32\drivers\NBVolUp.sys
    2012-08-13 10:58:0456496----a-w-c:\windows\system32\drivers\NBVol.sys
    2012-08-13 10:55:03--------d-----w-c:\users\tom\appdata\local\Xilisoft
    2012-08-13 10:54:58--------d-----w-c:\users\tom\appdata\roaming\Xilisoft
    2012-08-13 10:45:48--------d-----w-c:\program files\Total Video2Dvd
    2012-08-10 01:11:17--------d-----w-c:\users\tom\appdata\roaming\J-Runner
    2012-08-10 00:36:12--------d-----w-c:\program files\Rogero
    2012-08-10 00:34:1033280----a-w-c:\windows\system32\PTLIBUSB0.DLL
    2012-08-10 00:34:1022144----a-w-c:\windows\system32\drivers\PTLIBUSB0.SYS
    2012-08-10 00:34:06--------d-----w-C:\nandpro3
    2012-08-09 07:38:02--------d-----w-c:\program files\AutoHotkey
    2012-08-09 07:36:29302184----a-w-c:\windows\amuninst.exe
    2012-08-09 07:36:29--------d-----w-c:\program files\American Systems
    2012-08-09 07:33:02--------d-----w-c:\program files\Skynergy
    2012-08-09 02:58:30--------d-----w-c:\users\tom\appdata\local\Audible
    2012-08-09 02:48:27255352----a-w-c:\windows\system32\awrdscdc.ax
    2012-08-09 02:47:51499712------w-c:\windows\system32\msvcp71.dll
    2012-08-09 02:47:51348160------w-c:\windows\system32\msvcr71.dll
    2012-08-09 02:47:5124576------w-c:\windows\system32\msxml3a.dll
    2012-08-09 02:47:501060864------w-c:\windows\system32\mfc71.dll
    2012-08-09 02:47:41--------d-----w-c:\program files\Audible
    2012-08-08 03:08:17--------d-----w-C:\Download
    2012-08-08 03:08:09235----a-w-c:\windows\system32\nxEuUninstall.bat
    2012-08-08 03:08:09--------d-----w-C:\Nexon
    2012-08-08 03:08:06446464----a-w-c:\windows\NEXON_EU_DownloaderUpdater.exe
    .
    ==================== Find3M ====================
    .
    2012-09-06 22:34:30821736----a-w-c:\windows\system32\npdeployJava1.dll
    2012-09-06 22:34:29746984----a-w-c:\windows\system32\deployJava1.dll
    2012-07-23 15:52:45851176----a-w-c:\windows\system32\WinUSBCoInstaller2.dll
    2012-07-23 15:52:451461992----a-w-c:\windows\system32\WdfCoInstaller01009.dll
    2012-07-03 12:46:4422344----a-w-c:\windows\system32\drivers\mbam.sys
    2006-05-03 09:06:54163328--sh--r-c:\windows\system32\flvDX.dll
    2007-02-21 10:47:1631232--sh--r-c:\windows\system32\msfDX.dll
    2007-12-17 12:43:0027648--sh--w-c:\windows\system32\Smab0.dll
    .
    ============= FINISH: 1:04:38.21 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 08/01/2012 01:58:42
    System Uptime: 06/09/2012 23:20:25 (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P7P55D EVO
    Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz | LGA1156 | 2801/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 14.528 GiB free.
    D: is FIXED (NTFS) - 932 GiB total, 94.453 GiB free.
    F: is CDROM ()
    G: is FIXED (NTFS) - 298 GiB total, 14.398 GiB free.
    H: is Removable
    I: is Removable
    J: is Removable
    K: is CDROM (CDFS)
    L: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VirtualBox Host-Only Ethernet Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Oracle Corporation
    Name: VirtualBox Host-Only Ethernet Adapter
    PNP Device ID: ROOT\NET\0000
    Service: VBoxNetAdp
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: SAMSUNG Mobile MTP Device
    Device ID: USB\VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID\7&238D6841&0&0000
    Manufacturer: SAMSUNG Electronics Co., Ltd.
    Name: SAMSUNG Mobile MTP Device
    PNP Device ID: USB\VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_ANDROID\7&238D6841&0&0000
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP204: 06/09/2012 23:29:37 - Installed Java 7 Update 7
    .
    ==== Installed Programs ======================
    .
    .
    1ClickDownloader
    3DVIA player 5.0.0.20
    7-Zip 9.20
    abgx360 v1.0.6
    AC3Filter 1.63b
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0
    Adobe Shockwave Player 11.6
    AI Suite
    Android Sync Manager WiFi
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    µTorrent
    Auction Sentry
    AudibleManager
    AutoHotkey 1.0.48.05
    AutoIt v3.3.8.1
    avast! Free Antivirus
    AviSynth 2.5
    Belarc Advisor 8.1
    Belkin F5D8053 N Wireless USB Adapter
    Big Fish Games: Game Manager
    Bitcoin
    BlueStacks (beta-1)
    Bonjour
    CCleaner
    Cheat Engine 6.1
    Cinema Tycoon
    CloneCD
    Company of Heroes
    Core Temp version 0.99.8
    CoreAAC Audio Decoder (remove only)
    CPUID CPU-Z 1.60.1
    CPUID HWMonitor 1.19
    DefaultTab Chrome
    Defraggler
    Demolition Company
    DiskAid 5.09
    Dropbox
    DVD Decrypter (Remove Only)
    Easy Duplicate Finder v. 2.4.1
    Euro Truck Simulator 1.3
    exiso-GUI
    EZ Macros
    Fences
    ffdshow [rev 3299] [2010-03-03]
    File Type Assistant
    FileZilla Client 3.5.3
    FlashFXP v4.1
    Geeks3D.com FurMark 1.9.1
    GIMP 2.6.8
    Google Chrome
    Google SketchUp Pro 8
    Guncraft
    Haali Media Splitter
    HotKeyz 2.8.3
    HTC Driver Installer
    HxD Hex Editor version 1.7.7.0
    ImgBurn
    Internet Download Manager
    ISO to USB
    iTunes
    Java 7 Update 7
    Java Auto Updater
    Java(TM) SE Development Kit 7 Update 3
    JavaFX 2.0.3 SDK
    JavaFX 2.1.1
    JDownloader 0.9
    Join Air
    Landwirtschafts Simulator 2011
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mat Hoffman's Pro BMX
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Flight Simulator X
    Microsoft Flight Simulator X Service Pack 1
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0
    Mirror's Edge™
    MKVtoolnix 4.9.1
    Mobipocket Creator 4.2
    Movie Subtitles Searcher 1.0
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSI Afterburner 2.1.0
    MSI Kombustor 2.0.0
    MSXML 4.0 SP2 Parser and SDK
    MX vs ATV Unleashed
    Need for Speed Underground 2
    Need for Speed™ Carbon
    Need For Speed™ World
    Nero 11 DiscSpeed
    Nero Backup Drivers
    Nero Core Components 11
    Nero DiscSpeed 11
    Nero DiscSpeed 11 Help (CHM)
    nero.prerequisites.msi
    Notepad++
    NVIDIA 3D Vision Controller Driver 285.62
    NVIDIA 3D Vision Driver 285.62
    NVIDIA Control Panel 285.62
    NVIDIA Graphics Driver 285.62
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.0621
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.5.20
    NVIDIA Update Components
    ObjectDock
    OCCT 4.2.0
    OpenOffice.org 3.1
    Oracle VM VirtualBox 4.1.12
    Pando Media Booster
    PeerBlock 1.1 (r518)
    PFPortChecker 1.0.39
    Portforward Static IP Address 1.0.47
    PowerISO
    Project Blackout
    Pulse
    QuickTime
    Radialpoint Security Advisor 2.5.19
    Realm of the Mad God
    REALTEK Wireless LAN Driver and Utility
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    RMPrepUSB
    RocketDock 1.3.5
    Rogero - 360 Multi Builder - Xbox360 Multi Nand Image Creator
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Sibelius Scorch (Firefox, Opera, Netscape only)
    Simba 0.95
    Skype™ 5.8
    SpeedFan (remove only)
    Steam
    Stronghold Kingdoms
    SUPER © Version 2008.bld.30 (Mar 22, 2008)
    swMSM
    System Requirements Lab CYRI
    T3Desk 2010 Build Version 09.12
    Team Fortress 2
    TeamSpeak 3 Client
    TechPowerUp GPU-Z
    Thrillville(TM): '07
    Total Commander (Remove or Repair)
    Treadmill Workout Generator
    TreeSize Professional 5.3.4
    Tunngle beta
    TVersity Codec Pack 1.7
    TVersity Media Server 1.9.7
    UltraISO Premium V8.62
    Unity Web Player
    Virgin Media Digital Home Support 2.1.27
    Virgin Media Service Manager 3.7.47
    Virtual Villagers 4 - The Tree of Life
    VLC media player 2.0.2
    WBFS Manager 3.0
    Winamp
    Winamp Detector Plug-in
    Windows 7 USB/DVD Download Tool
    WinRAR archiver
    WinSCP 4.3.6
    World of Tanks v.0.7.4
    World of Warcraft
    WYO Home Inventory 4.11
    XBC 5.1
    XBMC
    Xiph.Org Open Codecs 0.85.17777
    XLink Kai
    XPort 360
    Xvid 1.2.2 final uninstall
    Zoo Tycoon 2 - Extinct Animals
    ZTE USB Driver
    ZTE_1.2059.0.8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    06/09/2012 23:24:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    06/09/2012 23:24:43, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    06/09/2012 23:21:21, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
    06/09/2012 23:18:06, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    06/09/2012 22:59:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    06/09/2012 22:54:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
    06/09/2012 22:06:45, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    06/09/2012 22:06:18, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    06/09/2012 22:06:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    06/09/2012 22:06:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    06/09/2012 22:06:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    06/09/2012 22:05:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    06/09/2012 22:05:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    06/09/2012 22:04:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO discache ElbyCDIO SCDEmu spldr VBoxDrv VBoxUSBMon Wanarpv6
    06/09/2012 22:04:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    06/09/2012 22:04:44, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    06/09/2012 15:37:23, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    06/09/2012 14:33:07, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    06/09/2012 14:25:19, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    06/09/2012 14:15:04, Error: Service Control Manager [7034] - The UI Assistant Service service terminated unexpectedly. It has done this 1 time(s).
    06/09/2012 14:11:44, Error: Service Control Manager [7031] - The TVersity Media Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    06/09/2012 14:11:42, Error: Service Control Manager [7034] - The DefaultTabUpdate service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
    Any help is very much appreciated.
     
  2. Carlsb3rgg

    Carlsb3rgg TS Rookie Topic Starter

    I know the rules say not to download/install any new programs unless instructed to but I installed Comodo Firewall in the hopes of putting a block on whatever IP was being pinged hoping it would stop the virus.

    After looking through Comodo Firewall to try block the outgoing pings I found that the processes were being made under some kind of java application. After ending the java process all the conhost.exe and PING.EXE processes vanish. Upon reboot, the processes open themselves and carry on running until I once again end the java process. Not sure if this helps in any way.

    How would I go about finding the java application/virus causing all these processes?

    Patiently waiting for a reply :)
     
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  4. Carlsb3rgg

    Carlsb3rgg TS Rookie Topic Starter

    ComboFix 12-09-06.04 - Tom 07/09/2012 10:36:42.2.4 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3581.2403 [GMT 1:00]
    Running from: c:\users\Tom\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-07 09:43 . 2012-09-07 09:43--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-09-07 09:43 . 2012-09-07 09:43--------d-----w-c:\users\Mcx1-TOM-PC\AppData\Local\temp
    2012-09-07 09:43 . 2012-09-07 09:43--------d-----w-c:\users\Default\AppData\Local\temp
    2012-09-07 02:08 . 2012-09-07 02:11--------d-----w-c:\programdata\Comodo
    2012-09-07 02:08 . 2012-09-07 02:08--------d-----w-c:\program files\COMODO
    2012-09-07 02:08 . 2012-09-07 02:081700352----a-w-c:\windows\system32\gdiplus.dll
    2012-09-07 02:00 . 2012-09-07 02:00--------d-----w-c:\program files\NetworkDLS
    2012-09-06 23:07 . 2012-09-06 23:0756200----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D492D3D-E56A-42B5-A2A8-6DB2EA3CF94F}\offreg.dll
    2012-09-06 22:35 . 2012-09-06 22:35--------d-----w-c:\program files\Common Files\Java
    2012-09-06 22:34 . 2012-09-06 22:3493672----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2012-09-06 22:12 . 2012-08-21 09:13355632----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-09-06 22:12 . 2012-08-21 09:1321256----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-09-06 22:12 . 2012-08-21 09:1354232----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-09-06 22:12 . 2012-08-21 09:1344784----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-09-06 22:12 . 2012-08-21 09:13729752----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-09-06 22:12 . 2012-08-21 09:1358680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-09-06 22:12 . 2012-08-21 09:1241224----a-w-c:\windows\avastSS.scr
    2012-09-06 22:12 . 2012-08-21 09:12227648----a-w-c:\windows\system32\aswBoot.exe
    2012-09-06 16:00 . 2012-09-06 16:00--------d-----w-C:\server
    2012-08-26 22:52 . 2012-08-26 22:54--------d-----w-c:\program files\XBC
    2012-08-26 19:33 . 2012-08-26 19:33--------d-----w-c:\program files\PFPortChecker
    2012-08-26 19:06 . 2012-08-26 19:08--------d-----w-c:\users\Tom\AppData\Roaming\PFStaticIP
    2012-08-26 19:04 . 2012-08-26 19:04--------d-----w-c:\program files\PFStaticIP
    2012-08-26 19:04 . 2012-08-26 19:04--------d-----w-c:\users\Tom\AppData\Local\APN
    2012-08-26 16:47 . 2012-08-27 21:4336928----a-w-c:\windows\system32\drivers\pssdk41.sys
    2012-08-26 16:47 . 2012-08-26 20:10--------d-----w-c:\users\Tom\AppData\Roaming\XLink Kai
    2012-08-26 16:47 . 2012-08-26 16:473046912----a-r-c:\users\Tom\AppData\Roaming\Microsoft\Installer\{57BC1FEB-421D-469C-B07B-C8095596A224}\kaiEngine.exe
    2012-08-26 16:47 . 2012-08-26 16:47--------d-----w-c:\program files\XLink Kai
    2012-08-26 12:47 . 2012-08-26 15:16--------d-----w-C:\therun
    2012-08-25 11:22 . 2012-09-06 14:04--------d-----w-c:\users\Tom\AppData\Roaming\FileZilla
    2012-08-25 11:22 . 2012-08-25 11:22--------d-----w-c:\program files\FileZilla FTP Client
    2012-08-22 02:33 . 2012-08-22 02:33--------d-----w-c:\users\Tom\AppData\Local\XboxMB
    2012-08-22 02:32 . 2012-08-22 02:32--------d-----w-c:\users\Tom\AppData\Local\Xenocode
    2012-08-22 02:32 . 2012-08-22 02:32--------d-----w-c:\program files\Xenocode
    2012-08-22 00:16 . 2012-08-22 00:16--------d-----w-c:\users\Tom\AppData\Local\Team_360h
    2012-08-22 00:09 . 2004-03-08 22:00132880----a-w-c:\windows\system32\MSINET.OCX
    2012-08-22 00:09 . 1998-07-12 22:0015360----a-w-c:\windows\system32\INETFR.DLL
    2012-08-22 00:09 . 2004-03-08 21:00212240----a-w-c:\windows\system32\RICHTX32.OCX
    2012-08-22 00:09 . 2003-12-11 16:2261440----a-w-c:\windows\system32\search.ocx
    2012-08-22 00:09 . 1998-07-12 23:00141312----a-w-c:\windows\system32\MSCMCFR.DLL
    2012-08-22 00:09 . 1998-07-12 22:0034304----a-w-c:\windows\system32\RCHTXFR.DLL
    2012-08-22 00:09 . 2012-08-22 00:09--------d-----w-c:\program files\exiso-GUI
    2012-08-21 22:48 . 2012-08-21 22:48--------d-----w-c:\users\Tom\AppData\Roaming\Datel
    2012-08-21 22:47 . 2012-08-21 22:47--------d-----w-c:\program files\Datel
    2012-08-17 00:23 . 2012-08-17 00:23--------d-----w-c:\users\Tom\AppData\Roaming\Mael
    2012-08-17 00:22 . 2012-08-17 00:22--------d-----w-c:\program files\HxD
    2012-08-13 11:13 . 2012-09-06 21:52--------d-----w-c:\program files\Aimersoft
    2012-08-13 10:58 . 2011-12-01 10:4012464----a-w-c:\windows\system32\drivers\NBVolUp.sys
    2012-08-13 10:58 . 2011-12-01 10:4056496----a-w-c:\windows\system32\drivers\NBVol.sys
    2012-08-13 10:55 . 2012-08-13 11:18--------d-----w-c:\users\Tom\AppData\Local\Xilisoft
    2012-08-13 10:54 . 2012-08-13 11:18--------d-----w-c:\users\Tom\AppData\Roaming\Xilisoft
    2012-08-13 10:45 . 2012-09-06 21:59--------d-----w-c:\program files\Total Video2Dvd
    2012-08-10 01:11 . 2012-08-10 01:11--------d-----w-c:\users\Tom\AppData\Roaming\J-Runner
    2012-08-10 00:36 . 2012-08-10 00:36--------d-----w-c:\program files\Rogero
    2012-08-10 00:34 . 2008-03-07 10:2033280----a-w-c:\windows\system32\PTLIBUSB0.DLL
    2012-08-10 00:34 . 2008-03-07 10:2022144----a-w-c:\windows\system32\drivers\PTLIBUSB0.SYS
    2012-08-10 00:34 . 2012-08-11 12:52--------d-----w-C:\nandpro3
    2012-08-09 07:38 . 2012-08-09 07:38--------d-----w-c:\program files\AutoHotkey
    2012-08-09 07:36 . 2012-08-09 07:36--------d-----w-c:\program files\American Systems
    2012-08-09 07:36 . 2008-07-01 12:24302184----a-w-c:\windows\amuninst.exe
    2012-08-09 07:33 . 2012-08-09 07:33--------d-----w-c:\program files\Skynergy
    2012-08-09 02:58 . 2012-08-09 03:13--------d-----w-c:\users\Tom\AppData\Local\Audible
    2012-08-09 02:48 . 2012-08-09 02:48255352----a-w-c:\windows\system32\awrdscdc.ax
    2012-08-09 02:47 . 2003-03-18 19:14499712------w-c:\windows\system32\msvcp71.dll
    2012-08-09 02:47 . 2003-02-21 03:42348160------w-c:\windows\system32\msvcr71.dll
    2012-08-09 02:47 . 2001-08-17 21:4324576------w-c:\windows\system32\msxml3a.dll
    2012-08-09 02:47 . 2003-03-18 20:201060864------w-c:\windows\system32\mfc71.dll
    2012-08-09 02:47 . 2012-08-09 02:48--------d-----w-c:\program files\Audible
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-06 22:34 . 2012-03-04 21:20821736----a-w-c:\windows\system32\npdeployJava1.dll
    2012-09-06 22:34 . 2012-01-14 02:55746984----a-w-c:\windows\system32\deployJava1.dll
    2012-08-08 03:08 . 2012-08-08 03:08235----a-w-c:\windows\system32\nxEuUninstall.bat
    2012-08-08 03:08 . 2012-08-08 03:08446464----a-w-c:\windows\NEXON_EU_DownloaderUpdater.exe
    2012-07-23 19:18 . 2012-07-23 19:18119808----a-r-c:\users\Tom\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2012-07-23 15:52 . 2012-07-23 15:52851176----a-w-c:\windows\system32\WinUSBCoInstaller2.dll
    2012-07-23 15:52 . 2012-07-23 15:521461992----a-w-c:\windows\system32\WdfCoInstaller01009.dll
    2012-07-23 15:41 . 2012-07-23 15:42145552----a-w-c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe
    2012-07-03 12:46 . 2012-05-05 02:0522344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-18 02:14 . 2012-07-11 16:246762896----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D492D3D-E56A-42B5-A2A8-6DB2EA3CF94F}\mpengine.dll
    2010-03-31 09:09 . 2010-03-31 09:0910437264----a-w-c:\program files\mozilla firefox\plugins\PDFNetC.dll
    2010-04-08 11:36 . 2010-04-08 11:36107760----a-w-c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    2012-07-08 02:19 . 2012-02-14 15:5885472----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 09:06163328--sh--r-c:\windows\System32\flvDX.dll
    2007-02-21 10:4731232--sh--r-c:\windows\System32\msfDX.dll
    2007-12-17 12:4327648--sh--w-c:\windows\System32\Smab0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:12121528----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:5021864----a-w-c:\program files\Internet Download Manager\IDMShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1866864]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-12-30 3462552]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-26 880496]
    "KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-08-08 438272]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
    "DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
    .
    c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CPU-Z.lnk - c:\program files\CPUID\CPU-Z\cpuz.exe [2012-6-23 2395400]
    Dropbox.lnk - c:\users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    EZ Macros.lnk - c:\program files\American Systems\EZ Macros\EZMacros.exe [2012-8-9 1602200]
    IntelBurnTestV2 - Shortcut (2).lnk - c:\users\Tom\Desktop\IntelBurnTestV2.exe [2012-6-24 82432]
    RealTemp - Shortcut.lnk - c:\users\Tom\Desktop\Bechmarking\RealTemp_370\RealTemp.exe [2012-6-23 216064]
    Update Tool Notifier.exe [2012-7-23 145552]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
    path=c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-02 10:07843712----a-r-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-01-03 22:5137296----a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-11-01 23:2559240----a-w-c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-01-21 17:2291520----a-w-c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
    2012-04-26 18:17553312----a-w-c:\program files\BlueStacks\HD-Agent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks App Player]
    2012-04-26 18:16577888----a-w-c:\program files\BlueStacks\HD-Frontend.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    2009-01-29 22:2057344----a-w-c:\program files\SlySoft\CloneCD\CloneCDTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-01-08 13:51136176----atw-c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
    2011-12-30 14:273462552----a-w-c:\program files\Internet Download Manager\IDMan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-01-16 17:22421736----a-w-c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
    2012-02-03 16:50943504----a-w-c:\program files\Samsung\Kies\KiesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
    2012-02-03 16:5021392----a-w-c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
    2012-02-03 16:503508624----a-w-c:\program files\Samsung\Kies\KiesTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2008-11-02 08:38167936----a-w-c:\program files\PowerISO\PWRISOVM.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 14:28421888----a-w-c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2012-09-06 21:591353080----a-w-c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-07-03 08:04252848----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
    2009-03-24 13:59132608----a-w-c:\program files\ZTE Join Air\UIExec.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2012-05-26 19:39880496----a-w-c:\program files\uTorrent\uTorrent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2011-12-09 17:2274752----a-w-c:\program files\WinAmp\winampa.exe
    .
    R2 DefaultTabSearch;DefaultTabSearch;c:\program files\DefaultTab\DefaultTabSearch.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R2 UI Assistant Service;UI Assistant Service;c:\program files\ZTE Join Air\AssistantServices.exe [x]
    R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [x]
    R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [x]
    R3 PTLIBUSB0;PRUFTECHNIK-USB-WIN-KERNEL DRIVER 02/25/2008, 1.12.0.1;c:\windows\system32\DRIVERS\PTLIBUSB0.SYS [x]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
    R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Tom\Desktop\Bechmarking\RealTemp_370\WinRing0.sys [x]
    S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
    S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [x]
    S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [x]
    S2 CDMA Device Service;CDMA Device Service;c:\program files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [x]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
    S2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
    S2 Realtek11nSU;Realtek11nSU;c:\program files\REALTEK\Wireless LAN Utility\RtlService.exe [x]
    S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S3 ALSysIO;ALSysIO;c:\users\Tom\AppData\Local\Temp\ALSysIO.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    *NewlyCreated* - CMDGUARD
    *NewlyCreated* - CMDHLP
    *NewlyCreated* - INSPECT
    *NewlyCreated* - MBAMSWISSARMY
    *NewlyCreated* - UWLDIPOW
    *Deregistered* - MBAMSwissArmy
    *Deregistered* - uwldipow
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-06 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-06 09:12]
    .
    2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097739423-252221092-1013099950-1000Core.job
    - c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 13:51]
    .
    2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097739423-252221092-1013099950-1000UA.job
    - c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 13:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=GB&userid=5cc53e4f-7174-48c8-bad6-1c1541c3cbf2&searchtype=hp&isid=9860
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=GB&userid=5cc53e4f-7174-48c8-bad6-1c1541c3cbf2&searchtype=ds&isid=9860&q={searchTerms}
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{0F9E00F7-68BE-46DC-94AC-B5751438F818}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{1F5F8ACB-FECC-44A5-A6AC-4A05426F2BEE}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{75527D3F-4CC4-432B-9FEE-D709CD22AEC1}: NameServer = 8.26.56.26,156.154.70.22
    FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ncw00eah.default\
    FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=GB&userid=5cc53e4f-7174-48c8-bad6-1c1541c3cbf2&searchtype=hp&isid=9860
    FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=GB&userid=5cc53e4f-7174-48c8-bad6-1c1541c3cbf2&searchtype=ds&isid=9860&q=
    FF - user.js: extensions.autoDisableScopes - 14
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{66BD2442-241B-44CD-8C7A-B51037053CDB} - (no file)
    HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
    HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
    MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTAgent.exe
    MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
    MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2097739423-252221092-1013099950-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¤¾>]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-2097739423-252221092-1013099950-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¤¾>\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2097739423-252221092-1013099950-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):e4,17,ed,52,eb,c1,d4,32,5c,5a,4d,c9,31,a1,cb,d6,34,e7,16,30,b9,
    57,f7,9a,bd,24,38,e7,93,2d,43,f4,52,9b,c6,f0,c0,bd,f4,74,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-2097739423-252221092-1013099950-1000_Classes\CLSID\{93a9474b-10be-46b9-9bd1-7f227d0768e1}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000000d
    "Therad"=dword:00000001
    .
    [HKEY_USERS\S-1-5-21-2097739423-252221092-1013099950-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¤¾>\OpenWithList]
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2097739423-252221092-1013099950-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.* ¤¾>]
    "0"=hex:66,69,6c,65,3a,2f,2f,2f,44,3a,2f,4e,65,77,25,32,30,4d,75,73,69,63,25,
    32,30,43,6f,6c,6c,65,63,74,69,6f,6e,2f,43,68,61,73,65,25,32,30,61,6e,64,25,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(9156)
    c:\windows\system32\guard32.dll
    c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll
    c:\program files\Stardock\Fences\FencesMenu.dll
    c:\program files\stardock\fences\DesktopDock.dll
    .
    Completion time: 2012-09-07 10:44:32
    ComboFix-quarantined-files.txt 2012-09-07 09:44
    ComboFix2.txt 2012-09-06 13:32
    .
    Pre-Run: 14,884,454,400 bytes free
    Post-Run: 18,471,133,184 bytes free
    .
    - - End Of File - - 85A87E22E339EE897ACEC06C239D0BB3
     
  5. Carlsb3rgg

    Carlsb3rgg TS Rookie Topic Starter

    Didn't realise Windows Defender was still running when I ran it the previous time. Here it is with Windows Defender disabled:

    ComboFix 12-09-06.04 - Tom 07/09/2012 10:54:51.3.4 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3581.2420 [GMT 1:00]
    Running from: c:\users\Tom\Downloads\Programs\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-07 09:59 . 2012-09-07 09:59--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-09-07 09:59 . 2012-09-07 09:59--------d-----w-c:\users\Mcx1-TOM-PC\AppData\Local\temp
    2012-09-07 09:59 . 2012-09-07 09:59--------d-----w-c:\users\Default\AppData\Local\temp
    2012-09-07 02:08 . 2012-09-07 02:11--------d-----w-c:\programdata\Comodo
    2012-09-07 02:08 . 2012-09-07 02:08--------d-----w-c:\program files\COMODO
    2012-09-07 02:08 . 2012-09-07 02:081700352----a-w-c:\windows\system32\gdiplus.dll
    2012-09-07 02:00 . 2012-09-07 02:00--------d-----w-c:\program files\NetworkDLS
    2012-09-06 22:35 . 2012-09-06 22:35--------d-----w-c:\program files\Common Files\Java
    2012-09-06 22:34 . 2012-09-06 22:3493672----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2012-09-06 22:12 . 2012-08-21 09:13355632----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-09-06 22:12 . 2012-08-21 09:1321256----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-09-06 22:12 . 2012-08-21 09:1354232----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-09-06 22:12 . 2012-08-21 09:1344784----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-09-06 22:12 . 2012-08-21 09:13729752----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-09-06 22:12 . 2012-08-21 09:1358680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-09-06 22:12 . 2012-08-21 09:1241224----a-w-c:\windows\avastSS.scr
    2012-09-06 22:12 . 2012-08-21 09:12227648----a-w-c:\windows\system32\aswBoot.exe
    2012-09-06 16:00 . 2012-09-06 16:00--------d-----w-C:\server
    2012-08-26 22:52 . 2012-08-26 22:54--------d-----w-c:\program files\XBC
    2012-08-26 19:33 . 2012-08-26 19:33--------d-----w-c:\program files\PFPortChecker
    2012-08-26 19:06 . 2012-08-26 19:08--------d-----w-c:\users\Tom\AppData\Roaming\PFStaticIP
    2012-08-26 19:04 . 2012-08-26 19:04--------d-----w-c:\program files\PFStaticIP
    2012-08-26 19:04 . 2012-08-26 19:04--------d-----w-c:\users\Tom\AppData\Local\APN
    2012-08-26 16:47 . 2012-08-27 21:4336928----a-w-c:\windows\system32\drivers\pssdk41.sys
    2012-08-26 16:47 . 2012-08-26 20:10--------d-----w-c:\users\Tom\AppData\Roaming\XLink Kai
    2012-08-26 16:47 . 2012-08-26 16:473046912----a-r-c:\users\Tom\AppData\Roaming\Microsoft\Installer\{57BC1FEB-421D-469C-B07B-C8095596A224}\kaiEngine.exe
    2012-08-26 16:47 . 2012-08-26 16:47--------d-----w-c:\program files\XLink Kai
    2012-08-26 12:47 . 2012-08-26 15:16--------d-----w-C:\therun
    2012-08-25 11:22 . 2012-09-06 14:04--------d-----w-c:\users\Tom\AppData\Roaming\FileZilla
    2012-08-25 11:22 . 2012-08-25 11:22--------d-----w-c:\program files\FileZilla FTP Client
    2012-08-22 02:33 . 2012-08-22 02:33--------d-----w-c:\users\Tom\AppData\Local\XboxMB
    2012-08-22 02:32 . 2012-08-22 02:32--------d-----w-c:\users\Tom\AppData\Local\Xenocode
    2012-08-22 02:32 . 2012-08-22 02:32--------d-----w-c:\program files\Xenocode
    2012-08-22 00:16 . 2012-08-22 00:16--------d-----w-c:\users\Tom\AppData\Local\Team_360h
    2012-08-22 00:09 . 2004-03-08 22:00132880----a-w-c:\windows\system32\MSINET.OCX
    2012-08-22 00:09 . 1998-07-12 22:0015360----a-w-c:\windows\system32\INETFR.DLL
    2012-08-22 00:09 . 2004-03-08 21:00212240----a-w-c:\windows\system32\RICHTX32.OCX
    2012-08-22 00:09 . 2003-12-11 16:2261440----a-w-c:\windows\system32\search.ocx
    2012-08-22 00:09 . 1998-07-12 23:00141312----a-w-c:\windows\system32\MSCMCFR.DLL
    2012-08-22 00:09 . 1998-07-12 22:0034304----a-w-c:\windows\system32\RCHTXFR.DLL
    2012-08-22 00:09 . 2012-08-22 00:09--------d-----w-c:\program files\exiso-GUI
    2012-08-21 22:48 . 2012-08-21 22:48--------d-----w-c:\users\Tom\AppData\Roaming\Datel
    2012-08-21 22:47 . 2012-08-21 22:47--------d-----w-c:\program files\Datel
    2012-08-17 00:23 . 2012-08-17 00:23--------d-----w-c:\users\Tom\AppData\Roaming\Mael
    2012-08-17 00:22 . 2012-08-17 00:22--------d-----w-c:\program files\HxD
    2012-08-13 11:13 . 2012-09-06 21:52--------d-----w-c:\program files\Aimersoft
    2012-08-13 10:58 . 2011-12-01 10:4012464----a-w-c:\windows\system32\drivers\NBVolUp.sys
    2012-08-13 10:58 . 2011-12-01 10:4056496----a-w-c:\windows\system32\drivers\NBVol.sys
    2012-08-13 10:55 . 2012-08-13 11:18--------d-----w-c:\users\Tom\AppData\Local\Xilisoft
    2012-08-13 10:54 . 2012-08-13 11:18--------d-----w-c:\users\Tom\AppData\Roaming\Xilisoft
    2012-08-13 10:45 . 2012-09-06 21:59--------d-----w-c:\program files\Total Video2Dvd
    2012-08-10 01:11 . 2012-08-10 01:11--------d-----w-c:\users\Tom\AppData\Roaming\J-Runner
    2012-08-10 00:36 . 2012-08-10 00:36--------d-----w-c:\program files\Rogero
    2012-08-10 00:34 . 2008-03-07 10:2033280----a-w-c:\windows\system32\PTLIBUSB0.DLL
    2012-08-10 00:34 . 2008-03-07 10:2022144----a-w-c:\windows\system32\drivers\PTLIBUSB0.SYS
    2012-08-10 00:34 . 2012-08-11 12:52--------d-----w-C:\nandpro3
    2012-08-09 07:38 . 2012-08-09 07:38--------d-----w-c:\program files\AutoHotkey
    2012-08-09 07:36 . 2012-08-09 07:36--------d-----w-c:\program files\American Systems
    2012-08-09 07:36 . 2008-07-01 12:24302184----a-w-c:\windows\amuninst.exe
    2012-08-09 07:33 . 2012-08-09 07:33--------d-----w-c:\program files\Skynergy
    2012-08-09 02:58 . 2012-08-09 03:13--------d-----w-c:\users\Tom\AppData\Local\Audible
    2012-08-09 02:48 . 2012-08-09 02:48255352----a-w-c:\windows\system32\awrdscdc.ax
    2012-08-09 02:47 . 2003-03-18 19:14499712------w-c:\windows\system32\msvcp71.dll
    2012-08-09 02:47 . 2003-02-21 03:42348160------w-c:\windows\system32\msvcr71.dll
    2012-08-09 02:47 . 2001-08-17 21:4324576------w-c:\windows\system32\msxml3a.dll
    2012-08-09 02:47 . 2003-03-18 20:201060864------w-c:\windows\system32\mfc71.dll
    2012-08-09 02:47 . 2012-08-09 02:48--------d-----w-c:\program files\Audible
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-06 22:34 . 2012-03-04 21:20821736----a-w-c:\windows\system32\npdeployJava1.dll
    2012-09-06 22:34 . 2012-01-14 02:55746984----a-w-c:\windows\system32\deployJava1.dll
    2012-08-08 03:08 . 2012-08-08 03:08235----a-w-c:\windows\system32\nxEuUninstall.bat
    2012-08-08 03:08 . 2012-08-08 03:08446464----a-w-c:\windows\NEXON_EU_DownloaderUpdater.exe
    2012-07-23 19:18 . 2012-07-23 19:18119808----a-r-c:\users\Tom\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2012-07-23 15:52 . 2012-07-23 15:52851176----a-w-c:\windows\system32\WinUSBCoInstaller2.dll
    2012-07-23 15:52 . 2012-07-23 15:521461992----a-w-c:\windows\system32\WdfCoInstaller01009.dll
    2012-07-23 15:41 . 2012-07-23 15:42145552----a-w-c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe
    2012-07-03 12:46 . 2012-05-05 02:0522344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-18 02:14 . 2012-07-11 16:246762896----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D492D3D-E56A-42B5-A2A8-6DB2EA3CF94F}\mpengine.dll
    2010-03-31 09:09 . 2010-03-31 09:0910437264----a-w-c:\program files\mozilla firefox\plugins\PDFNetC.dll
    2010-04-08 11:36 . 2010-04-08 11:36107760----a-w-c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
    2012-07-08 02:19 . 2012-02-14 15:5885472----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 09:06163328--sh--r-c:\windows\System32\flvDX.dll
    2007-02-21 10:4731232--sh--r-c:\windows\System32\msfDX.dll
    2007-12-17 12:4327648--sh--w-c:\windows\System32\Smab0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:12121528----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:5021864----a-w-c:\program files\Internet Download Manager\IDMShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1866864]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-12-30 3462552]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-26 880496]
    "KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-08-08 438272]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
    "DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 208184]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 182584]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
    .
    c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CPU-Z.lnk - c:\program files\CPUID\CPU-Z\cpuz.exe [2012-6-23 2395400]
    Dropbox.lnk - c:\users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    EZ Macros.lnk - c:\program files\American Systems\EZ Macros\EZMacros.exe [2012-8-9 1602200]
    IntelBurnTestV2 - Shortcut (2).lnk - c:\users\Tom\Desktop\IntelBurnTestV2.exe [2012-6-24 82432]
    RealTemp - Shortcut.lnk - c:\users\Tom\Desktop\Bechmarking\RealTemp_370\RealTemp.exe [2012-6-23 216064]
    Update Tool Notifier.exe [2012-7-23 145552]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
    path=c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-02 10:07843712----a-r-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-01-03 22:5137296----a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-11-01 23:2559240----a-w-c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-01-21 17:2291520----a-w-c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
    2012-04-26 18:17553312----a-w-c:\program files\BlueStacks\HD-Agent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks App Player]
    2012-04-26 18:16577888----a-w-c:\program files\BlueStacks\HD-Frontend.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    2009-01-29 22:2057344----a-w-c:\program files\SlySoft\CloneCD\CloneCDTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-01-08 13:51136176----atw-c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
    2011-12-30 14:273462552----a-w-c:\program files\Internet Download Manager\IDMan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-01-16 17:22421736----a-w-c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
    2012-02-03 16:50943504----a-w-c:\program files\Samsung\Kies\KiesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
    2012-02-03 16:5021392----a-w-c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
    2012-02-03 16:503508624----a-w-c:\program files\Samsung\Kies\KiesTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2008-11-02 08:38167936----a-w-c:\program files\PowerISO\PWRISOVM.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 14:28421888----a-w-c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2012-09-06 21:591353080----a-w-c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-07-03 08:04252848----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
    2009-03-24 13:59132608----a-w-c:\program files\ZTE Join Air\UIExec.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2012-05-26 19:39880496----a-w-c:\program files\uTorrent\uTorrent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2011-12-09 17:2274752----a-w-c:\program files\WinAmp\winampa.exe
    .
    R2 DefaultTabSearch;DefaultTabSearch;c:\program files\DefaultTab\DefaultTabSearch.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R2 UI Assistant Service;UI Assistant Service;c:\program files\ZTE Join Air\AssistantServices.exe [x]
    R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [x]
    R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [x]
    R3 PTLIBUSB0;PRUFTECHNIK-USB-WIN-KERNEL DRIVER 02/25/2008, 1.12.0.1;c:\windows\system32\DRIVERS\PTLIBUSB0.SYS [x]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
    R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Tom\Desktop\Bechmarking\RealTemp_370\WinRing0.sys [x]
    S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
    S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [x]
    S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [x]
    S2 CDMA Device Service;CDMA Device Service;c:\program files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [x]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
    S2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
    S2 Realtek11nSU;Realtek11nSU;c:\program files\REALTEK\Wireless LAN Utility\RtlService.exe [x]
    S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S3 ALSysIO;ALSysIO;c:\users\Tom\AppData\Local\Temp\ALSysIO.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    *NewlyCreated* - CMDGUARD
    *NewlyCreated* - CMDHLP
    *NewlyCreated* - INSPECT
    *NewlyCreated* - MBAMSWISSARMY
    *NewlyCreated* - UWLDIPOW
    *Deregistered* - MBAMSwissArmy
    *Deregistered* - uwldipow
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-06 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-06 09:12]
    .
    2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097739423-252221092-1013099950-1000Core.job
    - c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 13:51]
    .
    2012-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097739423-252221092-1013099950-1000UA.job
    - c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 13:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=GB&userid=5cc53e4f-7174-48c8-bad6-1c1541c3cbf2&searchtype=hp&isid=9860
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=GB&userid=5cc53e4f-7174-48c8-bad6-1c1541c3cbf2&searchtype=ds&isid=9860&q={searchTerms}
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{0F9E00F7-68BE-46DC-94AC-B5751438F818}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{1F5F8ACB-FECC-44A5-A6AC-4A05426F2BEE}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{75527D3F-4CC4-432B-9FEE-D709CD22AEC1}: NameServer = 8.26.56.26,156.154.70.22
    FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ncw00eah.default\
    FF - prefs.js: browser.startup.homepage - hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=GB&userid=5cc53e4f-7174-48c8-bad6-1c1541c3cbf2&searchtype=hp&isid=9860
    FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=GB&userid=5cc53e4f-7174-48c8-bad6-1c1541c3cbf2&searchtype=ds&isid=9860&q=
    FF - user.js: extensions.autoDisableScopes - 14
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2097739423-252221092-1013099950-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¤¾>]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-2097739423-252221092-1013099950-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¤¾>\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2097739423-252221092-1013099950-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):e4,17,ed,52,eb,c1,d4,32,5c,5a,4d,c9,31,a1,cb,d6,34,e7,16,30,b9,
    57,f7,9a,bd,24,38,e7,93,2d,43,f4,52,9b,c6,f0,c0,bd,f4,74,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-2097739423-252221092-1013099950-1000_Classes\CLSID\{93a9474b-10be-46b9-9bd1-7f227d0768e1}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000000d
    "Therad"=dword:00000001
    .
    [HKEY_USERS\S-1-5-21-2097739423-252221092-1013099950-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* ¤¾>\OpenWithList]
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2097739423-252221092-1013099950-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.* ¤¾>]
    "0"=hex:66,69,6c,65,3a,2f,2f,2f,44,3a,2f,4e,65,77,25,32,30,4d,75,73,69,63,25,
    32,30,43,6f,6c,6c,65,63,74,69,6f,6e,2f,43,68,61,73,65,25,32,30,61,6e,64,25,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(6464)
    c:\windows\system32\guard32.dll
    c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll
    c:\program files\Stardock\Fences\FencesMenu.dll
    c:\program files\stardock\fences\DesktopDock.dll
    .
    Completion time: 2012-09-07 11:01:04
    ComboFix-quarantined-files.txt 2012-09-07 10:01
    ComboFix2.txt 2012-09-07 09:44
    ComboFix3.txt 2012-09-06 13:32
    .
    Pre-Run: 18,462,568,448 bytes free
    Post-Run: 18,405,969,920 bytes free
    .
    - - End Of File - - B8900CD07F9EA106BD5D711CA0852C74
     
  6. Carlsb3rgg

    Carlsb3rgg TS Rookie Topic Starter

    I did as you requested and saved the file as svchost.exe to my desktop, but looking at the log noticed that it says it is running from c:\users\Tom\Downloads\Programs\ComboFix.exe. Is this normal? I may have an older version of the file saved in my downloads folder.
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That's fine.

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! This is the last check-in for you. Please update us on your situation here. We'd love to help!
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.