also @ TechSpot: Intel says Haswell will improve battery life by 50 percent

Sirefef

Discussion in 'Virus and Malware Removal' started by skfr33, Jul 2, 2012.

Post New Reply

  1. skfr33 Newcomer, in training

    I believe I have, or had the Sirefef trojan that seems to be very popular here.
    The file "C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe" lead me to believe this along with a huge slowdown due to a services.exe process. I did not get any restarts or antivirus shutdowns like many have reported. I attempted to fix this using previous threads, but I am not sure if it was removed completely due to the file still being there.

    I did use the ComboFix method before and it seemed to get rid of the services process slowing down my computer. The only other things I did were some scans which didn't look to be bad.

    Can someone please help me make sure this thing is gone, and gone for good? I really appreciate it!
    skfr33, Jul 2, 2012
    #1

  2. Bobbye Helper on the Fringe Posts: 16,406   +16

    Perhaps you can give us something to work with> Although we try to discourage users running Combofix on their own, since you went ahead, if it's been in the past few days, please paste the Combofix log in your next reply.
    NOTE: if you do not have that log, don't run it again at this time.
    ====================================
    Please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    NOTE: Please do no run any other scanning or cleaning programs except those I instruct you to.
    Bobbye, Jul 2, 2012
    #2

  3. skfr33 Newcomer, in training

    Here is my Combofix log, after running this is when the services.exe stopped using all of my process.


    ComboFix 12-07-02.01 - Spencer 07/02/2012 5:41.1.6 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6588 [GMT -4:00]
    Running from: c:\users\Spencer\Desktop\ComboFix.exe
    Command switches used :: c:\users\Spencer\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\CFLog
    c:\cflog\CrashLog_20120325.txt
    c:\cflog\EPLog.txt
    c:\users\Spencer\Documents\ShopToWin
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\System32\services.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-02 07:58 . 2012-07-02 07:58--------d-sh--w-c:\windows\SysWow64\%APPDATA%
    2012-07-02 07:57 . 2012-07-02 07:57--------d-----w-c:\users\Spencer\AppData\Local\Futuremark_Corporation
    2012-07-02 07:54 . 2012-07-02 07:54--------d-----w-c:\program files (x86)\Common Files\Futuremark Shared
    2012-06-29 22:05 . 2012-06-29 22:05--------d-----w-c:\users\Spencer\AppData\Local\PreEmptive Solutions
    2012-06-29 22:01 . 2012-06-29 22:15--------d-----w-c:\users\Spencer\AppData\Local\Gapotchenko
    2012-06-29 05:32 . 2012-06-29 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\Awesomium
    2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-c:\users\Spencer\AppData\Local\SCE
    2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-C:\Crash
    2012-06-23 03:57 . 2007-03-20 16:3343520----a-w-c:\windows\SysWow64\libusb0.dll
    2012-06-21 21:01 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-21 21:01 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-21 21:01 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-06-21 21:01 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-21 21:01 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-06-21 21:01 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-21 21:01 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-06-21 21:01 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-21 21:01 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-06-20 05:33 . 2012-06-20 05:33--------d-----w-c:\users\Spencer\AppData\Local\NuGet
    2012-06-20 05:32 . 2012-06-20 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\NuGet
    2012-06-19 07:51 . 2012-06-19 07:51--------d--h--w-c:\programdata\Common Files
    2012-06-19 07:43 . 2012-06-19 07:43--------d-----w-c:\users\Spencer\AppData\Local\Macromedia
    2012-06-18 22:44 . 2012-06-18 22:44--------d-----w-c:\users\Spencer\AppData\Local\Funcom
    2012-06-18 20:40 . 2012-06-18 20:40275360----a-w-c:\windows\system32\DreamScene.dll
    2012-06-18 20:40 . 2012-06-18 20:40--------d-----w-c:\windows\system32\WDSA
    2012-06-15 07:55 . 2012-06-15 07:55--------d-----w-c:\programdata\NVIDIA
    2012-06-13 22:04 . 2012-04-26 05:3476288----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-13 22:04 . 2012-04-26 05:34149504----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-06-13 22:04 . 2012-04-26 05:289216----a-w-c:\windows\system32\rdrmemptylst.exe
    2012-06-13 22:04 . 2012-05-02 05:32208896----a-w-c:\windows\system32\profsvc.dll
    2012-06-13 22:04 . 2012-05-04 10:525505392----a-w-c:\windows\system32\ntoskrnl.exe
    2012-06-13 22:04 . 2012-05-04 10:083958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 22:04 . 2012-05-04 10:083902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 22:04 . 2012-05-15 01:323144192----a-w-c:\windows\system32\win32k.sys
    2012-06-13 22:04 . 2012-04-28 03:50204800----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 22:03 . 2012-04-07 12:183213824----a-w-c:\windows\system32\msi.dll
    2012-06-13 22:03 . 2012-04-07 11:342342400----a-w-c:\windows\SysWow64\msi.dll
    2012-06-13 22:03 . 2012-04-24 05:591460224----a-w-c:\windows\system32\crypt32.dll
    2012-06-13 22:03 . 2012-04-24 05:59182272----a-w-c:\windows\system32\cryptsvc.dll
    2012-06-13 22:03 . 2012-04-24 05:59140288----a-w-c:\windows\system32\cryptnet.dll
    2012-06-13 22:03 . 2012-04-24 04:471156608----a-w-c:\windows\SysWow64\crypt32.dll
    2012-06-13 22:03 . 2012-04-24 04:47139264----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 22:03 . 2012-04-24 04:47103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-06-08 02:03 . 2012-06-08 02:03--------d-----w-c:\users\Spencer\AppData\Local\ESN Sonar
    2012-06-06 07:00 . 2012-06-06 07:00--------d-----w-c:\program files (x86)\Common Files\PX Storage Engine
    2012-06-06 06:40 . 2011-03-30 20:2698304----a-w-c:\program files (x86)\Windows Media Player\wmp.dll
    2012-06-06 06:40 . 2012-06-06 06:40--------d-----w-c:\program files (x86)\Windows Media Player Plus!
    2012-06-05 06:27 . 2012-06-05 06:27--------d-----w-c:\programdata\ATI
    2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD AVT
    2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD APP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-29 05:32 . 2012-01-20 22:45283312----a-w-c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-29 05:32 . 2012-01-20 22:40283312----a-w-c:\windows\SysWow64\PnkBstrB.exe
    2012-06-29 01:40 . 2012-01-20 22:40282512----a-w-c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-29 01:39 . 2012-01-20 22:4076888----a-w-c:\windows\SysWow64\PnkBstrA.exe
    2012-06-24 23:10 . 2012-04-06 01:11276504----a-w-c:\windows\SysWow64\atiglpxx.dll
    2012-06-24 23:10 . 2012-04-06 01:11359960----a-w-c:\windows\system32\atig6pxx.dll
    2012-06-24 23:10 . 2012-02-15 03:18197656----a-w-c:\windows\SysWow64\aticfx32.dll
    2012-06-24 23:10 . 2011-12-06 03:16344088----a-w-c:\windows\system32\aticfx64.dll
    2012-06-12 19:59 . 2012-04-04 00:26426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-12 19:59 . 2012-01-21 06:1470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-09 19:49 . 2012-02-05 06:05314392----a-w-c:\windows\system32\EvoDisplayHelper.dll
    2012-06-09 19:49 . 2012-02-05 06:05197144----a-w-c:\windows\SysWow64\EvoDisplayHelper.dll
    2012-05-29 02:06 . 2012-02-13 04:33466456----a-w-c:\windows\system32\wrap_oal.dll
    2012-05-29 02:06 . 2012-02-13 04:33444952----a-w-c:\windows\SysWow64\wrap_oal.dll
    2012-05-29 02:06 . 2012-02-13 04:33122904----a-w-c:\windows\system32\OpenAL32.dll
    2012-05-29 02:06 . 2012-02-13 04:33109080----a-w-c:\windows\SysWow64\OpenAL32.dll
    2012-05-02 04:49 . 2012-05-02 04:492337865----a-w-c:\windows\SysWow64\pbsvc.exe
    2012-04-22 21:54 . 2012-04-22 21:54374792----a-w-c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
    2012-04-22 21:54 . 2012-04-22 21:54157704----a-w-c:\windows\system32\drivers\UMDF\lgSSBW.dll
    2012-04-14 07:38 . 2012-04-04 00:368741536----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-06 05:22 . 2012-04-06 05:2211174400----a-w-c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 02:34 . 2012-04-06 02:34187392----a-w-c:\windows\system32\clinfo.exe
    2012-04-06 02:34 . 2012-04-06 02:3474752----a-w-c:\windows\system32\OpenVideo64.dll
    2012-04-06 02:34 . 2012-04-06 02:3464512----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-04-06 02:33 . 2012-04-06 02:3363488----a-w-c:\windows\system32\OVDecode64.dll
    2012-04-06 02:33 . 2012-04-06 02:3356320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-04-06 02:33 . 2012-04-06 02:3316457216----a-w-c:\windows\system32\amdocl64.dll
    2012-04-06 02:32 . 2012-04-06 02:3213007872----a-w-c:\windows\SysWow64\amdocl.dll
    2012-04-06 02:22 . 2012-04-06 02:22159744----a-w-c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2011-12-06 03:17909312----a-w-c:\windows\SysWow64\aticfx32_evolve.dll
    2012-04-06 02:20 . 2011-12-06 03:161067520----a-w-c:\windows\system32\aticfx64_evolve.dll
    2012-04-06 02:16 . 2012-02-15 03:13442368----a-w-c:\windows\system32\ATIDEMGX.dll
    2012-04-06 02:16 . 2012-04-06 02:16503808----a-w-c:\windows\system32\atieclxx.exe
    2012-04-06 02:16 . 2012-04-06 02:16236544----a-w-c:\windows\system32\atiesrxx.exe
    2012-04-06 02:14 . 2012-04-06 02:14120320----a-w-c:\windows\system32\atitmm64.dll
    2012-04-06 02:14 . 2012-04-06 02:1421504----a-w-c:\windows\system32\atimuixx.dll
    2012-04-06 02:14 . 2012-04-06 02:1459392----a-w-c:\windows\system32\atiedu64.dll
    2012-04-06 02:14 . 2012-04-06 02:1443520----a-w-c:\windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13 . 2012-04-06 02:136800896----a-w-c:\windows\SysWow64\atidxx32.dll
    2012-04-06 02:10 . 2012-02-15 03:2126181632----a-w-c:\windows\system32\atio6axx.dll
    2012-04-06 02:00 . 2011-12-06 02:1864000----a-w-c:\windows\system32\coinst.dll
    2012-04-06 01:54 . 2011-12-06 02:517479296----a-w-c:\windows\system32\atidxx64.dll
    2012-04-06 01:50 . 2012-04-06 01:5019753984----a-w-c:\windows\SysWow64\atioglxx.dll
    2012-04-06 01:35 . 2012-04-06 01:351120768----a-w-c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:341831424----a-w-c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34 . 2012-02-15 02:404731904----a-w-c:\windows\system32\atiumd6a.dll
    2012-04-06 01:34 . 2012-02-15 02:346203392----a-w-c:\windows\SysWow64\atiumdag.dll
    2012-04-06 01:30 . 2012-04-06 01:3051200----a-w-c:\windows\system32\aticalrt64.dll
    2012-04-06 01:30 . 2012-04-06 01:3046080----a-w-c:\windows\SysWow64\aticalrt.dll
    2012-04-06 01:30 . 2012-04-06 01:3044544----a-w-c:\windows\system32\aticalcl64.dll
    2012-04-06 01:30 . 2012-04-06 01:3044032----a-w-c:\windows\SysWow64\aticalcl.dll
    2012-04-06 01:29 . 2012-04-06 01:2916090624----a-w-c:\windows\system32\aticaldd64.dll
    2012-04-06 01:25 . 2012-04-06 01:2513764096----a-w-c:\windows\SysWow64\aticaldd.dll
    2012-04-06 01:23 . 2012-02-15 02:257431680----a-w-c:\windows\system32\atiumd64.dll
    2012-04-06 01:22 . 2012-02-15 02:294795904----a-w-c:\windows\SysWow64\atiumdva.dll
    2012-04-06 01:11 . 2012-02-15 02:14514560----a-w-c:\windows\system32\atiadlxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11360448----a-w-c:\windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11 . 2011-12-06 02:1217408----a-w-c:\windows\system32\atig6pxx_evolve.dll
    2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2011-12-06 02:1214848----a-w-c:\windows\SysWow64\atiglpxx_evolve.dll
    2012-04-06 01:11 . 2012-02-15 02:1341984----a-w-c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:1033280----a-w-c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:10 . 2012-04-06 01:10343040----a-w-c:\windows\system32\drivers\atikmpag.sys
    2012-04-06 01:09 . 2011-12-06 02:1154784----a-w-c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2012-04-06 01:0941984----a-w-c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2012-02-15 02:1244544----a-w-c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2011-12-06 02:1132256----a-w-c:\windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09 . 2012-04-06 01:0953248----a-w-c:\windows\system32\drivers\ati2erec.dll
    2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\atimpc64.dll
    2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\amdpcom64.dll
    2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\atimpc32.dll
    2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\amdpcom32.dll
    2012-04-04 19:56 . 2012-04-29 01:3924904----a-w-c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EvolveClient"="d:\program files\Echobit\Evolve\EvolveClient.exe" [2012-06-24 2466840]
    "Steam"="d:\program files (x86)\Steam\steam.exe" [2012-05-04 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-06-14 5309056]
    "Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
    "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "amd_dc_opt"="d:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    .
    c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 EvoSvc;Evolve Service;d:\program files\Echobit\Evolve\EvoSvc.exe [2012-06-24 1511448]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-14 128928]
    R3 IDVistaService;Input Director Vista Service;d:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R3 X6va007;X6va007; [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
    R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
    R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
    R4 hshld;Hotspot Shield Service;d:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
    R4 HssWd;Hotspot Shield Monitoring Service;d:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 NETGEARGenieDaemon;NETGEARGenieDaemon;d:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2011-10-24 1370400]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
    S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 InputDirector;Input Director Service;d:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
    S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
    S3 EvoKbFilter;Evolve Keyboard Filter Driver;c:\windows\system32\Drivers\EvoKbFilter.sys [2012-02-05 27800]
    S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-02-05 21656]
    S3 EvoMouFilter;Evolve Mouse Filter Driver;c:\windows\system32\Drivers\EvoMouFilter.sys [2012-02-05 24216]
    S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
    S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
    - c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
    .
    2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
    - c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
    - c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
    .
    2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
    - c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2012-03-26 21:45287048----a-w-d:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
    "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
    "combofix"="c:\combofix\CF30378.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=adbartrp&mntrId=da23b6450000000000000000b6bb57a8&q=
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - da23b6450000000000000000b6bb57a8
    FF - user.js: extensions.BabylonToolbar_i.hardId - da23b6450000000000000000b6bb57a8
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:01
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{03f38c00-dda9-46bf-9475-c6997746c740} - (no file)
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    AddRemove-BattlEye for A2 - d:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe
    AddRemove-BattlEye for OA - d:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe
    AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - d:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    d:\program files (x86)\Input Director\InputDirectorSessionHelper.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-02 05:49:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-02 09:49
    .
    Pre-Run: 12,599,394,304 bytes free
    Post-Run: 14,825,771,008 bytes free
    .
    - - End Of File - - CEA84784155225FA242E8180F84A3389
    skfr33, Jul 2, 2012
    #3

  4. skfr33 Newcomer, in training

    Here is my Malwarebytes scan.

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.02.01

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Spencer :: SPENCER-PC [administrator]

    Protection: Disabled

    7/2/2012 4:31:09 PM
    mbam-log-2012-07-02 (16-31-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211052
    Time elapsed: 1 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    GMER Scan was completely blank



    DDS Scan
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Spencer at 16:44:24 on 2012-07-02
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.5973 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    D:\Program Files\Sandboxie\SbieSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    D:\Program Files (x86)\Input Director\IDWinService.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    D:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\McAfee\MAT\McPvTray.exe
    C:\Users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Users\Spencer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622221538.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    uRun: [EvolveClient] D:\Program Files\Echobit\Evolve\EvolveClient.exe -autorun
    uRun: [Steam] "D:\Program Files (x86)\Steam\steam.exe" -silent
    mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
    mRun: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
    mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [amd_dc_opt] D:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    StartupFolder: C:\Users\Spencer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 3 (0x3)
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{E8072088-3972-4F66-8A8F-772745F596B7} : DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{EBAC0481-4936-4FC4-8C1C-DBC4BDF0BBB9} : DhcpNameServer = 10.1.48.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    BHO-X64: AMD SteadyVideo BHO - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622221538.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
    mRun-x64: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
    mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [amd_dc_opt] D:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=adbartrp&mntrId=da23b6450000000000000000b6bb57a8&q=
    FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Spencer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Spencer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Spencer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\extensions\{03f38c00-dda9-46bf-9475-c6997746c740}\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
    FF - plugin: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - da23b6450000000000000000b6bb57a8
    FF - user.js: extensions.BabylonToolbar_i.hardId - da23b6450000000000000000b6bb57a8
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:01:28
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 InputDirector;Input Director Service;D:\Program Files (x86)\Input Director\IDWinService.exe [2010-2-1 36864]
    R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-28 654408]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-20 249936]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-20 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-20 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-1-20 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-1-20 199272]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-1-20 210584]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 EvoKbFilter;Evolve Keyboard Filter Driver;\??\C:\Windows\system32\Drivers\EvoKbFilter.sys --> C:\Windows\system32\Drivers\EvoKbFilter.sys [?]
    R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\system32\DRIVERS\evolve.sys --> C:\Windows\system32\DRIVERS\evolve.sys [?]
    R3 EvoMouFilter;Evolve Mouse Filter Driver;\??\C:\Windows\system32\Drivers\EvoMouFilter.sys --> C:\Windows\system32\Drivers\EvoMouFilter.sys [?]
    R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?]
    R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 SbieDrv;SbieDrv;D:\Program Files\Sandboxie\SbieDrv.sys [2012-4-10 164528]
    S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 EvoSvc;Evolve Service;D:\Program Files\Echobit\Evolve\EvoSvc.exe [2012-2-5 1511448]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-7-2 128928]
    S3 IDVistaService;Input Director Vista Service;D:\Program Files (x86)\Input Director\IDVistaService.exe [2009-2-7 13824]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-2-17 497496]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
    S4 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2012-2-27 96896]
    S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe --> D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [?]
    S4 hshld;Hotspot Shield Service;D:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-3-26 542040]
    S4 HssWd;Hotspot Shield Monitoring Service;D:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> D:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 NETGEARGenieDaemon;NETGEARGenieDaemon;D:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2011-10-23 1370400]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
    .
    =============== Created Last 30 ================
    .
    2012-07-02 10:49:48--------d-----w-C:\Program Files (x86)\ESET
    2012-07-02 10:25:30--------d-----w-C:\FRST
    2012-07-02 09:48:03--------d-----w-C:\$RECYCLE.BIN
    2012-07-02 09:41:36328704----a-w-C:\Windows\SysWow64\services.exe
    2012-07-02 09:40:39--------d-----w-C:\ComboFix
    2012-07-02 09:39:54208896----a-w-C:\Windows\MBR.exe
    2012-07-02 09:39:5298816----a-w-C:\Windows\sed.exe
    2012-07-02 09:39:52518144----a-w-C:\Windows\SWREG.exe
    2012-07-02 09:39:52256000----a-w-C:\Windows\PEV.exe
    2012-07-02 07:58:26--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-07-02 07:57:06--------d-----w-C:\Users\Spencer\AppData\Local\Futuremark_Corporation
    2012-07-02 07:54:25--------d-----w-C:\Program Files (x86)\Common Files\Futuremark Shared
    2012-06-29 22:05:41--------d-----w-C:\Users\Spencer\AppData\Local\PreEmptive Solutions
    2012-06-29 22:01:33--------d-----w-C:\Users\Spencer\AppData\Local\Gapotchenko
    2012-06-29 05:32:18--------d-----w-C:\Users\Spencer\AppData\Roaming\Awesomium
    2012-06-29 01:38:11--------d-----w-C:\Users\Spencer\AppData\Local\SCE
    2012-06-29 01:38:11--------d-----w-C:\Crash
    2012-06-23 03:57:2243520----a-w-C:\Windows\SysWow64\libusb0.dll
    2012-06-21 21:01:382622464----a-w-C:\Windows\System32\wucltux.dll
    2012-06-21 21:01:3699840----a-w-C:\Windows\System32\wudriver.dll
    2012-06-21 21:01:3436864----a-w-C:\Windows\System32\wuapp.exe
    2012-06-21 21:01:34186752----a-w-C:\Windows\System32\wuwebv.dll
    2012-06-20 05:33:13--------d-----w-C:\Users\Spencer\AppData\Local\NuGet
    2012-06-20 05:32:30--------d-----w-C:\Users\Spencer\AppData\Roaming\NuGet
    2012-06-19 07:51:51--------d--h--w-C:\ProgramData\Common Files
    2012-06-19 07:43:07--------d-----w-C:\Users\Spencer\AppData\Local\Macromedia
    2012-06-18 22:44:40--------d-----w-C:\Users\Spencer\AppData\Local\Funcom
    2012-06-18 20:40:57275360----a-w-C:\Windows\System32\DreamScene.dll
    2012-06-18 20:40:57--------d-----w-C:\Windows\System32\WDSA
    2012-06-13 22:04:169216----a-w-C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 22:04:1676288----a-w-C:\Windows\System32\rdpwsx.dll
    2012-06-13 22:04:16149504----a-w-C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 22:04:12208896----a-w-C:\Windows\System32\profsvc.dll
    2012-06-13 22:04:115505392----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-06-13 22:04:093958128----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-13 22:04:093902320----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-13 22:04:013144192----a-w-C:\Windows\System32\win32k.sys
    2012-06-13 22:04:00204800----a-w-C:\Windows\System32\drivers\rdpwd.sys
    2012-06-13 22:03:593213824----a-w-C:\Windows\System32\msi.dll
    2012-06-13 22:03:582342400----a-w-C:\Windows\SysWow64\msi.dll
    2012-06-13 22:03:551460224----a-w-C:\Windows\System32\crypt32.dll
    2012-06-13 22:03:54182272----a-w-C:\Windows\System32\cryptsvc.dll
    2012-06-13 22:03:54140288----a-w-C:\Windows\System32\cryptnet.dll
    2012-06-13 22:03:541156608----a-w-C:\Windows\SysWow64\crypt32.dll
    2012-06-13 22:03:53139264----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2012-06-13 22:03:53103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2012-06-08 02:03:25--------d-----w-C:\Users\Spencer\AppData\Local\ESN Sonar
    2012-06-06 07:00:47--------d-----w-C:\Program Files (x86)\Common Files\PX Storage Engine
    2012-06-06 06:40:1398304----a-w-C:\Program Files (x86)\Windows Media Player\wmp.dll
    2012-06-06 06:40:12--------d-----w-C:\Program Files (x86)\Windows Media Player Plus!
    2012-06-05 06:26:58--------d-----w-C:\Program Files (x86)\AMD AVT
    2012-06-05 06:26:55--------d-----w-C:\Program Files (x86)\AMD APP
    .
    ==================== Find3M ====================
    .
    2012-06-29 05:32:38283312----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
    2012-06-29 05:32:38283312----a-w-C:\Windows\SysWow64\PnkBstrB.exe
    2012-06-29 01:40:12282512----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
    2012-06-29 01:39:5476888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
    2012-06-24 23:10:55276504----a-w-C:\Windows\SysWow64\atiglpxx.dll
    2012-06-24 23:10:54359960----a-w-C:\Windows\System32\atig6pxx.dll
    2012-06-24 23:10:54344088----a-w-C:\Windows\System32\aticfx64.dll
    2012-06-24 23:10:54197656----a-w-C:\Windows\SysWow64\aticfx32.dll
    2012-06-12 19:59:5670344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-12 19:59:56426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-09 19:49:09314392----a-w-C:\Windows\System32\EvoDisplayHelper.dll
    2012-06-09 19:49:09197144----a-w-C:\Windows\SysWow64\EvoDisplayHelper.dll
    2012-05-29 02:06:20466456----a-w-C:\Windows\System32\wrap_oal.dll
    2012-05-29 02:06:20444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
    2012-05-29 02:06:20122904----a-w-C:\Windows\System32\OpenAL32.dll
    2012-05-29 02:06:20109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
    2012-05-18 02:06:482311680----a-w-C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:141392128----a-w-C:\Windows\System32\wininet.dll
    2012-05-18 01:58:391494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:302382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:371800192----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:471129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:391427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-05-02 04:49:222337865----a-w-C:\Windows\SysWow64\pbsvc.exe
    2012-04-22 21:54:51374792----a-w-C:\Windows\System32\drivers\UMDF\lgSSQVGA.dll
    2012-04-22 21:54:51157704----a-w-C:\Windows\System32\drivers\UMDF\lgSSBW.dll
    2012-04-14 07:38:448741536----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-06 05:22:4011174400----a-w-C:\Windows\System32\drivers\atikmdag.sys
    2012-04-06 02:34:26187392----a-w-C:\Windows\System32\clinfo.exe
    2012-04-06 02:34:1074752----a-w-C:\Windows\System32\OpenVideo64.dll
    2012-04-06 02:34:0464512----a-w-C:\Windows\SysWow64\OpenVideo.dll
    2012-04-06 02:33:5663488----a-w-C:\Windows\System32\OVDecode64.dll
    2012-04-06 02:33:5256320----a-w-C:\Windows\SysWow64\OVDecode.dll
    2012-04-06 02:33:4416457216----a-w-C:\Windows\System32\amdocl64.dll
    2012-04-06 02:32:5613007872----a-w-C:\Windows\SysWow64\amdocl.dll
    2012-04-06 02:22:00159744----a-w-C:\Windows\System32\atiapfxx.exe
    2012-04-06 02:21:52909312----a-w-C:\Windows\SysWow64\aticfx32_evolve.dll
    2012-04-06 02:20:041067520----a-w-C:\Windows\System32\aticfx64_evolve.dll
    2012-04-06 02:16:52442368----a-w-C:\Windows\System32\ATIDEMGX.dll
    2012-04-06 02:16:46503808----a-w-C:\Windows\System32\atieclxx.exe
    2012-04-06 02:16:02236544----a-w-C:\Windows\System32\atiesrxx.exe
    2012-04-06 02:14:44120320----a-w-C:\Windows\System32\atitmm64.dll
    2012-04-06 02:14:3021504----a-w-C:\Windows\System32\atimuixx.dll
    2012-04-06 02:14:2659392----a-w-C:\Windows\System32\atiedu64.dll
    2012-04-06 02:14:2043520----a-w-C:\Windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13:426800896----a-w-C:\Windows\SysWow64\atidxx32.dll
    2012-04-06 02:10:5026181632----a-w-C:\Windows\System32\atio6axx.dll
    2012-04-06 02:00:1064000----a-w-C:\Windows\System32\coinst.dll
    2012-04-06 01:54:467479296----a-w-C:\Windows\System32\atidxx64.dll
    2012-04-06 01:50:5619753984----a-w-C:\Windows\SysWow64\atioglxx.dll
    2012-04-06 01:35:241120768----a-w-C:\Windows\System32\atiumd6v.dll
    2012-04-06 01:34:501831424----a-w-C:\Windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34:344731904----a-w-C:\Windows\System32\atiumd6a.dll
    2012-04-06 01:34:046203392----a-w-C:\Windows\SysWow64\atiumdag.dll
    2012-04-06 01:30:1651200----a-w-C:\Windows\System32\aticalrt64.dll
    2012-04-06 01:30:1446080----a-w-C:\Windows\SysWow64\aticalrt.dll
    2012-04-06 01:30:0844544----a-w-C:\Windows\System32\aticalcl64.dll
    2012-04-06 01:30:0644032----a-w-C:\Windows\SysWow64\aticalcl.dll
    2012-04-06 01:29:5416090624----a-w-C:\Windows\System32\aticaldd64.dll
    2012-04-06 01:25:3013764096----a-w-C:\Windows\SysWow64\aticaldd.dll
    2012-04-06 01:23:247431680----a-w-C:\Windows\System32\atiumd64.dll
    2012-04-06 01:22:544795904----a-w-C:\Windows\SysWow64\atiumdva.dll
    2012-04-06 01:11:28514560----a-w-C:\Windows\System32\atiadlxx.dll
    2012-04-06 01:11:20360448----a-w-C:\Windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11:0617408----a-w-C:\Windows\System32\atig6pxx_evolve.dll
    2012-04-06 01:11:0414848----a-w-C:\Windows\SysWow64\atiglpxx_evolve.dll
    2012-04-06 01:11:0414848----a-w-C:\Windows\System32\atiglpxx.dll
    2012-04-06 01:11:0041984----a-w-C:\Windows\System32\atig6txx.dll
    2012-04-06 01:10:5233280----a-w-C:\Windows\SysWow64\atigktxx.dll
    2012-04-06 01:10:44343040----a-w-C:\Windows\System32\drivers\atikmpag.sys
    2012-04-06 01:09:5654784----a-w-C:\Windows\System32\atiuxp64.dll
    2012-04-06 01:09:4841984----a-w-C:\Windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09:4244544----a-w-C:\Windows\System32\atiu9p64.dll
    2012-04-06 01:09:3432256----a-w-C:\Windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09:0253248----a-w-C:\Windows\System32\drivers\ati2erec.dll
    2012-04-06 01:06:0854784----a-w-C:\Windows\System32\atimpc64.dll
    2012-04-06 01:06:0854784----a-w-C:\Windows\System32\amdpcom64.dll
    2012-04-06 01:06:0453760----a-w-C:\Windows\SysWow64\atimpc32.dll
    2012-04-06 01:06:0453760----a-w-C:\Windows\SysWow64\amdpcom32.dll
    2012-04-04 19:56:4024904----a-w-C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 16:44:39.01 ===============


    These seem clean, but what is this services.exe file that I found which is also on infected computers? It got me very paranoid, but is it possible I fixed it using the ComboFix?
    skfr33, Jul 2, 2012
    #4

  5. skfr33 Newcomer, in training

    Can anyone confirm that I am clean, and is this file a threat still? "C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe"
    skfr33, Jul 2, 2012
    #5

  6. Bobbye Helper on the Fringe Posts: 16,406   +16

    Who prepared this fix?
    It looks like you live on the wild side! What I'm seeing is that it appears you followed directions given to someone else and you ran:
    Then you set up your own CFFix- not a safe thing to do! Additionally, it appears you have done this previously as there is a registry entry for "combofix"="c:\combofix\CF30378.3XE" [2009-07-14 344576]
    When we have completed cleaning, we have you remove the cleaning tools, including Combofix, it's backups and logs.

    And when we have you run Combofix, Combofix instructions when followed, call for disabling security before the scan- which you didn't:
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled
    FW: McAfee Firewall *Enabled*
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/

    All of these scans were run this morning, including Combofix. So I am not sure what was found, what was removed- but I still see traces of the malware. The CFFix that was set up did not include everything it should have- Firefox has also been infected with the Babylon Toolbar.
    =======================================
    Here's what I'd like you to do:
    1. . Uninstall Combofix:
      • Click START> then RUN
      • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    2. . Download Combofix from HERE or HERE and save to the desktop
        • Double click combofix.exe & follow the prompts.
        • If prompted for Recovery Console, please allow.
        • Once installed, you should see a blue screen prompt that says:
        • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.
        • Note: No query will be made if the Recovery Console is already on the system.
      • Close any open browsers.
      • Before you run the Combofix scan, please disable any security software you have running.
        (If you need help with this, please see HERE)
      • Click on Yes, to continue scanning for malware
      • If Combofix asks you to update the program, allow
      • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
      Re-enable your Antivirus software.
      Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
      Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    3. Update and rescan with Eset:

      To run the Eset Online Virus Scan:
      If you use Internet Explorer:
      1. Open the ESETOnlineScan
      2. Skip to #4 to "Continue with the directions"

        If you are using a browser other than Internet Explorer
      3. Open Eset Smart Installer
        [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
        [o] Double click on the desktop icon to run.
        [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
      4. Continue with the directions.
      5. Check 'Yes I accept terms of use.'
      6. Click Start button
      7. Accept any security warnings from your browser.
      8. Uncheck 'Remove found threats'
      9. Check 'Scan archives/
      10. Leave remaining settings as is.
      11. Press the Start button.
      12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
      13. When the scan completes, press List of found threats
      14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
      15. Push the Back button, then Finish
      NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
      ======================================
    4. . Please download Farbar Service Scanner
      • Check ALL boxes to include all files.
      • Press the Scan button
      • Log named FSS.txt will be created in the same directory as the tool
      • Please paste the log into your next reply
      Please leave the new logs in your next reply.

    NOTE: Do not attempt to do any fixes on your own!
    Bobbye, Jul 2, 2012
    #6
     

  7. skfr33 Newcomer, in training

    ComboFix Scan

    ComboFix 12-07-02.01 - Spencer 07/02/2012 21:27:33.2.6 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6231 [GMT -4:00]
    Running from: c:\users\Spencer\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-03 01:30 . 2012-07-03 01:30--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-02 10:25 . 2012-07-02 10:26--------d-----w-C:\FRST
    2012-07-02 09:41 . 2009-07-14 01:39328704----a-w-c:\windows\SysWow64\services.exe
    2012-07-02 07:58 . 2012-07-02 07:58--------d-sh--w-c:\windows\SysWow64\%APPDATA%
    2012-07-02 07:57 . 2012-07-02 07:57--------d-----w-c:\users\Spencer\AppData\Local\Futuremark_Corporation
    2012-07-02 07:54 . 2012-07-02 07:54--------d-----w-c:\program files (x86)\Common Files\Futuremark Shared
    2012-06-29 22:05 . 2012-06-29 22:05--------d-----w-c:\users\Spencer\AppData\Local\PreEmptive Solutions
    2012-06-29 22:01 . 2012-06-29 22:15--------d-----w-c:\users\Spencer\AppData\Local\Gapotchenko
    2012-06-29 05:32 . 2012-06-29 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\Awesomium
    2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-c:\users\Spencer\AppData\Local\SCE
    2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-C:\Crash
    2012-06-23 03:57 . 2007-03-20 16:3343520----a-w-c:\windows\SysWow64\libusb0.dll
    2012-06-21 21:01 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-21 21:01 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-21 21:01 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-06-21 21:01 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-21 21:01 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-06-21 21:01 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-21 21:01 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-06-21 21:01 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-21 21:01 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-06-20 05:33 . 2012-06-20 05:33--------d-----w-c:\users\Spencer\AppData\Local\NuGet
    2012-06-20 05:32 . 2012-06-20 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\NuGet
    2012-06-19 07:51 . 2012-06-19 07:51--------d--h--w-c:\programdata\Common Files
    2012-06-19 07:43 . 2012-06-19 07:43--------d-----w-c:\users\Spencer\AppData\Local\Macromedia
    2012-06-18 22:44 . 2012-06-18 22:44--------d-----w-c:\users\Spencer\AppData\Local\Funcom
    2012-06-18 20:40 . 2012-06-18 20:40275360----a-w-c:\windows\system32\DreamScene.dll
    2012-06-18 20:40 . 2012-06-18 20:40--------d-----w-c:\windows\system32\WDSA
    2012-06-15 07:55 . 2012-06-15 07:55--------d-----w-c:\programdata\NVIDIA
    2012-06-13 22:04 . 2012-04-26 05:3476288----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-13 22:04 . 2012-04-26 05:34149504----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-06-13 22:04 . 2012-04-26 05:289216----a-w-c:\windows\system32\rdrmemptylst.exe
    2012-06-13 22:04 . 2012-05-02 05:32208896----a-w-c:\windows\system32\profsvc.dll
    2012-06-13 22:04 . 2012-05-04 10:525505392----a-w-c:\windows\system32\ntoskrnl.exe
    2012-06-13 22:04 . 2012-05-04 10:083958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 22:04 . 2012-05-04 10:083902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 22:04 . 2012-05-15 01:323144192----a-w-c:\windows\system32\win32k.sys
    2012-06-13 22:04 . 2012-04-28 03:50204800----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 22:03 . 2012-04-07 12:183213824----a-w-c:\windows\system32\msi.dll
    2012-06-13 22:03 . 2012-04-07 11:342342400----a-w-c:\windows\SysWow64\msi.dll
    2012-06-13 22:03 . 2012-04-24 05:591460224----a-w-c:\windows\system32\crypt32.dll
    2012-06-13 22:03 . 2012-04-24 05:59182272----a-w-c:\windows\system32\cryptsvc.dll
    2012-06-13 22:03 . 2012-04-24 05:59140288----a-w-c:\windows\system32\cryptnet.dll
    2012-06-13 22:03 . 2012-04-24 04:471156608----a-w-c:\windows\SysWow64\crypt32.dll
    2012-06-13 22:03 . 2012-04-24 04:47139264----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 22:03 . 2012-04-24 04:47103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-06-08 02:03 . 2012-06-08 02:03--------d-----w-c:\users\Spencer\AppData\Local\ESN Sonar
    2012-06-06 07:00 . 2012-06-06 07:00--------d-----w-c:\program files (x86)\Common Files\PX Storage Engine
    2012-06-06 06:40 . 2011-03-30 20:2698304----a-w-c:\program files (x86)\Windows Media Player\wmp.dll
    2012-06-06 06:40 . 2012-06-06 06:40--------d-----w-c:\program files (x86)\Windows Media Player Plus!
    2012-06-05 06:27 . 2012-06-05 06:27--------d-----w-c:\programdata\ATI
    2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD AVT
    2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD APP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-29 05:32 . 2012-01-20 22:45283312----a-w-c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-29 05:32 . 2012-01-20 22:40283312----a-w-c:\windows\SysWow64\PnkBstrB.exe
    2012-06-29 01:40 . 2012-01-20 22:40282512----a-w-c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-29 01:39 . 2012-01-20 22:4076888----a-w-c:\windows\SysWow64\PnkBstrA.exe
    2012-06-24 23:10 . 2012-04-06 01:11276504----a-w-c:\windows\SysWow64\atiglpxx.dll
    2012-06-24 23:10 . 2012-04-06 01:11359960----a-w-c:\windows\system32\atig6pxx.dll
    2012-06-24 23:10 . 2012-02-15 03:18197656----a-w-c:\windows\SysWow64\aticfx32.dll
    2012-06-24 23:10 . 2011-12-06 03:16344088----a-w-c:\windows\system32\aticfx64.dll
    2012-06-12 19:59 . 2012-04-04 00:26426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-12 19:59 . 2012-01-21 06:1470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-09 19:49 . 2012-02-05 06:05314392----a-w-c:\windows\system32\EvoDisplayHelper.dll
    2012-06-09 19:49 . 2012-02-05 06:05197144----a-w-c:\windows\SysWow64\EvoDisplayHelper.dll
    2012-05-29 02:06 . 2012-02-13 04:33466456----a-w-c:\windows\system32\wrap_oal.dll
    2012-05-29 02:06 . 2012-02-13 04:33444952----a-w-c:\windows\SysWow64\wrap_oal.dll
    2012-05-29 02:06 . 2012-02-13 04:33122904----a-w-c:\windows\system32\OpenAL32.dll
    2012-05-29 02:06 . 2012-02-13 04:33109080----a-w-c:\windows\SysWow64\OpenAL32.dll
    2012-05-02 04:49 . 2012-05-02 04:492337865----a-w-c:\windows\SysWow64\pbsvc.exe
    2012-04-22 21:54 . 2012-04-22 21:54374792----a-w-c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
    2012-04-22 21:54 . 2012-04-22 21:54157704----a-w-c:\windows\system32\drivers\UMDF\lgSSBW.dll
    2012-04-14 07:38 . 2012-04-04 00:368741536----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-06 05:22 . 2012-04-06 05:2211174400----a-w-c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 02:34 . 2012-04-06 02:34187392----a-w-c:\windows\system32\clinfo.exe
    2012-04-06 02:34 . 2012-04-06 02:3474752----a-w-c:\windows\system32\OpenVideo64.dll
    2012-04-06 02:34 . 2012-04-06 02:3464512----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-04-06 02:33 . 2012-04-06 02:3363488----a-w-c:\windows\system32\OVDecode64.dll
    2012-04-06 02:33 . 2012-04-06 02:3356320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-04-06 02:33 . 2012-04-06 02:3316457216----a-w-c:\windows\system32\amdocl64.dll
    2012-04-06 02:32 . 2012-04-06 02:3213007872----a-w-c:\windows\SysWow64\amdocl.dll
    2012-04-06 02:22 . 2012-04-06 02:22159744----a-w-c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2011-12-06 03:17909312----a-w-c:\windows\SysWow64\aticfx32_evolve.dll
    2012-04-06 02:20 . 2011-12-06 03:161067520----a-w-c:\windows\system32\aticfx64_evolve.dll
    2012-04-06 02:16 . 2012-02-15 03:13442368----a-w-c:\windows\system32\ATIDEMGX.dll
    2012-04-06 02:16 . 2012-04-06 02:16503808----a-w-c:\windows\system32\atieclxx.exe
    2012-04-06 02:16 . 2012-04-06 02:16236544----a-w-c:\windows\system32\atiesrxx.exe
    2012-04-06 02:14 . 2012-04-06 02:14120320----a-w-c:\windows\system32\atitmm64.dll
    2012-04-06 02:14 . 2012-04-06 02:1421504----a-w-c:\windows\system32\atimuixx.dll
    2012-04-06 02:14 . 2012-04-06 02:1459392----a-w-c:\windows\system32\atiedu64.dll
    2012-04-06 02:14 . 2012-04-06 02:1443520----a-w-c:\windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13 . 2012-04-06 02:136800896----a-w-c:\windows\SysWow64\atidxx32.dll
    2012-04-06 02:10 . 2012-02-15 03:2126181632----a-w-c:\windows\system32\atio6axx.dll
    2012-04-06 02:00 . 2011-12-06 02:1864000----a-w-c:\windows\system32\coinst.dll
    2012-04-06 01:54 . 2011-12-06 02:517479296----a-w-c:\windows\system32\atidxx64.dll
    2012-04-06 01:50 . 2012-04-06 01:5019753984----a-w-c:\windows\SysWow64\atioglxx.dll
    2012-04-06 01:35 . 2012-04-06 01:351120768----a-w-c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:341831424----a-w-c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34 . 2012-02-15 02:404731904----a-w-c:\windows\system32\atiumd6a.dll
    2012-04-06 01:34 . 2012-02-15 02:346203392----a-w-c:\windows\SysWow64\atiumdag.dll
    2012-04-06 01:30 . 2012-04-06 01:3051200----a-w-c:\windows\system32\aticalrt64.dll
    2012-04-06 01:30 . 2012-04-06 01:3046080----a-w-c:\windows\SysWow64\aticalrt.dll
    2012-04-06 01:30 . 2012-04-06 01:3044544----a-w-c:\windows\system32\aticalcl64.dll
    2012-04-06 01:30 . 2012-04-06 01:3044032----a-w-c:\windows\SysWow64\aticalcl.dll
    2012-04-06 01:29 . 2012-04-06 01:2916090624----a-w-c:\windows\system32\aticaldd64.dll
    2012-04-06 01:25 . 2012-04-06 01:2513764096----a-w-c:\windows\SysWow64\aticaldd.dll
    2012-04-06 01:23 . 2012-02-15 02:257431680----a-w-c:\windows\system32\atiumd64.dll
    2012-04-06 01:22 . 2012-02-15 02:294795904----a-w-c:\windows\SysWow64\atiumdva.dll
    2012-04-06 01:11 . 2012-02-15 02:14514560----a-w-c:\windows\system32\atiadlxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11360448----a-w-c:\windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11 . 2011-12-06 02:1217408----a-w-c:\windows\system32\atig6pxx_evolve.dll
    2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2011-12-06 02:1214848----a-w-c:\windows\SysWow64\atiglpxx_evolve.dll
    2012-04-06 01:11 . 2012-02-15 02:1341984----a-w-c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:1033280----a-w-c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:10 . 2012-04-06 01:10343040----a-w-c:\windows\system32\drivers\atikmpag.sys
    2012-04-06 01:09 . 2011-12-06 02:1154784----a-w-c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2012-04-06 01:0941984----a-w-c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2012-02-15 02:1244544----a-w-c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2011-12-06 02:1132256----a-w-c:\windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09 . 2012-04-06 01:0953248----a-w-c:\windows\system32\drivers\ati2erec.dll
    2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\atimpc64.dll
    2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\amdpcom64.dll
    2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\atimpc32.dll
    2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\amdpcom32.dll
    2012-04-04 19:56 . 2012-04-29 01:3924904----a-w-c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EvolveClient"="d:\program files\Echobit\Evolve\EvolveClient.exe" [2012-06-24 2466840]
    "Steam"="d:\program files (x86)\Steam\steam.exe" [2012-05-04 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-06-14 5309056]
    "Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
    "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "amd_dc_opt"="d:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    .
    c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    R3 EvoSvc;Evolve Service;d:\program files\Echobit\Evolve\EvoSvc.exe [2012-06-24 1511448]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-14 128928]
    R3 IDVistaService;Input Director Vista Service;d:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R3 X6va007;X6va007; [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
    R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
    R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
    R4 hshld;Hotspot Shield Service;d:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
    R4 HssWd;Hotspot Shield Monitoring Service;d:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 NETGEARGenieDaemon;NETGEARGenieDaemon;d:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2011-10-24 1370400]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
    S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 InputDirector;Input Director Service;d:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
    S3 EvoKbFilter;Evolve Keyboard Filter Driver;c:\windows\system32\Drivers\EvoKbFilter.sys [2012-02-05 27800]
    S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-02-05 21656]
    S3 EvoMouFilter;Evolve Mouse Filter Driver;c:\windows\system32\Drivers\EvoMouFilter.sys [2012-02-05 24216]
    S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
    S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
    - c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
    .
    2012-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
    - c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
    .
    2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
    - c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
    .
    2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
    - c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
    "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=adbartrp&mntrId=da23b6450000000000000000b6bb57a8&q=
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - da23b6450000000000000000b6bb57a8
    FF - user.js: extensions.BabylonToolbar_i.hardId - da23b6450000000000000000b6bb57a8
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:01
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    AddRemove-BattlEye for A2 - d:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe
    AddRemove-BattlEye for OA - d:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe
    AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - d:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    d:\program files (x86)\Input Director\InputDirectorSessionHelper.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-02 21:33:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-03 01:33
    ComboFix2.txt 2012-07-02 09:49
    .
    Pre-Run: 14,572,429,312 bytes free
    Post-Run: 14,405,906,432 bytes free
    .
    - - End Of File - - 0D56BEBE78780249B03C37474A31A944





    ESET Scan was clean no log was given.




    Farbar Scan
    Farbar Service Scanner Version: 02-07-2012
    Ran by Spencer (administrator) on 03-07-2012 at 03:02:40
    Running from "C:\Users\Spencer\Desktop"
    Microsoft Windows 7 Ultimate (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-02-15 19:12] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-10 18:44] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll
    [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-06-13 18:03] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
    skfr33, Jul 3, 2012
    #7

  8. skfr33 Newcomer, in training

    If you were wondering, I believe the CFScript.txt I used was this

    Code:
    FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | C:\Windows\System32\services.exe
    I thought this was a universal fix since it was provided to many people for the same issue. I should have posted first, but it was really late and I was in a hurry to fix the issue.
    skfr33, Jul 3, 2012
    #8

  9. Bobbye Helper on the Fringe Posts: 16,406   +16

    FCopy is one way of replacing a bad file with a good copy. It is not universal and before it is set up, the user must run a scan on his system to see if there is a good copy. The copy will be for that user only..

    We would never ask a user to try and evaluate Combofix on their own and the set up script to run.
    ==============================================
    Do this before you run the Script in Combofix. I should then be able to see if the fix worked.

    Unfortunately, the Babylon Toolbar is heavily installed in Firefox. This useless toolbar is bundled with some 3rd party programs and has nothing to do with the program being downloaded. But once on the system, it is difficult to remove:

    Remove Babylon Toolbar in Firefox:
    • Click on Help at the top of the Firefox window.
    • Select Restart with Add-ons Disabled
    • This will bring up Firefox with the Firefox Safe Mode dialog.
      (For Windows XP: click the Help menu> select Restart with Add-ons Disabled)
    [IMG]
    • Check Reset all user preferences to Firefox defaults.
    • Click on Make Changes and Restart.
    • Firefox will restart with your settings changed back to the defaults.
    • (Image courtesy superuser.com)
    =====================
    Suggest you remove Advanced SystemCare 5 We do not recommend a registry cleaner to anyone. The risk is greater than any smll benefit gained.
    ===================
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    For 64bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      
:filefind
afd.*
cryptsvc.*
tcpip.sys
mpssvc.dll
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    =========================================
    Please run this Custom CFScript:
    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'WordWrap> and copy/paste the text in the code below into it:
    Code:
    File::
c:\windows\SysWOW64\Drivers\X6va008
DDS::
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Folder::
c:\windows\SysWow64\%APPDATA%
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"=-
 
Clearjavacache::
 
Driver::
X6va007
X6va008
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    2012-07-02 10:26--------d-----w-C:\FRST>>> ???

    Please leave logs for Combofix and SystemLook in your next reply.
    Bobbye, Jul 4, 2012
    #9

  10. skfr33 Newcomer, in training

    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:30 on 04/07/2012 by Spencer
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "afd.*"
    C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys--a---- 499712 bytes[19:35 22/01/2012][09:23 20/11/2010] D31DC7A16DEA4A9BAF179F3D6FBDB38C
    C:\Windows\System32\drivers\afd.sys--a---- 499200 bytes[23:12 15/02/2012][03:59 28/12/2011] DB9D6C6B2CD95A9CA414D045B627422E
    C:\Windows\System32\drivers\en-US\afd.sys.mui--a---- 14848 bytes[05:35 14/07/2009][02:30 14/07/2009] E6A5E6AD9C6F4F30061068F321C0EC5A
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a7ddb2029817a18e\afd.sys.mui--a---- 14848 bytes[05:35 14/07/2009][02:30 14/07/2009] E6A5E6AD9C6F4F30061068F321C0EC5A
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys--a---- 500224 bytes[23:21 13/07/2009][23:21 13/07/2009] B9384E03479D2506BC924C16A3DB87BC
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys--a---- 499712 bytes[08:37 22/01/2012][02:44 25/04/2011] 6EF20DDF3172E97D69F596FB90602F29
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys--a---- 499200 bytes[23:12 15/02/2012][03:59 28/12/2011] DB9D6C6B2CD95A9CA414D045B627422E
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys--a---- 499712 bytes[08:37 22/01/2012][02:44 25/04/2011] FBFF8B7C9D116229E9208A0D1CAEB49B
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys--a---- 499200 bytes[23:12 15/02/2012][04:01 28/12/2011] CCA39961E76B491DDF44B1E90FC8971D
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys--a---- 499200 bytes[08:37 22/01/2012][02:34 25/04/2011] D5B031C308A409A0A576BFF4CF083D30
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys--a---- 498688 bytes[23:12 15/02/2012][03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys--a---- 499200 bytes[08:37 22/01/2012][03:09 25/04/2011] F4AD06143EAC303F55D0E86C40802976
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys--a---- 498176 bytes[23:12 15/02/2012][04:01 28/12/2011] 36A14FD1A23F57046361733B792CA8DB

    Searching for "cryptsvc.*"
    C:\Windows\erdnt\cache64\cryptsvc.dll--a---- 182272 bytes[09:48 02/07/2012][05:59 24/04/2012] F02786B66375292E58C8777082D4396D
    C:\Windows\erdnt\cache86\cryptsvc.dll--a---- 139264 bytes[09:48 02/07/2012][04:47 24/04/2012] 520A108A2657F4BCA7FCED9CA7D885DE
    C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll--a---- 177152 bytes[19:34 22/01/2012][13:25 20/11/2010] 15597883FBE9B056F276ADA3AD87D9AF
    C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll--a---- 136192 bytes[19:34 22/01/2012][12:18 20/11/2010] A585BEBF7D054BD9618EDA0922D5484A
    C:\Windows\System32\cryptsvc.dll--a---- 182272 bytes[22:03 13/06/2012][05:59 24/04/2012] F02786B66375292E58C8777082D4396D
    C:\Windows\System32\en-US\cryptsvc.dll.mui--a---- 3584 bytes[05:35 14/07/2009][02:24 14/07/2009] 901D16DFDEB36476129DB6386B6BFCBA
    C:\Windows\SysWOW64\cryptsvc.dll--a---- 139264 bytes[22:03 13/06/2012][04:47 24/04/2012] 520A108A2657F4BCA7FCED9CA7D885DE
    C:\Windows\SysWOW64\en-US\cryptsvc.dll.mui--a---- 3584 bytes[05:35 14/07/2009][02:07 14/07/2009] E10A5D4A0FE1A6408BDAEC86327E4075
    C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00bbc5aa103d49e7\cryptsvc.dll.mui--a---- 3584 bytes[05:35 14/07/2009][02:24 14/07/2009] 901D16DFDEB36476129DB6386B6BFCBA
    C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll--a---- 175104 bytes[23:49 13/07/2009][01:40 14/07/2009] 8C57411B66282C01533CB776F98AD384
    C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll--a---- 182272 bytes[22:03 13/06/2012][05:59 24/04/2012] F02786B66375292E58C8777082D4396D
    C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll--a---- 183808 bytes[22:03 13/06/2012][05:36 24/04/2012] CE8BF1423AEE47DA5275FBC8AD3BD642
    C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll--a---- 184320 bytes[22:03 13/06/2012][05:37 24/04/2012] 4F5414602E2544A4554D95517948B705
    C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll--a---- 186880 bytes[22:03 13/06/2012][05:22 24/04/2012] B7337E9C9E5936355BB700AA33E0936E
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a49d2a2657dfd8b1\cryptsvc.dll.mui--a---- 3584 bytes[05:35 14/07/2009][02:07 14/07/2009] E10A5D4A0FE1A6408BDAEC86327E4075
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll--a---- 135680 bytes[23:33 13/07/2009][01:15 14/07/2009] 9C231178CE4FB385F4B54B0A9080B8A4
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll--a---- 139264 bytes[22:03 13/06/2012][04:47 24/04/2012] 520A108A2657F4BCA7FCED9CA7D885DE
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll--a---- 141312 bytes[22:03 13/06/2012][04:33 24/04/2012] F522279B4717E2BFF269C771FAC2B78E
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll--a---- 140288 bytes[22:03 13/06/2012][04:36 24/04/2012] 06E771AA596B8761107AB57E99F128D7
    C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll--a---- 142336 bytes[22:03 13/06/2012][04:28 24/04/2012] 21993009E0CCB9B4FA195F14D3408626

    Searching for "tcpip.sys"
    C:\Windows\erdnt\cache64\tcpip.sys--a---- 1895280 bytes[09:48 02/07/2012][11:09 30/03/2012] 624C5B3AA4C99B3184BB922D9ECE3FF0
    C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys--a---- 1924480 bytes[19:35 22/01/2012][13:33 20/11/2010] 509383E505C973ED7534A06B3D19688D
    C:\Windows\System32\drivers\tcpip.sys--a---- 1895280 bytes[22:44 10/05/2012][11:09 30/03/2012] 624C5B3AA4C99B3184BB922D9ECE3FF0
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys--a---- 1898576 bytes[23:25 13/07/2009][01:45 14/07/2009] 912107716BAB424C7870E8E6AF5E07E1
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys--a---- 1896832 bytes[08:37 22/01/2012][05:32 25/04/2011] 61DC720BB065D607D5823F13D2A64321
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys--a---- 1897328 bytes[08:35 22/01/2012][16:24 29/09/2011] F18F56EFC0BFB9C87BA01C37B27F4DA5
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys--a---- 1895280 bytes[22:44 10/05/2012][11:09 30/03/2012] 624C5B3AA4C99B3184BB922D9ECE3FF0
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys--a---- 1893248 bytes[08:37 22/01/2012][05:28 25/04/2011] 1F748D5439B65E0BEBD92F65048F030D
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys--a---- 1886064 bytes[08:35 22/01/2012][16:17 29/09/2011] AC3E29880DB5659532A1AA3439304A43
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys--a---- 1877872 bytes[22:44 10/05/2012][10:19 30/03/2012] 5EFD096DEF47F8B88EF591DA92143440
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys--a---- 1923968 bytes[08:37 22/01/2012][05:33 25/04/2011] 92CE29D95AC9DD2D0EE9061D551BA250
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys--a---- 1923952 bytes[08:35 22/01/2012][16:29 29/09/2011] FC62769E7BFF2896035AEED399108162
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys--a---- 1918320 bytes[22:44 10/05/2012][11:35 30/03/2012] ACB82BDA8F46C84F465C1AFA517DC4B9
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys--a---- 1927552 bytes[08:37 22/01/2012][06:16 25/04/2011] B77977AEB2FF159D01DB08A309989C5F
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys--a---- 1912176 bytes[08:35 22/01/2012][17:41 29/09/2011] 3810F06A4D74A7D62641EE73D6B3C660
    C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys--a---- 1901424 bytes[22:44 10/05/2012][10:26 30/03/2012] 885B202006EE17AE99B9FBCEC9AF88C9

    Searching for "mpssvc.dll"
    C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll--a---- 828416 bytes[19:35 22/01/2012][13:26 20/11/2010] 54FFC9C8898113ACE189D4AA7199D2C1
    C:\Windows\System32\MPSSVC.dll--a---- 824832 bytes[00:09 14/07/2009][01:41 14/07/2009] AECAB449567D1846DAD63ECE49E893E3
    C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll--a---- 824832 bytes[00:09 14/07/2009][01:41 14/07/2009] AECAB449567D1846DAD63ECE49E893E3

    -= EOF =-




    ComboFix

    ComboFix 12-07-04.04 - Spencer 07/04/2012 13:38:02.3.6 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6467 [GMT -4:00]
    Running from: c:\users\Spencer\Desktop\ComboFix.exe
    Command switches used :: c:\users\Spencer\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\SysWOW64\Drivers\X6va008"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\%APPDATA%
    c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_X6VA007
    -------\Legacy_X6VA008
    -------\Service_X6va007
    -------\Service_X6va008
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-04 17:43 . 2012-07-04 17:43--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-03 22:07 . 2012-07-03 22:07--------d-----w-c:\users\Spencer\AppData\Local\Movie_Fone
    2012-07-03 01:40 . 2012-07-03 01:40--------d-----w-c:\program files (x86)\ESET
    2012-07-02 10:25 . 2012-07-02 10:26--------d-----w-C:\FRST
    2012-07-02 09:41 . 2009-07-14 01:39328704----a-w-c:\windows\SysWow64\services.exe
    2012-07-02 07:57 . 2012-07-02 07:57--------d-----w-c:\users\Spencer\AppData\Local\Futuremark_Corporation
    2012-07-02 07:54 . 2012-07-02 07:54--------d-----w-c:\program files (x86)\Common Files\Futuremark Shared
    2012-06-29 22:05 . 2012-06-29 22:05--------d-----w-c:\users\Spencer\AppData\Local\PreEmptive Solutions
    2012-06-29 22:01 . 2012-06-29 22:15--------d-----w-c:\users\Spencer\AppData\Local\Gapotchenko
    2012-06-29 05:32 . 2012-06-29 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\Awesomium
    2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-c:\users\Spencer\AppData\Local\SCE
    2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-C:\Crash
    2012-06-23 03:57 . 2007-03-20 16:3343520----a-w-c:\windows\SysWow64\libusb0.dll
    2012-06-21 21:01 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-21 21:01 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-21 21:01 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-06-21 21:01 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-21 21:01 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-06-21 21:01 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-21 21:01 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-06-21 21:01 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-21 21:01 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-06-20 05:33 . 2012-06-20 05:33--------d-----w-c:\users\Spencer\AppData\Local\NuGet
    2012-06-20 05:32 . 2012-06-20 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\NuGet
    2012-06-19 07:51 . 2012-06-19 07:51--------d--h--w-c:\programdata\Common Files
    2012-06-19 07:43 . 2012-06-19 07:43--------d-----w-c:\users\Spencer\AppData\Local\Macromedia
    2012-06-18 22:44 . 2012-06-18 22:44--------d-----w-c:\users\Spencer\AppData\Local\Funcom
    2012-06-18 20:40 . 2012-06-18 20:40275360----a-w-c:\windows\system32\DreamScene.dll
    2012-06-18 20:40 . 2012-06-18 20:40--------d-----w-c:\windows\system32\WDSA
    2012-06-15 07:55 . 2012-06-15 07:55--------d-----w-c:\programdata\NVIDIA
    2012-06-13 22:04 . 2012-04-26 05:3476288----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-13 22:04 . 2012-04-26 05:34149504----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-06-13 22:04 . 2012-04-26 05:289216----a-w-c:\windows\system32\rdrmemptylst.exe
    2012-06-13 22:04 . 2012-05-02 05:32208896----a-w-c:\windows\system32\profsvc.dll
    2012-06-13 22:04 . 2012-05-04 10:525505392----a-w-c:\windows\system32\ntoskrnl.exe
    2012-06-13 22:04 . 2012-05-04 10:083958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 22:04 . 2012-05-04 10:083902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 22:04 . 2012-05-15 01:323144192----a-w-c:\windows\system32\win32k.sys
    2012-06-13 22:04 . 2012-04-28 03:50204800----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 22:03 . 2012-04-07 12:183213824----a-w-c:\windows\system32\msi.dll
    2012-06-13 22:03 . 2012-04-07 11:342342400----a-w-c:\windows\SysWow64\msi.dll
    2012-06-13 22:03 . 2012-04-24 05:591460224----a-w-c:\windows\system32\crypt32.dll
    2012-06-13 22:03 . 2012-04-24 05:59182272----a-w-c:\windows\system32\cryptsvc.dll
    2012-06-13 22:03 . 2012-04-24 05:59140288----a-w-c:\windows\system32\cryptnet.dll
    2012-06-13 22:03 . 2012-04-24 04:471156608----a-w-c:\windows\SysWow64\crypt32.dll
    2012-06-13 22:03 . 2012-04-24 04:47139264----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 22:03 . 2012-04-24 04:47103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-06-08 02:03 . 2012-06-08 02:03--------d-----w-c:\users\Spencer\AppData\Local\ESN Sonar
    2012-06-06 07:00 . 2012-06-06 07:00--------d-----w-c:\program files (x86)\Common Files\PX Storage Engine
    2012-06-06 06:40 . 2011-03-30 20:2698304----a-w-c:\program files (x86)\Windows Media Player\wmp.dll
    2012-06-06 06:40 . 2012-06-06 06:40--------d-----w-c:\program files (x86)\Windows Media Player Plus!
    2012-06-05 06:27 . 2012-06-05 06:27--------d-----w-c:\programdata\ATI
    2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD AVT
    2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD APP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-29 05:32 . 2012-01-20 22:45283312----a-w-c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-29 05:32 . 2012-01-20 22:40283312----a-w-c:\windows\SysWow64\PnkBstrB.exe
    2012-06-29 01:40 . 2012-01-20 22:40282512----a-w-c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-29 01:39 . 2012-01-20 22:4076888----a-w-c:\windows\SysWow64\PnkBstrA.exe
    2012-06-24 23:10 . 2012-04-06 01:11276504----a-w-c:\windows\SysWow64\atiglpxx.dll
    2012-06-24 23:10 . 2012-04-06 01:11359960----a-w-c:\windows\system32\atig6pxx.dll
    2012-06-24 23:10 . 2012-02-15 03:18197656----a-w-c:\windows\SysWow64\aticfx32.dll
    2012-06-24 23:10 . 2011-12-06 03:16344088----a-w-c:\windows\system32\aticfx64.dll
    2012-06-12 19:59 . 2012-04-04 00:26426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-12 19:59 . 2012-01-21 06:1470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-09 19:49 . 2012-02-05 06:05314392----a-w-c:\windows\system32\EvoDisplayHelper.dll
    2012-06-09 19:49 . 2012-02-05 06:05197144----a-w-c:\windows\SysWow64\EvoDisplayHelper.dll
    2012-05-29 02:06 . 2012-02-13 04:33466456----a-w-c:\windows\system32\wrap_oal.dll
    2012-05-29 02:06 . 2012-02-13 04:33444952----a-w-c:\windows\SysWow64\wrap_oal.dll
    2012-05-29 02:06 . 2012-02-13 04:33122904----a-w-c:\windows\system32\OpenAL32.dll
    2012-05-29 02:06 . 2012-02-13 04:33109080----a-w-c:\windows\SysWow64\OpenAL32.dll
    2012-05-02 04:49 . 2012-05-02 04:492337865----a-w-c:\windows\SysWow64\pbsvc.exe
    2012-04-22 21:54 . 2012-04-22 21:54374792----a-w-c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
    2012-04-22 21:54 . 2012-04-22 21:54157704----a-w-c:\windows\system32\drivers\UMDF\lgSSBW.dll
    2012-04-14 07:38 . 2012-04-04 00:368741536----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-06 05:22 . 2012-04-06 05:2211174400----a-w-c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 02:34 . 2012-04-06 02:34187392----a-w-c:\windows\system32\clinfo.exe
    2012-04-06 02:34 . 2012-04-06 02:3474752----a-w-c:\windows\system32\OpenVideo64.dll
    2012-04-06 02:34 . 2012-04-06 02:3464512----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-04-06 02:33 . 2012-04-06 02:3363488----a-w-c:\windows\system32\OVDecode64.dll
    2012-04-06 02:33 . 2012-04-06 02:3356320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-04-06 02:33 . 2012-04-06 02:3316457216----a-w-c:\windows\system32\amdocl64.dll
    2012-04-06 02:32 . 2012-04-06 02:3213007872----a-w-c:\windows\SysWow64\amdocl.dll
    2012-04-06 02:22 . 2012-04-06 02:22159744----a-w-c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2011-12-06 03:17909312----a-w-c:\windows\SysWow64\aticfx32_evolve.dll
    2012-04-06 02:20 . 2011-12-06 03:161067520----a-w-c:\windows\system32\aticfx64_evolve.dll
    2012-04-06 02:16 . 2012-02-15 03:13442368----a-w-c:\windows\system32\ATIDEMGX.dll
    2012-04-06 02:16 . 2012-04-06 02:16503808----a-w-c:\windows\system32\atieclxx.exe
    2012-04-06 02:16 . 2012-04-06 02:16236544----a-w-c:\windows\system32\atiesrxx.exe
    2012-04-06 02:14 . 2012-04-06 02:14120320----a-w-c:\windows\system32\atitmm64.dll
    2012-04-06 02:14 . 2012-04-06 02:1421504----a-w-c:\windows\system32\atimuixx.dll
    2012-04-06 02:14 . 2012-04-06 02:1459392----a-w-c:\windows\system32\atiedu64.dll
    2012-04-06 02:14 . 2012-04-06 02:1443520----a-w-c:\windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13 . 2012-04-06 02:136800896----a-w-c:\windows\SysWow64\atidxx32.dll
    2012-04-06 02:10 . 2012-02-15 03:2126181632----a-w-c:\windows\system32\atio6axx.dll
    2012-04-06 02:00 . 2011-12-06 02:1864000----a-w-c:\windows\system32\coinst.dll
    2012-04-06 01:54 . 2011-12-06 02:517479296----a-w-c:\windows\system32\atidxx64.dll
    2012-04-06 01:50 . 2012-04-06 01:5019753984----a-w-c:\windows\SysWow64\atioglxx.dll
    2012-04-06 01:35 . 2012-04-06 01:351120768----a-w-c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:341831424----a-w-c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34 . 2012-02-15 02:404731904----a-w-c:\windows\system32\atiumd6a.dll
    2012-04-06 01:34 . 2012-02-15 02:346203392----a-w-c:\windows\SysWow64\atiumdag.dll
    2012-04-06 01:30 . 2012-04-06 01:3051200----a-w-c:\windows\system32\aticalrt64.dll
    2012-04-06 01:30 . 2012-04-06 01:3046080----a-w-c:\windows\SysWow64\aticalrt.dll
    2012-04-06 01:30 . 2012-04-06 01:3044544----a-w-c:\windows\system32\aticalcl64.dll
    2012-04-06 01:30 . 2012-04-06 01:3044032----a-w-c:\windows\SysWow64\aticalcl.dll
    2012-04-06 01:29 . 2012-04-06 01:2916090624----a-w-c:\windows\system32\aticaldd64.dll
    2012-04-06 01:25 . 2012-04-06 01:2513764096----a-w-c:\windows\SysWow64\aticaldd.dll
    2012-04-06 01:23 . 2012-02-15 02:257431680----a-w-c:\windows\system32\atiumd64.dll
    2012-04-06 01:22 . 2012-02-15 02:294795904----a-w-c:\windows\SysWow64\atiumdva.dll
    2012-04-06 01:11 . 2012-02-15 02:14514560----a-w-c:\windows\system32\atiadlxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11360448----a-w-c:\windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11 . 2011-12-06 02:1217408----a-w-c:\windows\system32\atig6pxx_evolve.dll
    2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2011-12-06 02:1214848----a-w-c:\windows\SysWow64\atiglpxx_evolve.dll
    2012-04-06 01:11 . 2012-02-15 02:1341984----a-w-c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:1033280----a-w-c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:10 . 2012-04-06 01:10343040----a-w-c:\windows\system32\drivers\atikmpag.sys
    2012-04-06 01:09 . 2011-12-06 02:1154784----a-w-c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2012-04-06 01:0941984----a-w-c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2012-02-15 02:1244544----a-w-c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2011-12-06 02:1132256----a-w-c:\windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09 . 2012-04-06 01:0953248----a-w-c:\windows\system32\drivers\ati2erec.dll
    2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\atimpc64.dll
    2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\amdpcom64.dll
    2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\atimpc32.dll
    2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\amdpcom32.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-03_01.31.53 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-20 21:52 . 2012-07-04 17:2557968 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-04 17:2528102 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-01-20 23:15 . 2012-07-04 17:2332768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-01-20 23:15 . 2012-07-03 01:1732768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-01-20 23:15 . 2012-07-03 01:1732768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-01-20 23:15 . 2012-07-04 17:2332768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-04 17:2316384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-03 01:1716384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-01-20 21:22 . 2012-07-04 17:257482 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-297926242-239688007-3628787549-1000_UserData.bin
    - 2012-01-20 21:22 . 2012-07-02 17:487482 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-297926242-239688007-3628787549-1000_UserData.bin
    + 2012-07-04 17:44 . 2012-07-04 17:442048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-03 01:31 . 2012-07-03 01:312048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2012-07-04 17:29271368 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-07-03 01:30273332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-04 17:43273332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 02:36 . 2012-07-04 17:291097520 c:\windows\system32\perfh009.dat
    - 2012-02-10 05:00 . 2012-07-03 01:301274720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2012-02-10 05:00 . 2012-07-04 17:431274720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2012-02-05 09:20 . 2012-06-30 06:592745036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-297926242-239688007-3628787549-1000-12288.dat
    + 2012-02-05 09:20 . 2012-07-04 02:222745036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-297926242-239688007-3628787549-1000-12288.dat
    - 2009-07-14 02:34 . 2012-07-02 17:5910485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-07-04 17:3610485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2012-01-20 21:19 . 2012-07-04 17:4320426639 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-297926242-239688007-3628787549-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EvolveClient"="d:\program files\Echobit\Evolve\EvolveClient.exe" [2012-06-24 2466840]
    "Steam"="d:\program files (x86)\Steam\steam.exe" [2012-05-04 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-06-14 5309056]
    "Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
    "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "amd_dc_opt"="d:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    .
    c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    R3 EvoSvc;Evolve Service;d:\program files\Echobit\Evolve\EvoSvc.exe [2012-06-24 1511448]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-14 128928]
    R3 IDVistaService;Input Director Vista Service;d:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
    R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
    R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
    R4 hshld;Hotspot Shield Service;d:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
    R4 HssWd;Hotspot Shield Monitoring Service;d:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 NETGEARGenieDaemon;NETGEARGenieDaemon;d:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2011-10-24 1370400]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
    S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 InputDirector;Input Director Service;d:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
    S3 EvoKbFilter;Evolve Keyboard Filter Driver;c:\windows\system32\Drivers\EvoKbFilter.sys [2012-02-05 27800]
    S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-02-05 21656]
    S3 EvoMouFilter;Evolve Mouse Filter Driver;c:\windows\system32\Drivers\EvoMouFilter.sys [2012-02-05 24216]
    S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
    S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
    - c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
    .
    2012-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
    - c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
    .
    2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
    - c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
    - c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
    "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
    "combofix"="c:\combofix\CF32693.3XE" [2009-07-14 344576]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3181033&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - ViralTube3 Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3181033&SearchSource=13
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - da23b6450000000000000000b6bb57a8
    FF - user.js: extensions.BabylonToolbar_i.hardId - da23b6450000000000000000b6bb57a8
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:01
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    d:\program files (x86)\Input Director\InputDirectorSessionHelper.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-04 13:45:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-04 17:45
    ComboFix2.txt 2012-07-02 09:49
    .
    Pre-Run: 14,540,509,184 bytes free
    Post-Run: 14,022,406,144 bytes free
    .
    - - End Of File - - 97366707453D2B6B2157BC5EB38E98B3
    skfr33, Jul 4, 2012
    #10

  11. Bobbye Helper on the Fringe Posts: 16,406   +16

    None of the default settings are in Firefox and Firefox is still infested with Babylon Toolbar.
    =========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
Extra::
File::
Firefox::
Firefox-: - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
Firefox-: prefs.js - Search.DefaultURL:
Firefox-: prefs.js- Startup.Homepage
 
Clearjavacache::
 
createrestorepoint::
FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys | C:\Windows\System32\drivers\afd.sys
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys | C:\Windows\System32\Drivers\tcpip.sys
C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll | C:\Windows\System32\mpssvc.dll
C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll | C:\Windows\System32\cryptsvc.dll
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    This did not get removed with the script. Please find it in your system- do right click> Properties to check the date> do a right click> Delete on THIS file:
    "c:\combofix\CF32693.3XE" [2009-07-14 344576]v\
    Bobbye, Jul 4, 2012
    #11

  12. skfr33 Newcomer, in training

    ComboFix 12-07-04.04 - Spencer 07/04/2012 22:29:12.4.6 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6249 [GMT -4:00]
    Running from: c:\users\Spencer\Desktop\ComboFix.exe
    Command switches used :: c:\users\Spencer\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys --> c:\windows\System32\drivers\afd.sys
    c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys --> c:\windows\System32\Drivers\tcpip.sys
    c:\windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll --> c:\windows\System32\mpssvc.dll
    c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll --> c:\windows\System32\cryptsvc.dll
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-05 02:32 . 2012-07-05 02:32--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-05 02:29 . 2012-03-30 11:091895280----a-w-c:\windows\SysWow64\drivers\tcpip.sys
    2012-07-05 02:29 . 2011-12-28 03:59499200----a-w-c:\windows\SysWow64\drivers\afd.sys
    2012-07-05 02:29 . 2009-07-14 01:41824832----a-w-c:\windows\SysWow64\mpssvc.dll
    2012-07-04 20:38 . 2012-07-04 20:38--------d-----w-c:\programdata\Nexon
    2012-07-03 22:07 . 2012-07-03 22:07--------d-----w-c:\users\Spencer\AppData\Local\Movie_Fone
    2012-07-03 01:40 . 2012-07-03 01:40--------d-----w-c:\program files (x86)\ESET
    2012-07-02 10:25 . 2012-07-02 10:26--------d-----w-C:\FRST
    2012-07-02 09:41 . 2009-07-14 01:39328704----a-w-c:\windows\SysWow64\services.exe
    2012-07-02 07:57 . 2012-07-02 07:57--------d-----w-c:\users\Spencer\AppData\Local\Futuremark_Corporation
    2012-07-02 07:54 . 2012-07-02 07:54--------d-----w-c:\program files (x86)\Common Files\Futuremark Shared
    2012-06-29 22:05 . 2012-06-29 22:05--------d-----w-c:\users\Spencer\AppData\Local\PreEmptive Solutions
    2012-06-29 22:01 . 2012-06-29 22:15--------d-----w-c:\users\Spencer\AppData\Local\Gapotchenko
    2012-06-29 05:32 . 2012-06-29 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\Awesomium
    2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-c:\users\Spencer\AppData\Local\SCE
    2012-06-29 01:38 . 2012-06-29 01:38--------d-----w-C:\Crash
    2012-06-23 03:57 . 2007-03-20 16:3343520----a-w-c:\windows\SysWow64\libusb0.dll
    2012-06-21 21:01 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-21 21:01 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-21 21:01 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-06-21 21:01 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-21 21:01 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-06-21 21:01 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-21 21:01 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-06-21 21:01 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-21 21:01 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-06-20 05:33 . 2012-06-20 05:33--------d-----w-c:\users\Spencer\AppData\Local\NuGet
    2012-06-20 05:32 . 2012-06-20 05:32--------d-----w-c:\users\Spencer\AppData\Roaming\NuGet
    2012-06-19 07:51 . 2012-06-19 07:51--------d--h--w-c:\programdata\Common Files
    2012-06-19 07:43 . 2012-06-19 07:43--------d-----w-c:\users\Spencer\AppData\Local\Macromedia
    2012-06-18 22:44 . 2012-06-18 22:44--------d-----w-c:\users\Spencer\AppData\Local\Funcom
    2012-06-18 20:40 . 2012-06-18 20:40275360----a-w-c:\windows\system32\DreamScene.dll
    2012-06-18 20:40 . 2012-06-18 20:40--------d-----w-c:\windows\system32\WDSA
    2012-06-15 07:55 . 2012-06-15 07:55--------d-----w-c:\programdata\NVIDIA
    2012-06-13 22:04 . 2012-04-26 05:3476288----a-w-c:\windows\system32\rdpwsx.dll
    2012-06-13 22:04 . 2012-04-26 05:34149504----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-06-13 22:04 . 2012-04-26 05:289216----a-w-c:\windows\system32\rdrmemptylst.exe
    2012-06-13 22:04 . 2012-05-02 05:32208896----a-w-c:\windows\system32\profsvc.dll
    2012-06-13 22:04 . 2012-05-04 10:525505392----a-w-c:\windows\system32\ntoskrnl.exe
    2012-06-13 22:04 . 2012-05-04 10:083958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 22:04 . 2012-05-04 10:083902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 22:04 . 2012-05-15 01:323144192----a-w-c:\windows\system32\win32k.sys
    2012-06-13 22:04 . 2012-04-28 03:50204800----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 22:03 . 2012-04-07 12:183213824----a-w-c:\windows\system32\msi.dll
    2012-06-13 22:03 . 2012-04-07 11:342342400----a-w-c:\windows\SysWow64\msi.dll
    2012-06-13 22:03 . 2012-04-24 05:591460224----a-w-c:\windows\system32\crypt32.dll
    2012-06-13 22:03 . 2012-04-24 05:59182272----a-w-c:\windows\system32\cryptsvc.dll
    2012-06-13 22:03 . 2012-04-24 05:59140288----a-w-c:\windows\system32\cryptnet.dll
    2012-06-13 22:03 . 2012-04-24 04:471156608----a-w-c:\windows\SysWow64\crypt32.dll
    2012-06-13 22:03 . 2012-04-24 05:59182272----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 22:03 . 2012-04-24 04:47103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-06-08 02:03 . 2012-06-08 02:03--------d-----w-c:\users\Spencer\AppData\Local\ESN Sonar
    2012-06-06 07:00 . 2012-06-06 07:00--------d-----w-c:\program files (x86)\Common Files\PX Storage Engine
    2012-06-06 06:40 . 2011-03-30 20:2698304----a-w-c:\program files (x86)\Windows Media Player\wmp.dll
    2012-06-06 06:40 . 2012-06-06 06:40--------d-----w-c:\program files (x86)\Windows Media Player Plus!
    2012-06-05 06:27 . 2012-06-05 06:27--------d-----w-c:\programdata\ATI
    2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD AVT
    2012-06-05 06:26 . 2012-06-05 06:26--------d-----w-c:\program files (x86)\AMD APP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-29 05:32 . 2012-01-20 22:45283312----a-w-c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-29 05:32 . 2012-01-20 22:40283312----a-w-c:\windows\SysWow64\PnkBstrB.exe
    2012-06-29 01:40 . 2012-01-20 22:40282512----a-w-c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-29 01:39 . 2012-01-20 22:4076888----a-w-c:\windows\SysWow64\PnkBstrA.exe
    2012-06-24 23:10 . 2012-04-06 01:11276504----a-w-c:\windows\SysWow64\atiglpxx.dll
    2012-06-24 23:10 . 2012-04-06 01:11359960----a-w-c:\windows\system32\atig6pxx.dll
    2012-06-24 23:10 . 2012-02-15 03:18197656----a-w-c:\windows\SysWow64\aticfx32.dll
    2012-06-24 23:10 . 2011-12-06 03:16344088----a-w-c:\windows\system32\aticfx64.dll
    2012-06-12 19:59 . 2012-04-04 00:26426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-12 19:59 . 2012-01-21 06:1470344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-09 19:49 . 2012-02-05 06:05314392----a-w-c:\windows\system32\EvoDisplayHelper.dll
    2012-06-09 19:49 . 2012-02-05 06:05197144----a-w-c:\windows\SysWow64\EvoDisplayHelper.dll
    2012-05-29 02:06 . 2012-02-13 04:33466456----a-w-c:\windows\system32\wrap_oal.dll
    2012-05-29 02:06 . 2012-02-13 04:33444952----a-w-c:\windows\SysWow64\wrap_oal.dll
    2012-05-29 02:06 . 2012-02-13 04:33122904----a-w-c:\windows\system32\OpenAL32.dll
    2012-05-29 02:06 . 2012-02-13 04:33109080----a-w-c:\windows\SysWow64\OpenAL32.dll
    2012-05-02 04:49 . 2012-05-02 04:492337865----a-w-c:\windows\SysWow64\pbsvc.exe
    2012-04-22 21:54 . 2012-04-22 21:54374792----a-w-c:\windows\system32\drivers\UMDF\lgSSQVGA.dll
    2012-04-22 21:54 . 2012-04-22 21:54157704----a-w-c:\windows\system32\drivers\UMDF\lgSSBW.dll
    2012-04-14 07:38 . 2012-04-04 00:368741536----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-06 05:22 . 2012-04-06 05:2211174400----a-w-c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 02:34 . 2012-04-06 02:34187392----a-w-c:\windows\system32\clinfo.exe
    2012-04-06 02:34 . 2012-04-06 02:3474752----a-w-c:\windows\system32\OpenVideo64.dll
    2012-04-06 02:34 . 2012-04-06 02:3464512----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-04-06 02:33 . 2012-04-06 02:3363488----a-w-c:\windows\system32\OVDecode64.dll
    2012-04-06 02:33 . 2012-04-06 02:3356320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-04-06 02:33 . 2012-04-06 02:3316457216----a-w-c:\windows\system32\amdocl64.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-03_01.31.53 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-20 21:52 . 2012-07-04 17:2557968 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-04 17:4528110 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:30 . 2012-06-09 05:4986016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30 . 2012-07-05 00:4486016 c:\windows\system32\DriverStore\infpub.dat
    + 2012-01-20 23:15 . 2012-07-04 20:2932768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-01-20 23:15 . 2012-07-03 01:1732768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-01-20 23:15 . 2012-07-04 20:2932768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2012-01-20 23:15 . 2012-07-03 01:1732768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-03 01:1716384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-04 20:2916384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-01-20 21:22 . 2012-07-04 17:457498 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-297926242-239688007-3628787549-1000_UserData.bin
    - 2012-07-03 01:31 . 2012-07-03 01:312048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-05 02:33 . 2012-07-05 02:332048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2012-07-04 17:49275554 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:30 . 2012-07-05 00:44143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2012-06-09 05:49143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:01 . 2012-07-03 01:30273332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-05 02:32273332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 02:36 . 2012-07-04 17:491109902 c:\windows\system32\perfh009.dat
    - 2012-02-10 05:00 . 2012-07-03 01:301274720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2012-02-10 05:00 . 2012-07-04 17:431274720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2012-02-05 09:20 . 2012-07-05 02:322846880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-297926242-239688007-3628787549-1000-12288.dat
    - 2009-07-14 02:34 . 2012-07-02 17:5910485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-07-04 17:3610485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2012-01-20 21:19 . 2012-07-05 02:3220426639 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-297926242-239688007-3628787549-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EvolveClient"="d:\program files\Echobit\Evolve\EvolveClient.exe" [2012-06-24 2466840]
    "Steam"="d:\program files (x86)\Steam\steam.exe" [2012-05-04 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-06-14 5309056]
    "Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
    "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "amd_dc_opt"="d:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    .
    c:\users\Spencer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Spencer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 EvoSvc;Evolve Service;d:\program files\Echobit\Evolve\EvoSvc.exe [2012-06-24 1511448]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-14 128928]
    R3 IDVistaService;Input Director Vista Service;d:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-30 497496]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
    R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
    R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
    R4 hshld;Hotspot Shield Service;d:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
    R4 HssWd;Hotspot Shield Monitoring Service;d:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 NETGEARGenieDaemon;NETGEARGenieDaemon;d:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2011-10-24 1370400]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
    S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 InputDirector;Input Director Service;d:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
    S3 EvoKbFilter;Evolve Keyboard Filter Driver;c:\windows\system32\Drivers\EvoKbFilter.sys [2012-02-05 27800]
    S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-02-05 21656]
    S3 EvoMouFilter;Evolve Mouse Filter Driver;c:\windows\system32\Drivers\EvoMouFilter.sys [2012-02-05 24216]
    S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
    S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
    - c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
    .
    2012-07-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
    - c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-22 00:02]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000Core.job
    - c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
    .
    2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-297926242-239688007-3628787549-1000UA.job
    - c:\users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 20:25]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Spencer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
    "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.babylon.com/?AF=110788&tt=290312_bexdll&babsrc=HP_ss&mntrId=da23b6450000000000000000b6bb57a8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - da23b6450000000000000000b6bb57a8
    FF - user.js: extensions.BabylonToolbar_i.hardId - da23b6450000000000000000b6bb57a8
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:01
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    d:\program files (x86)\Input Director\InputDirectorSessionHelper.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-04 22:34:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-05 02:34
    ComboFix2.txt 2012-07-02 09:49
    .
    Pre-Run: 12,711,514,112 bytes free
    Post-Run: 13,405,831,168 bytes free
    .
    - - End Of File - - A85AB5BEC3F2B467E1B1335AA9DFF197
    I could not find the file
    "c:\combofix\CF32693.3XE" [2009-07-14 344576]v\
    that you mentioned, or even a combofix directory.
    skfr33, Jul 4, 2012
    #12

  13. Bobbye Helper on the Fringe Posts: 16,406   +16

    Please tell me what you have done in Firefox regarding the Babylon Toolbar.

    When your logs come back, whatever I have set up for Firefox hasn't been done.
    1. First, I had you try resetting the Preferences to the Default. There were then new entries that were not the default.

    2. Second, I tried to reset the default Home page (Start page, Search Page and Browser default search engine. Now Firefox shows no Home/Start page, no Search engine, no browser search engine for this user:> nothing but the /Babylon Toolbar extension:
    FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
    Bobbye, Jul 5, 2012
    #13

  14. skfr33 Newcomer, in training

    I apologize if I did not understand you correctly previously. I simply reset the browser a second time because I thought you had stated that it did not reset the first time. Otherwise, I am not sure what happened exactly.
    skfr33, Jul 5, 2012
    #14

  15. Bobbye Helper on the Fringe Posts: 16,406   +16

    As I mentioned, the Babylon Toolbar is not easily removed. I just needed to know that you tried using the 'Reset Preferences'. If you did and Babylon is still all over Firefox, we will have to try a different way.

    But for our purposes now, I'd just like to get the default back for home and start pages

    Please see if this will help:
    Open Firefox> Tools> Addons> Extensions> Remove any extensions for Babylon Toolabar. Please understand that you can still use the Babylon site and search, but the toolbar is Foistware and should not remain on the system

    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar
    Bobbye, Jul 6, 2012
    #15

  16. skfr33 Newcomer, in training

    The Babylon Toolbar does not exist within FireFox. I did manually set my default search provider and home page. I also deleted Babylon Search from my list of search providers. Last thing I did was search my drive for "babylon" and deleted some left over folders which seemed to contain installation files or nothing. Here is part of a new ComboFix Scan.

    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\n580dgpp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110788
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - da23b6450000000000000000b6bb57a8
    FF - user.js: extensions.BabylonToolbar_i.hardId - da23b6450000000000000000b6bb57a8
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15431
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:01
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    skfr33, Jul 7, 2012
    #16

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.