TechSpot

Win64/Patched.A help

Inactive
By fmirza
Nov 15, 2012
  1. Hello, my AVG scanner keeps telling me that my services.exe file has been infected with Win64/Patched.A and I was wondering if anyone here could give me some help with that. Anything you can give me would be greatly appreciated. Here are the logs.

    Malwarebytes:

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.14.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Black mage :: OAK_STAFF [administrator]

    Protection: Enabled

    11/14/2012 12:58:52 PM
    mbam-log-2012-11-14 (12-58-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 365222
    Time elapsed: 1 hour(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Data: C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /S=7 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 6
    C:\Users\Black mage\AppData\Local\CheeryChickenSA (Adware.HotBar.CC) -> Quarantined and deleted successfully.
    C:\Users\Black mage\AppData\Local\CheeryChickenSA\bin (Adware.HotBar.CC) -> Quarantined and deleted successfully.
    C:\Users\Black mage\AppData\Local\CheeryChickenSA\bin\1.0.7.0 (Adware.HotBar.CC) -> Quarantined and deleted successfully.
    C:\Users\Black mage\Local Settings\Application Data\CheeryChickenSA (Adware.HotBar.CC) -> Quarantined and deleted successfully.
    C:\Users\Black mage\Local Settings\Application Data\CheeryChickenSA\bin (Adware.HotBar.CC) -> Quarantined and deleted successfully.
    C:\Users\Black mage\Local Settings\Application Data\CheeryChickenSA\bin\1.0.7.0 (Adware.HotBar.CC) -> Quarantined and deleted successfully.

    Files Detected: 7
    C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Quarantined and deleted successfully.
    C:\Users\Black mage\Downloads\etype_setup (1).exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
    C:\Users\Black mage\Downloads\etype_setup (2).exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
    C:\Users\Black mage\Downloads\etype_setup (3).exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
    C:\Users\Black mage\Downloads\etype_setup.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
    C:\Users\Black mage\AppData\Local\CheeryChickenSA\bin\1.0.7.0\cheerychickenSAHook.aaa (Adware.HotBar.CC) -> Quarantined and deleted successfully.
    C:\Users\Black mage\Local Settings\Application Data\CheeryChickenSA\bin\1.0.7.0\cheerychickenSAHook.aaa (Adware.HotBar.CC) -> Quarantined and deleted successfully.

    (end)


    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-11-14 23:14:52
    Windows 6.1.7601 Service Pack 1
    Running: 4jgf925r.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMYAQKNT\dnserrordiagoff_webOC[1] 0 bytes
    File C:\Users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWXZOOYG\down[2] 0 bytes
    File C:\Users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWXZOOYG\httpErrorPagesScripts[1] 0 bytes
    File C:\Users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWXZOOYG\background_gradient[1] 0 bytes
    File C:\Users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWXZOOYG\bullet[1] 0 bytes
    File C:\Windows\Temp\avg-36245f04-9e8c-476a-acd9-100b3d7c783e.tmp 0 bytes

    ---- EOF - GMER 1.0.15 ----


    DDS

    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 10.7.2
    Run by Black mage at 23:17:32 on 2012-11-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.880 [GMT -8:00]
    .
    AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskhost.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Evaer\videochannel.exe
    C:\Users\Black mage\AppData\Local\Akamai\netsession_win.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Black mage\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Evaer\evaer.exe
    C:\Users\Black mage\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\windows\system32\igfxext.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    C:\Users\Black mage\Downloads\4jgf925r.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
    uSearch Bar = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
    uSearch Page = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    uProxyOverride = <local>;127.0.0.1:9421;
    uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [avichannel] "C:\Program Files (x86)\Evaer\videochannel.exe"
    uRun: [Akamai NetSession Interface] "C:\Users\Black mage\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    StartupFolder: C:\Users\BLACKM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Black mage\AppData\Roaming\Dropbox\bin\Dropbox.exe
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: mswsock.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{621CB230-EB1A-4166-8D1F-63EEA9690FD7} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{621CB230-EB1A-4166-8D1F-63EEA9690FD7}\16474777966696 : DHCPNameServer = 192.168.5.1
    TCP: Interfaces\{621CB230-EB1A-4166-8D1F-63EEA9690FD7}\8796 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{621CB230-EB1A-4166-8D1F-63EEA9690FD7}\D49425A514 : DHCPNameServer = 192.168.1.1 68.238.64.12
    TCP: Interfaces\{621CB230-EB1A-4166-8D1F-63EEA9690FD7}\E4544574541425 : DHCPNameServer = 10.0.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
    x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Black mage\AppData\Roaming\Mozilla\Firefox\Profiles\cpyojn77.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Black mage\AppData\Roaming\Mozilla\Firefox\Profiles\cpyojn77.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
    FF - plugin: C:\windows\System32\Wat\npWatWeb.dll
    FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-7-21 30568]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-11-2 1340976]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 MBAMScheduler;MBAMScheduler;C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-14 399432]
    R2 MBAMService;MBAMService;C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-14 676936]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-8 793048]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
    R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-11-15 9216]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-11-14 25928]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-11-15 51512]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
    S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-10-28 57856]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-15 232992]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-11-19 59392]
    .
    =============== Created Last 30 ================
    .
    2012-11-14 20:57:34--------d-----w-C:\Users\Black mage\AppData\Roaming\Malwarebytes
    2012-11-14 20:57:22--------d-----w-C:\ProgramData\Malwarebytes
    2012-11-14 20:57:2125928----a-w-C:\windows\System32\drivers\mbam.sys
    2012-11-13 23:14:11--------d-----w-C:\Users\Black mage\AppData\Roaming\AVG2013
    2012-11-11 02:14:35--------d-----w-C:\Users\Black mage\AppData\Roaming\TuneUp Software
    2012-11-11 02:09:10--------d-----w-C:\ProgramData\AVG2013
    2012-11-11 01:50:51--------d-----w-C:\Users\Black mage\AppData\Local\MFAData
    2012-11-11 01:50:51--------d-----w-C:\Users\Black mage\AppData\Local\Avg2013
    2012-11-04 23:37:06--------d-----w-C:\Users\Black mage\AppData\Roaming\Big Fish Games
    2012-11-04 08:55:26--------d-----w-C:\Program Files (x86)\Fairway
    2012-11-04 08:40:02--------d-----w-C:\ProgramData\Big Fish Games
    2012-11-04 08:40:00--------d-----w-C:\Program Files (x86)\bfgclient
    2012-11-04 08:38:24--------d-----w-C:\BigFishGamesCache
    2012-10-29 05:20:02--------d-----w-C:\windows\en
    2012-10-29 05:15:5657856----a-w-C:\windows\System32\drivers\fssfltr.sys
    2012-10-29 05:13:345659096----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\fb05c59d1cdb59301\skydrivesetup.exe
    2012-10-29 05:13:34--------d-----w-C:\Program Files (x86)\Microsoft SkyDrive
    2012-10-29 05:13:33--------d-----r-C:\Users\Black mage\SkyDrive
    2012-10-29 05:13:3089944----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\212082c21cdb59404\DSETUP.dll
    2012-10-29 05:13:30537432----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\212082c21cdb59404\DXSETUP.exe
    2012-10-29 05:13:301801048----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\212082c21cdb59404\dsetup32.dll
    2012-10-29 05:13:01--------d-----w-C:\ProgramData\Microsoft SkyDrive
    2012-10-29 05:13:0089944----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\102e094c1cdb59403\DSETUP.dll
    2012-10-29 05:13:00537432----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\102e094c1cdb59403\DXSETUP.exe
    2012-10-29 05:13:001801048----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\102e094c1cdb59403\dsetup32.dll
    2012-10-29 05:12:5894040----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\e316e891cdb59402\DSETUP.dll
    2012-10-29 05:12:58525656----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\e316e891cdb59402\DXSETUP.exe
    2012-10-29 05:12:581691480----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\e316e891cdb59402\dsetup32.dll
    2012-10-28 20:06:47--------d-----w-C:\Users\Black mage\AppData\Local\{F7330700-7A80-43EC-B29B-B3D26821FCFA}
    2012-10-28 08:06:35--------d-----w-C:\Users\Black mage\AppData\Local\{AA5350E0-5DB6-4B3F-AD35-437A6B7E815D}
    2012-10-27 18:25:03--------d-----w-C:\Users\Black mage\AppData\Local\{F0131E87-753F-4D6B-A0D2-DB434DF1A314}
    2012-10-27 06:24:37--------d-----w-C:\Users\Black mage\AppData\Local\{88F662E1-D965-4C4F-BFB3-11C86A0DE77C}
    2012-10-26 18:24:14--------d-----w-C:\Users\Black mage\AppData\Local\{FE039671-5DCC-40CB-A237-69A41D127956}
    2012-10-26 06:12:53--------d-----w-C:\Users\Black mage\AppData\Local\{A57F09EE-3741-4CF9-8F55-008C3CFE81F4}
    2012-10-25 04:42:47--------d-----w-C:\Users\Black mage\AppData\Local\{2FF5027A-CCFC-4D97-952D-8E4E1D0BE8CF}
    2012-10-25 01:17:46--------d-sh--w-C:\found.000
    2012-10-24 16:42:21--------d-----w-C:\Users\Black mage\AppData\Local\{B821BB45-54F5-4E0F-9C44-D93D39204B1A}
    2012-10-23 19:04:53--------d-----w-C:\Users\Black mage\AppData\Local\{F4F136EA-5B2F-4A49-9289-52E461F22FA2}
    2012-10-23 06:38:39--------d-----w-C:\Users\Black mage\AppData\Local\{C728B0F0-5FFE-41CE-A248-2445E9955C71}
    2012-10-22 21:02:44154464----a-w-C:\windows\System32\drivers\avgidsdrivera.sys
    2012-10-22 17:24:20--------d-----w-C:\Users\Black mage\AppData\Local\{3CB3FFA8-8725-4EAC-B298-9FB8A5113539}
    2012-10-21 06:10:20--------d-----w-C:\Users\Black mage\AppData\Local\{80BD52DC-5C44-4812-8B9A-9183BA5CF009}
    2012-10-20 18:10:08--------d-----w-C:\Users\Black mage\AppData\Local\{F7CD66D0-2828-4FF9-BB0A-EA57885F8A99}
    2012-10-20 06:09:55--------d-----w-C:\Users\Black mage\AppData\Local\{05E03EB6-1CA0-4E87-8655-23F62DCD1BFF}
    2012-10-19 18:09:42--------d-----w-C:\Users\Black mage\AppData\Local\{D153C140-E546-4719-A2B2-602610A42040}
    2012-10-19 06:09:22--------d-----w-C:\Users\Black mage\AppData\Local\{FFF79EE6-4282-4CDF-B0FF-AAF29C4EE4B6}
    2012-10-18 18:09:03--------d-----w-C:\Users\Black mage\AppData\Local\{C5025685-A455-48FF-80A1-27A6CF364297}
    2012-10-18 06:08:47--------d-----w-C:\Users\Black mage\AppData\Local\{F098D6BE-CBB0-428D-92B8-5A68F988D3CC}
    2012-10-17 18:08:35--------d-----w-C:\Users\Black mage\AppData\Local\{5804D7F2-20CC-4787-938E-AA6EFE1B090A}
    2012-10-17 06:08:24--------d-----w-C:\Users\Black mage\AppData\Local\{9265D5F3-CD3C-4118-94E9-EB9C69529A9D}
    2012-10-16 18:08:11--------d-----w-C:\Users\Black mage\AppData\Local\{7F870E15-16A9-4713-92A0-735AB807367A}
    .
    ==================== Find3M ====================
    .
    2012-11-14 18:07:084940----a-w-C:\windows\System32\PerfStringBackup.TMP
    2012-11-09 07:22:0730568----a-w-C:\windows\System32\drivers\avgtpx64.sys
    2012-10-15 11:48:5063328----a-w-C:\windows\System32\drivers\avgidsha.sys
    2012-10-08 20:49:2673656----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-08 20:49:26696760----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-05 11:32:50111456----a-w-C:\windows\System32\drivers\avgmfx64.sys
    2012-10-02 11:30:38185696----a-w-C:\windows\System32\drivers\avgldx64.sys
    2012-09-30 03:47:3995208----a-w-C:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-30 03:47:39821736----a-w-C:\windows\SysWow64\npDeployJava1.dll
    2012-09-30 03:47:39746984----a-w-C:\windows\SysWow64\deployJava1.dll
    2012-09-21 11:46:04200032----a-w-C:\windows\System32\drivers\avgtdia.sys
    2012-09-21 11:46:00225120----a-w-C:\windows\System32\drivers\avgloga.sys
    2012-09-14 11:05:1840800----a-w-C:\windows\System32\drivers\avgrkx64.sys
    2012-09-12 23:07:4458368----a-w-C:\windows\SysWow64\sirenacm.dll
    2012-09-12 22:57:44322048----a-w-C:\windows\WLXPGSS.SCR
    2012-09-04 18:39:3250296----a-w-C:\windows\System32\drivers\avgfwd6a.sys
    .
    ============= FINISH: 23:19:15.51 ===============


    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/16/2011 3:01:40 PM
    System Uptime: 11/14/2012 2:05:35 PM (9 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Celeron(R) CPU 925 @ 2.30GHz | CPU | 2294/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 222 GiB total, 122.638 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP91: 10/28/2012 10:11:29 PM - Windows Live Essentials
    RP92: 10/28/2012 10:13:39 PM - Installed DirectX
    RP93: 10/28/2012 10:13:57 PM - Installed DirectX
    RP94: 10/28/2012 10:14:19 PM - Installed DirectX
    RP95: 10/28/2012 10:15:33 PM - WLSetup
    RP96: 11/10/2012 6:08:10 PM - Installed AVG 2013
    RP97: 11/10/2012 6:09:22 PM - Installed AVG 2013
    .
    ==== Installed Programs ======================
    .
    3DChat game client
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.3
    Adobe Shockwave Player 11.6
    Aeria Downloader
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Atheros Driver Installation Program
    AVG 2013
    AVG Security Toolbar
    Becker's CPA Exam Review - 2012 Edition
    Best Buy pc app
    Big Fish Games: Game Manager
    Bing Bar
    Conexant HD Audio
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    Dream of Mirror Online
    Dropbox
    Earth 2150
    Evaer Video Recorder for Skype 1.2.6.29
    Fairway™
    ffdshow [rev 3154] [2009-12-09]
    Garmin Communicator Plugin
    Garmin USB Drivers
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    InstaTrader
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    Java 7 Update 7
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 6 Update 31 (64-bit)
    JavaFX 2.1.1
    Junk Mail filter update
    Label@Once 1.0
    League of Legends
    Magic Online
    Malwarebytes Anti-Malware version 1.65.1.1000
    Messenger Plus! 5
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Hotmail Connector 64-bit
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Movie Maker
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    Pando Media Booster
    PC Tools Registry Mechanic 11.0
    Photo Common
    Photo Gallery
    PlayReady PC Runtime amd64
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Secure Download Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 64-Bit Edition
    Skype Click to Call
    Skype™ 5.10
    SMPlayer 0.7.0
    swMSM
    Synaptics Pointing Device Driver
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Disc Creator
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    ToshibaRegistration
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
    uTorrentControl2 Toolbar
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.10 beta 3 (64-bit)
    Xvid MPEG-4 Video Codec
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/14/2012 2:37:37 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    11/14/2012 2:06:18 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    11/14/2012 2:06:16 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    11/14/2012 2:06:16 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    11/14/2012 2:06:15 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    11/14/2012 10:09:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
    11/14/2012 10:09:33 AM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/10/2012 9:34:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.
    11/10/2012 9:33:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    11/10/2012 9:33:27 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/10/2012 9:31:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    11/10/2012 9:30:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
    11/10/2012 9:27:32 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    11/10/2012 5:05:24 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/10/2012 5:05:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/10/2012 5:05:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/10/2012 5:05:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/10/2012 5:05:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/10/2012 5:05:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/10/2012 5:05:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/10/2012 5:04:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/10/2012 4:50:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect.
    11/10/2012 4:50:30 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
     
  3. fmirza

    fmirza TS Rookie Topic Starter

    Thanks for the response, Jay. Here are the additional logs.

    FRST.exe

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012
    Ran by SYSTEM at 15-11-2012 14:54:19
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [] [x]
    HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [x]
    HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [x]
    HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x]
    HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [x]
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2011-11-17] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2011-10-24] (Yuna Software)
    HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-01-04] (PC Tools)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
    HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-08-30] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
    HKU\Black mage\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4272640 2012-09-12] (Microsoft Corporation)
    HKU\Black mage\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]
    HKU\Black mage\...\Run: [avichannel] "C:\Program Files (x86)\Evaer\videochannel.exe" [1691136 2012-02-02] (Evaer Technology)
    HKU\Black mage\...\Run: [Akamai NetSession Interface] "C:\Users\Black mage\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
    HKU\Black mage\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
    HKU\Black mage\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
    HKU\Black mage\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-19] (Google Inc.)
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$23151697fd8a69cd7506934393e3f49c\n. ATTENTION! ====> ZeroAccess
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\Black mage\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ===================

    2 avgfws; "C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" [1340976 2012-11-02] (AVG Technologies CZ, s.r.o.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
    2 MBAMScheduler; "C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
    2 MBAMService; "C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
    2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-01-04] (PC Tools)
    2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

    ==================== Drivers (Whitelisted) =====================

    1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
    3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-11-15 14:38 - 2012-11-15 14:38 - 01461037 ____A (Farbar) C:\Users\Black mage\Downloads\FRST64 (1).exe
    2012-11-15 14:37 - 2012-11-15 14:37 - 01461037 ____A (Farbar) C:\Users\Black mage\Downloads\FRST64.exe
    2012-11-15 14:37 - 2012-11-15 14:37 - 00000000 ____D C:\FRST
    2012-11-14 23:19 - 2012-11-14 23:19 - 00029978 ____A C:\Users\Black mage\Desktop\dds.txt
    2012-11-14 23:19 - 2012-11-14 23:19 - 00015323 ____A C:\Users\Black mage\Desktop\attach.txt
    2012-11-14 23:14 - 2012-11-14 23:14 - 00001034 ____A C:\Users\Black mage\Desktop\gmer.log
    2012-11-14 12:57 - 2012-11-14 12:57 - 00000821 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-14 12:57 - 2012-11-14 12:57 - 00000000 ____D C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware
    2012-11-14 12:57 - 2012-11-14 12:57 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\Malwarebytes
    2012-11-14 12:57 - 2012-11-14 12:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-14 12:57 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-11-14 12:55 - 2012-11-14 12:55 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Black mage\Downloads\mbam-setup-1.65.1.1000.exe
    2012-11-14 12:54 - 2012-11-14 12:54 - 00688901 ____R (Swearware) C:\Users\Black mage\Downloads\dds.com
    2012-11-14 12:53 - 2012-11-14 12:53 - 00302592 ____A C:\Users\Black mage\Downloads\4jgf925r.exe
    2012-11-13 15:14 - 2012-11-13 15:14 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\AVG2013
    2012-11-11 21:41 - 2012-11-11 21:41 - 00085004 ____A C:\Users\Black mage\Downloads\Me 3 xx.zip
    2012-11-11 21:41 - 2012-11-11 21:41 - 00042398 ____A C:\Users\Black mage\Downloads\llll.bmp
    2012-11-10 18:14 - 2012-11-10 18:14 - 00000976 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-11-10 18:14 - 2012-11-10 18:14 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\TuneUp Software
    2012-11-10 18:09 - 2012-11-14 13:55 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-11-10 17:50 - 2012-11-14 13:04 - 00000000 ____D C:\Users\Black mage\AppData\Local\Avg2013
    2012-11-10 17:50 - 2012-11-10 17:50 - 00000000 ____D C:\Users\Black mage\AppData\Local\MFAData
    2012-11-10 17:06 - 2012-11-10 17:24 - 00007002 ____A C:\Users\Black mage\Desktop\avgrep.txt
    2012-11-09 15:11 - 2012-11-09 15:11 - 00021698 ____A C:\Users\Black mage\Downloads\member.php
    2012-11-04 15:37 - 2012-11-04 15:37 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\Big Fish Games
    2012-11-04 00:56 - 2012-11-04 00:56 - 00001893 ____A C:\Users\Public\Desktop\Play Fairway.lnk
    2012-11-04 00:56 - 2012-11-04 00:56 - 00001244 ____A C:\Users\Public\Desktop\More Great Games.lnk
    2012-11-04 00:55 - 2012-11-04 00:56 - 00000000 ____D C:\Program Files (x86)\Fairway
    2012-11-04 00:40 - 2012-11-04 00:40 - 00000000 ____D C:\Users\All Users\Big Fish Games
    2012-11-04 00:40 - 2012-11-04 00:40 - 00000000 ____D C:\Program Files (x86)\bfgclient
    2012-11-04 00:38 - 2012-11-04 16:37 - 00000000 ____D C:\BigFishGamesCache
    2012-11-04 00:38 - 2012-11-04 00:38 - 00235080 ____A (Big Fish Games) C:\Users\Black mage\Downloads\fairway_s1_l1_gF6759T1L1_d1908469980.exe
    2012-11-04 00:37 - 2012-11-04 00:38 - 00235080 ____A (Big Fish Games) C:\Users\Black mage\Downloads\fairway_s1_l1_gF6759T1L1_d1908469779.exe
    2012-10-28 21:20 - 2012-10-28 21:20 - 00000000 ____D C:\Windows\en
    2012-10-28 21:15 - 2012-09-12 14:20 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
    2012-10-28 21:13 - 2012-10-28 21:13 - 00000000 ___RD C:\Users\Black mage\SkyDrive
    2012-10-28 21:13 - 2012-10-28 21:13 - 00000000 ____D C:\Users\All Users\Microsoft SkyDrive
    2012-10-28 21:13 - 2012-10-28 21:13 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
    2012-10-28 21:09 - 2012-10-28 21:09 - 01239552 ____A (Microsoft Corporation) C:\Users\Black mage\Downloads\wlsetup-web (1).exe
    2012-10-28 12:06 - 2012-10-28 12:06 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F7330700-7A80-43EC-B29B-B3D26821FCFA}
    2012-10-28 00:06 - 2012-10-28 00:06 - 00000000 ____D C:\Users\Black mage\AppData\Local\{AA5350E0-5DB6-4B3F-AD35-437A6B7E815D}
    2012-10-27 10:25 - 2012-10-27 10:25 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F0131E87-753F-4D6B-A0D2-DB434DF1A314}
    2012-10-26 22:24 - 2012-10-26 22:24 - 00000000 ____D C:\Users\Black mage\AppData\Local\{88F662E1-D965-4C4F-BFB3-11C86A0DE77C}
    2012-10-26 21:59 - 2012-10-26 21:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-10-26 10:24 - 2012-10-26 10:24 - 00000000 ____D C:\Users\Black mage\AppData\Local\{FE039671-5DCC-40CB-A237-69A41D127956}
    2012-10-25 22:12 - 2012-10-25 22:13 - 00000000 ____D C:\Users\Black mage\AppData\Local\{A57F09EE-3741-4CF9-8F55-008C3CFE81F4}
    2012-10-24 20:42 - 2012-10-25 10:12 - 00000000 ____D C:\Users\Black mage\AppData\Local\{2FF5027A-CCFC-4D97-952D-8E4E1D0BE8CF}
    2012-10-24 17:17 - 2012-10-24 17:17 - 00000000 __SHD C:\found.000
    2012-10-24 08:42 - 2012-10-24 08:42 - 00000000 ____D C:\Users\Black mage\AppData\Local\{B821BB45-54F5-4E0F-9C44-D93D39204B1A}
    2012-10-23 11:04 - 2012-10-23 11:05 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F4F136EA-5B2F-4A49-9289-52E461F22FA2}
    2012-10-22 22:38 - 2012-10-22 22:38 - 00000000 ____D C:\Users\Black mage\AppData\Local\{C728B0F0-5FFE-41CE-A248-2445E9955C71}
    2012-10-22 13:02 - 2012-10-22 13:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
    2012-10-22 09:24 - 2012-10-22 09:25 - 00000000 ____D C:\Users\Black mage\AppData\Local\{3CB3FFA8-8725-4EAC-B298-9FB8A5113539}
    2012-10-20 22:10 - 2012-10-20 22:10 - 00000000 ____D C:\Users\Black mage\AppData\Local\{80BD52DC-5C44-4812-8B9A-9183BA5CF009}
    2012-10-20 10:10 - 2012-10-20 10:10 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F7CD66D0-2828-4FF9-BB0A-EA57885F8A99}
    2012-10-19 22:09 - 2012-10-19 22:10 - 00000000 ____D C:\Users\Black mage\AppData\Local\{05E03EB6-1CA0-4E87-8655-23F62DCD1BFF}
    2012-10-19 10:09 - 2012-10-19 10:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{D153C140-E546-4719-A2B2-602610A42040}
    2012-10-18 22:09 - 2012-10-18 22:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{FFF79EE6-4282-4CDF-B0FF-AAF29C4EE4B6}
    2012-10-18 10:09 - 2012-10-18 10:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{C5025685-A455-48FF-80A1-27A6CF364297}
    2012-10-17 22:08 - 2012-10-17 22:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F098D6BE-CBB0-428D-92B8-5A68F988D3CC}
    2012-10-17 10:08 - 2012-10-17 10:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{5804D7F2-20CC-4787-938E-AA6EFE1B090A}
    2012-10-16 22:08 - 2012-10-16 22:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{9265D5F3-CD3C-4118-94E9-EB9C69529A9D}
    2012-10-16 15:08 - 2012-10-16 15:38 - 89495474 ____A C:\Users\Black mage\Downloads\camfour_young_couple.avi
    2012-10-16 10:08 - 2012-10-16 10:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{7F870E15-16A9-4713-92A0-735AB807367A}

    ==================== One Month Modified Files and Folders =======

    2012-11-15 14:42 - 2012-04-06 21:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-15 14:40 - 2012-04-02 23:21 - 00004940 ____A C:\Windows\System32\PerfStringBackup.TMP
    2012-11-15 14:38 - 2012-11-15 14:38 - 01461037 ____A (Farbar) C:\Users\Black mage\Downloads\FRST64 (1).exe
    2012-11-15 14:38 - 2011-11-16 19:57 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\Skype
    2012-11-15 14:37 - 2012-11-15 14:37 - 01461037 ____A (Farbar) C:\Users\Black mage\Downloads\FRST64.exe
    2012-11-15 14:37 - 2012-11-15 14:37 - 00000000 ____D C:\FRST
    2012-11-15 13:57 - 2010-07-19 13:43 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-11-15 13:37 - 2011-11-16 16:18 - 00000000 ____D C:\Users\All Users\MFAData
    2012-11-15 11:58 - 2011-11-16 16:19 - 00000000 ____D C:\Users\Black mage\AppData\Local\Windows Live
    2012-11-14 23:56 - 2011-11-16 16:43 - 00000000 ____D C:\Users\Black mage\Tracing
    2012-11-14 23:35 - 2011-12-08 20:18 - 00000420 ____A C:\Windows\SysWOW64\AppLog.log
    2012-11-14 23:35 - 2011-12-08 02:00 - 00000296 ____A C:\Windows\Tasks\RMSchedule.job
    2012-11-14 23:19 - 2012-11-14 23:19 - 00029978 ____A C:\Users\Black mage\Desktop\dds.txt
    2012-11-14 23:19 - 2012-11-14 23:19 - 00015323 ____A C:\Users\Black mage\Desktop\attach.txt
    2012-11-14 23:14 - 2012-11-14 23:14 - 00001034 ____A C:\Users\Black mage\Desktop\gmer.log
    2012-11-14 19:57 - 2010-07-19 13:43 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-14 14:13 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-14 14:13 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-14 14:08 - 2012-05-06 18:35 - 00000000 ___RD C:\Users\Black mage\Dropbox
    2012-11-14 14:08 - 2012-05-06 18:07 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\Dropbox
    2012-11-14 14:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-14 14:06 - 2009-07-13 20:51 - 00047106 ____A C:\Windows\setupact.log
    2012-11-14 14:01 - 2010-07-19 13:59 - 00254652 ____A C:\Windows\PFRO.log
    2012-11-14 13:59 - 2011-11-24 22:54 - 00000000 ____D C:\Program Files (x86)\BrowserCompanion
    2012-11-14 13:55 - 2012-11-10 18:09 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-11-14 13:04 - 2012-11-10 17:50 - 00000000 ____D C:\Users\Black mage\AppData\Local\Avg2013
    2012-11-14 12:57 - 2012-11-14 12:57 - 00000821 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-14 12:57 - 2012-11-14 12:57 - 00000000 ____D C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware
    2012-11-14 12:57 - 2012-11-14 12:57 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\Malwarebytes
    2012-11-14 12:57 - 2012-11-14 12:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-14 12:55 - 2012-11-14 12:55 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Black mage\Downloads\mbam-setup-1.65.1.1000.exe
    2012-11-14 12:54 - 2012-11-14 12:54 - 00688901 ____R (Swearware) C:\Users\Black mage\Downloads\dds.com
    2012-11-14 12:53 - 2012-11-14 12:53 - 00302592 ____A C:\Users\Black mage\Downloads\4jgf925r.exe
    2012-11-14 01:21 - 2012-01-08 19:53 - 00000000 ____D C:\Users\Black mage\AppData\Local\PMB Files
    2012-11-14 01:21 - 2012-01-08 19:53 - 00000000 ____D C:\Users\All Users\PMB Files
    2012-11-13 15:14 - 2012-11-13 15:14 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\AVG2013
    2012-11-13 15:14 - 2011-12-17 22:22 - 00000000 ____D C:\Program Files (x86)\AVG
    2012-11-11 21:41 - 2012-11-11 21:41 - 00085004 ____A C:\Users\Black mage\Downloads\Me 3 xx.zip
    2012-11-11 21:41 - 2012-11-11 21:41 - 00042398 ____A C:\Users\Black mage\Downloads\llll.bmp
    2012-11-10 18:16 - 2012-05-01 11:23 - 00000000 ___HD C:\$AVG
    2012-11-10 18:14 - 2012-11-10 18:14 - 00000976 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-11-10 18:14 - 2012-11-10 18:14 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\TuneUp Software
    2012-11-10 17:50 - 2012-11-10 17:50 - 00000000 ____D C:\Users\Black mage\AppData\Local\MFAData
    2012-11-10 17:25 - 2011-11-15 19:25 - 01645978 ____A C:\Windows\WindowsUpdate.log
    2012-11-10 17:24 - 2012-11-10 17:06 - 00007002 ____A C:\Users\Black mage\Desktop\avgrep.txt
    2012-11-09 15:11 - 2012-11-09 15:11 - 00021698 ____A C:\Users\Black mage\Downloads\member.php
    2012-11-09 14:13 - 2011-11-28 01:39 - 00000000 ____D C:\Users\Black mage\Documents\Evaer
    2012-11-08 23:23 - 2012-07-21 13:55 - 00000000 ____D C:\Users\All Users\AVG Secure Search
    2012-11-08 23:22 - 2012-07-21 13:55 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-11-08 23:22 - 2012-07-21 13:55 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-11-07 22:48 - 2011-11-16 16:44 - 00000000 ____D C:\Users\Black mage\Documents\My Received Files
    2012-11-04 16:37 - 2012-11-04 00:38 - 00000000 ____D C:\BigFishGamesCache
    2012-11-04 15:37 - 2012-11-04 15:37 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\Big Fish Games
    2012-11-04 00:56 - 2012-11-04 00:56 - 00001893 ____A C:\Users\Public\Desktop\Play Fairway.lnk
    2012-11-04 00:56 - 2012-11-04 00:56 - 00001244 ____A C:\Users\Public\Desktop\More Great Games.lnk
    2012-11-04 00:56 - 2012-11-04 00:55 - 00000000 ____D C:\Program Files (x86)\Fairway
    2012-11-04 00:40 - 2012-11-04 00:40 - 00000000 ____D C:\Users\All Users\Big Fish Games
    2012-11-04 00:40 - 2012-11-04 00:40 - 00000000 ____D C:\Program Files (x86)\bfgclient
    2012-11-04 00:38 - 2012-11-04 00:38 - 00235080 ____A (Big Fish Games) C:\Users\Black mage\Downloads\fairway_s1_l1_gF6759T1L1_d1908469980.exe
    2012-11-04 00:38 - 2012-11-04 00:37 - 00235080 ____A (Big Fish Games) C:\Users\Black mage\Downloads\fairway_s1_l1_gF6759T1L1_d1908469779.exe
    2012-10-31 09:42 - 2011-11-16 19:55 - 00000000 ____D C:\Users\All Users\Skype
    2012-10-28 21:20 - 2012-10-28 21:20 - 00000000 ____D C:\Windows\en
    2012-10-28 21:16 - 2010-07-19 13:45 - 00000000 ____D C:\Program Files (x86)\Windows Live
    2012-10-28 21:15 - 2011-11-16 16:24 - 00000000 ____D C:\Program Files\Windows Live
    2012-10-28 21:15 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-10-28 21:13 - 2012-10-28 21:13 - 00000000 ___RD C:\Users\Black mage\SkyDrive
    2012-10-28 21:13 - 2012-10-28 21:13 - 00000000 ____D C:\Users\All Users\Microsoft SkyDrive
    2012-10-28 21:13 - 2012-10-28 21:13 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
    2012-10-28 21:13 - 2011-11-16 15:01 - 00000000 ____D C:\users\Black mage
    2012-10-28 21:13 - 2010-07-19 13:42 - 00300408 ____A C:\Windows\DirectX.log
    2012-10-28 21:09 - 2012-10-28 21:09 - 01239552 ____A (Microsoft Corporation) C:\Users\Black mage\Downloads\wlsetup-web (1).exe
    2012-10-28 12:06 - 2012-10-28 12:06 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F7330700-7A80-43EC-B29B-B3D26821FCFA}
    2012-10-28 00:06 - 2012-10-28 00:06 - 00000000 ____D C:\Users\Black mage\AppData\Local\{AA5350E0-5DB6-4B3F-AD35-437A6B7E815D}
    2012-10-27 10:25 - 2012-10-27 10:25 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F0131E87-753F-4D6B-A0D2-DB434DF1A314}
    2012-10-27 07:29 - 2012-04-25 16:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-10-26 22:24 - 2012-10-26 22:24 - 00000000 ____D C:\Users\Black mage\AppData\Local\{88F662E1-D965-4C4F-BFB3-11C86A0DE77C}
    2012-10-26 21:59 - 2012-10-26 21:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-10-26 10:24 - 2012-10-26 10:24 - 00000000 ____D C:\Users\Black mage\AppData\Local\{FE039671-5DCC-40CB-A237-69A41D127956}
    2012-10-25 22:13 - 2012-10-25 22:12 - 00000000 ____D C:\Users\Black mage\AppData\Local\{A57F09EE-3741-4CF9-8F55-008C3CFE81F4}
    2012-10-25 10:12 - 2012-10-24 20:42 - 00000000 ____D C:\Users\Black mage\AppData\Local\{2FF5027A-CCFC-4D97-952D-8E4E1D0BE8CF}
    2012-10-24 17:17 - 2012-10-24 17:17 - 00000000 __SHD C:\found.000
    2012-10-24 08:42 - 2012-10-24 08:42 - 00000000 ____D C:\Users\Black mage\AppData\Local\{B821BB45-54F5-4E0F-9C44-D93D39204B1A}
    2012-10-23 11:05 - 2012-10-23 11:04 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F4F136EA-5B2F-4A49-9289-52E461F22FA2}
    2012-10-23 11:05 - 2011-12-03 13:57 - 00000000 ____D C:\Users\Black mage\AppData\Local\Akamai
    2012-10-22 22:38 - 2012-10-22 22:38 - 00000000 ____D C:\Users\Black mage\AppData\Local\{C728B0F0-5FFE-41CE-A248-2445E9955C71}
    2012-10-22 13:02 - 2012-10-22 13:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
    2012-10-22 09:25 - 2012-10-22 09:24 - 00000000 ____D C:\Users\Black mage\AppData\Local\{3CB3FFA8-8725-4EAC-B298-9FB8A5113539}
    2012-10-20 22:10 - 2012-10-20 22:10 - 00000000 ____D C:\Users\Black mage\AppData\Local\{80BD52DC-5C44-4812-8B9A-9183BA5CF009}
    2012-10-20 10:10 - 2012-10-20 10:10 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F7CD66D0-2828-4FF9-BB0A-EA57885F8A99}
    2012-10-19 22:10 - 2012-10-19 22:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{05E03EB6-1CA0-4E87-8655-23F62DCD1BFF}
    2012-10-19 10:09 - 2012-10-19 10:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{D153C140-E546-4719-A2B2-602610A42040}
    2012-10-18 22:09 - 2012-10-18 22:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{FFF79EE6-4282-4CDF-B0FF-AAF29C4EE4B6}
    2012-10-18 10:09 - 2012-10-18 10:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{C5025685-A455-48FF-80A1-27A6CF364297}
    2012-10-17 22:09 - 2012-10-17 22:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F098D6BE-CBB0-428D-92B8-5A68F988D3CC}
    2012-10-17 10:08 - 2012-10-17 10:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{5804D7F2-20CC-4787-938E-AA6EFE1B090A}
    2012-10-16 22:08 - 2012-10-16 22:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{9265D5F3-CD3C-4118-94E9-EB9C69529A9D}
    2012-10-16 10:08 - 2012-10-16 10:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{7F870E15-16A9-4713-92A0-735AB807367A}


    ZeroAccess:
    C:\Windows\Installer\{23151697-fd8a-69cd-7506-934393e3f49c}
    C:\Windows\Installer\{23151697-fd8a-69cd-7506-934393e3f49c}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-1033597099-3782703190-954538369-1000\$23151697fd8a69cd7506934393e3f49c

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$23151697fd8a69cd7506934393e3f49c

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-28 21:11:56
    Restore point made on: 2012-10-28 21:13:45
    Restore point made on: 2012-10-28 21:14:13
    Restore point made on: 2012-10-28 21:14:38
    Restore point made on: 2012-10-28 21:15:39
    Restore point made on: 2012-11-10 18:08:37
    Restore point made on: 2012-11-10 18:09:35

    ==================== Memory info ===========================

    Percentage of memory in use: 17%
    Total physical RAM: 2939.98 MB
    Available physical RAM: 2423.99 MB
    Total Pagefile: 2938.13 MB
    Available Pagefile: 2419.16 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: (TI105952W0C) (Fixed) (Total:222.34 GB) (Free:122.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (VICTORINOX) (Removable) (Total:7.53 GB) (Free:7.48 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 Online 7712 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 1500 MB 1024 KB
    Partition 2 Primary 222 GB 1501 MB
    Partition 3 Primary 9 GB 223 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI105952W0C NTFS Partition 222 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 7712 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    =========================================================

    Last Boot: 2012-11-12 09:38

    ==================== End Of Log =============================


    Unfortunately, I couldn't find the search.txt log. I searched the entire hard drive and the flash drive with no luck. Should I try rescanning?
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay, here is next step...

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  5. fmirza

    fmirza TS Rookie Topic Starter

    Here's the fixlog.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-11-2012
    Ran by SYSTEM at 2012-11-16 09:26:01 Run:1
    Running from F:\

    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  7. fmirza

    fmirza TS Rookie Topic Starter

    Whenever I start ComboFix normally, it freezes halfway in the process of unzipping its files before even starting. So I ran it in safe mode and when ComboFix was about to start, it said that it detected real time protection from AVG 2012, which I no longer have. I tried disabling AVG 2013 went as far as to uninstall AVG altogether and I'm still getting that message. Should I continue with the ComboFix anyway?
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Do this, then try again please:

    RogueKiller Scan

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
     
  9. fmirza

    fmirza TS Rookie Topic Starter

    So I was able to run both, sorry for taking so long.

    Here are the RK reports.

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode
    User: Black mage [Admin rights]
    Mode: Scan -- Date: 11/21/2012 10:06:34

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] U : c:\windows\installer\{23151697-fd8a-69cd-7506-934393e3f49c}\U --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
    --- User ---
    [MBR] e0c606d3f1f977c085148ef792d58b31
    [BSP] 76ce2fb0f38e8af641f56befc56cb22e : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227677 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469356544 | Size: 9297 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[6].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
    RKreport[6].txt

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode
    User: Black mage [Admin rights]
    Mode: Scan -- Date: 11/21/2012 10:06:34

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] U : c:\windows\installer\{23151697-fd8a-69cd-7506-934393e3f49c}\U --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
    --- User ---
    [MBR] e0c606d3f1f977c085148ef792d58b31
    [BSP] 76ce2fb0f38e8af641f56befc56cb22e : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227677 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469356544 | Size: 9297 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[6].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
    RKreport[6].txt


    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode
    User: Black mage [Admin rights]
    Mode: Remove -- Date: 11/21/2012 10:07:37

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] U : c:\windows\installer\{23151697-fd8a-69cd-7506-934393e3f49c}\U --> REMOVED
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> REMOVED AT REBOOT
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> REMOVED AT REBOOT

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
    --- User ---
    [MBR] e0c606d3f1f977c085148ef792d58b31
    [BSP] 76ce2fb0f38e8af641f56befc56cb22e : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227677 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469356544 | Size: 9297 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[7].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
    RKreport[6].txt ; RKreport[7].txt


    Here is the combo fix log.

    ComboFix 12-11-21.01 - Black mage 11/21/2012 10:52:34.3.1 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.2210 [GMT -8:00]
    Running from: c:\users\Black mage\Desktop\iexplore.exe.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\BrowserCompanion
    c:\program files (x86)\BrowserCompanion\logo.ico
    c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll_1
    c:\users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\{23A78B09-0511-44B7-97D4-AF54ECCF391B}.xps
    c:\users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3A1E74F7-01E4-4464-9E5C-68162B6D2168}.xps
    c:\users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C63A5A9A-E713-47D0-935E-58A6C0C02722}.xps
    c:\users\Black mage\Documents\~WRL2326.tmp
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    .
    Infected copy of c:\windows\system32\Services.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-21 19:47 . 2012-11-21 19:47--------d-----w-c:\users\Default\AppData\Local\temp
    2012-11-19 05:05 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-11-19 05:05 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-11-19 05:05 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-19 05:05 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
    2012-11-19 04:49 . 2012-10-08 11:231392128----a-w-c:\windows\system32\wininet.dll
    2012-11-19 04:41 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-11-19 04:41 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2012-11-19 04:41 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
    2012-11-19 04:41 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-11-19 04:41 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
    2012-11-19 04:41 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
    2012-11-19 04:41 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-11-17 23:28 . 2012-10-09 18:1755296----a-w-c:\windows\system32\dhcpcsvc6.dll
    2012-11-17 23:28 . 2012-10-09 18:17226816----a-w-c:\windows\system32\dhcpcore6.dll
    2012-11-17 23:28 . 2012-10-09 17:4044032----a-w-c:\windows\SysWow64\dhcpcsvc6.dll
    2012-11-17 23:28 . 2012-10-09 17:40193536----a-w-c:\windows\SysWow64\dhcpcore6.dll
    2012-11-17 23:23 . 2012-08-24 18:05220160----a-w-c:\windows\system32\wintrust.dll
    2012-11-17 23:23 . 2012-08-24 16:57172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-11-17 23:23 . 2012-09-14 19:192048----a-w-c:\windows\system32\tzres.dll
    2012-11-17 23:23 . 2012-09-14 18:282048----a-w-c:\windows\SysWow64\tzres.dll
    2012-11-17 23:23 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-11-17 23:22 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
    2012-11-17 23:22 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
    2012-11-17 23:22 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
    2012-11-17 23:22 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
    2012-11-17 23:22 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2012-11-17 23:22 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2012-11-17 23:22 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2012-11-17 23:22 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2012-11-17 23:22 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
    2012-11-17 23:22 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
    2012-11-17 22:48 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
    2012-11-17 22:48 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
    2012-11-17 22:48 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
    2012-11-17 22:48 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
    2012-11-17 22:48 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
    2012-11-17 22:48 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
    2012-11-17 22:48 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
    2012-11-17 22:48 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
    2012-11-17 22:48 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
    2012-11-17 22:48 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-11-17 22:48 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-11-17 18:45 . 2012-11-18 06:45--------d-----w-c:\program files (x86)\AVG Secure Search
    2012-11-15 22:37 . 2012-11-15 22:37--------d-----w-C:\FRST
    2012-11-14 20:57 . 2012-11-14 20:57--------d-----w-c:\users\Black mage\AppData\Roaming\Malwarebytes
    2012-11-14 20:57 . 2012-11-14 20:57--------d-----w-c:\programdata\Malwarebytes
    2012-11-14 20:57 . 2012-09-30 03:5425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-11-13 23:14 . 2012-11-13 23:14--------d-----w-c:\users\Black mage\AppData\Roaming\AVG2013
    2012-11-11 02:14 . 2012-11-11 02:14--------d-----w-c:\users\Black mage\AppData\Roaming\TuneUp Software
    2012-11-11 02:09 . 2012-11-17 18:45--------d-----w-c:\programdata\AVG2013
    2012-11-11 01:50 . 2012-11-14 21:04--------d-----w-c:\users\Black mage\AppData\Local\Avg2013
    2012-11-11 01:50 . 2012-11-11 01:50--------d-----w-c:\users\Black mage\AppData\Local\MFAData
    2012-11-04 23:37 . 2012-11-04 23:37--------d-----w-c:\users\Black mage\AppData\Roaming\Big Fish Games
    2012-11-04 08:55 . 2012-11-04 08:56--------d-----w-c:\program files (x86)\Fairway
    2012-11-04 08:40 . 2012-11-04 08:40--------d-----w-c:\programdata\Big Fish Games
    2012-11-04 08:40 . 2012-11-04 08:40--------d-----w-c:\program files (x86)\bfgclient
    2012-11-04 08:38 . 2012-11-05 00:37--------d-----w-C:\BigFishGamesCache
    2012-10-29 05:20 . 2012-10-29 05:20--------d-----w-c:\windows\en
    2012-10-29 05:15 . 2012-09-12 22:2057856----a-w-c:\windows\system32\drivers\fssfltr.sys
    2012-10-29 05:13 . 2012-10-29 05:13--------d-----w-c:\program files (x86)\Microsoft SkyDrive
    2012-10-29 05:13 . 2012-10-29 05:125659096----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\fb05c59d1cdb59301\skydrivesetup.exe
    2012-10-29 05:13 . 2012-10-29 05:13--------d-----r-c:\users\Black mage\SkyDrive
    2012-10-29 05:13 . 2012-10-29 05:1389944----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\212082c21cdb59404\DSETUP.dll
    2012-10-29 05:13 . 2012-10-29 05:13537432----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\212082c21cdb59404\DXSETUP.exe
    2012-10-29 05:13 . 2012-10-29 05:131801048----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\212082c21cdb59404\dsetup32.dll
    2012-10-29 05:13 . 2012-10-29 05:13--------d-----w-c:\programdata\Microsoft SkyDrive
    2012-10-29 05:13 . 2012-10-29 05:1389944----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\102e094c1cdb59403\DSETUP.dll
    2012-10-29 05:13 . 2012-10-29 05:13537432----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\102e094c1cdb59403\DXSETUP.exe
    2012-10-29 05:13 . 2012-10-29 05:131801048----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\102e094c1cdb59403\dsetup32.dll
    2012-10-29 05:12 . 2012-10-29 05:1294040----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\e316e891cdb59402\DSETUP.dll
    2012-10-29 05:12 . 2012-10-29 05:12525656----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\e316e891cdb59402\DXSETUP.exe
    2012-10-29 05:12 . 2012-10-29 05:121691480----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\e316e891cdb59402\dsetup32.dll
    2012-10-25 01:17 . 2012-10-25 01:17--------d-----w-C:\found.000
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-21 18:15 . 2012-04-03 07:214940----a-w-c:\windows\system32\PerfStringBackup.TMP
    2012-11-09 07:22 . 2012-07-21 21:5530568----a-w-c:\windows\system32\drivers\avgtpx64.sys
    2012-10-30 05:04 . 2011-12-05 22:4666395536----a-w-c:\windows\system32\MRT.exe
    2012-10-15 11:48 . 2012-10-15 11:4863328----a-w-c:\windows\system32\drivers\avgidsha.sys
    2012-10-08 20:49 . 2012-04-07 05:09696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-08 20:49 . 2011-11-18 01:4373656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-30 03:47 . 2012-09-30 03:4795208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-30 03:47 . 2012-08-07 10:21821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-09-30 03:47 . 2012-01-10 05:29746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-09-21 11:46 . 2012-09-21 11:46200032----a-w-c:\windows\system32\drivers\avgtdia.sys
    2012-09-21 11:46 . 2012-09-21 11:46225120----a-w-c:\windows\system32\drivers\avgloga.sys
    2012-09-12 23:07 . 2012-09-12 23:0758368----a-w-c:\windows\SysWow64\sirenacm.dll
    2012-09-12 22:57 . 2012-09-12 22:57322048----a-w-c:\windows\WLXPGSS.SCR
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 08:49176936----a-w-c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-11-18 06:451796552----a-w-c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-18 1796552]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-10-29 05:13220632----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-10-29 05:13220632----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-10-29 05:13220632----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avichannel"="c:\program files (x86)\Evaer\videochannel.exe" [2012-02-03 1691136]
    "Akamai NetSession Interface"="c:\users\Black mage\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17420464]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-19 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-11-18 296056]
    "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-25 801792]
    "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-05 103896]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-18 997320]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
    "ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-11-17 856160]
    .
    c:\users\Black mage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Black mage\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-18 1255736]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 MBAMScheduler;MBAMScheduler;c:\users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 MBAMService;MBAMService;c:\users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-01-05 793048]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-05 75816]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    AkamaiREG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 20:49]
    .
    2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:43]
    .
    2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:43]
    .
    2012-11-21 c:\windows\Tasks\RMSchedule.job
    - c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2011-12-08 05:24]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-10-29 05:13244696----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-10-29 05:13244696----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-10-29 05:13244696----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
    uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Black mage\AppData\Roaming\Mozilla\Firefox\Profiles\cpyojn77.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
    Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
    SafeBoot-76104852.sys
    Toolbar-Locked - (no file)
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1033597099-3782703190-954538369-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1033597099-3782703190-954538369-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    c:\users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-21 12:32:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-21 20:32
    .
    Pre-Run: 133,104,660,480 bytes free
    Post-Run: 134,057,418,752 bytes free
    .
    - - End Of File - - 13F129ABE3C0878BE3F802C237BB3777
    It seemed like it found the infected services.exe file, but I want to make sure that everything is clean and that there aren't any files that I need to replace.
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Sorry for delay. I just came back from my short vacation. :)

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  11. fmirza

    fmirza TS Rookie Topic Starter

    Sorry about the late response now, I also went on vacation. I just got back and I haven't had a chance to do anything, I just wanted to let you know that I haven't disappeared and I appreciate the help so far.
     
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent! Please do ComboFix when you get a chance. But, delete the old copy of ComboFix first, then download a new one from here.
     
  13. fmirza

    fmirza TS Rookie Topic Starter

    Here's the combofix log.

    ComboFix 12-11-29.02 - Black mage 12/01/2012 10:03:43.6.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1848 [GMT -8:00]
    Running from: c:\users\Black mage\Desktop\ComboFix.exe
    Command switches used :: c:\users\Black mage\Desktop\CFScript.txt
    AV: AVG Internet Security 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Internet Security 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-01 18:20 . 2012-12-01 18:20--------d-----w-c:\users\Default\AppData\Local\temp
    2012-12-01 18:20 . 2012-12-01 18:20--------d-----w-c:\users\Administrator\AppData\Local\temp
    2012-11-25 23:57 . 2012-11-25 23:57--------d-----w-c:\program files (x86)\Common Files\Skype
    2012-11-19 05:05 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-11-19 05:05 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-11-19 05:05 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-19 05:05 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
    2012-11-19 04:49 . 2012-10-08 11:231392128----a-w-c:\windows\system32\wininet.dll
    2012-11-19 04:41 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-11-19 04:41 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2012-11-19 04:41 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
    2012-11-19 04:41 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-11-19 04:41 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
    2012-11-19 04:41 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
    2012-11-19 04:41 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-11-17 23:28 . 2012-10-09 18:1755296----a-w-c:\windows\system32\dhcpcsvc6.dll
    2012-11-17 23:28 . 2012-10-09 18:17226816----a-w-c:\windows\system32\dhcpcore6.dll
    2012-11-17 23:28 . 2012-10-09 17:4044032----a-w-c:\windows\SysWow64\dhcpcsvc6.dll
    2012-11-17 23:28 . 2012-10-09 17:40193536----a-w-c:\windows\SysWow64\dhcpcore6.dll
    2012-11-17 23:23 . 2012-08-24 18:05220160----a-w-c:\windows\system32\wintrust.dll
    2012-11-17 23:23 . 2012-08-24 16:57172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-11-17 23:23 . 2012-09-14 19:192048----a-w-c:\windows\system32\tzres.dll
    2012-11-17 23:23 . 2012-09-14 18:282048----a-w-c:\windows\SysWow64\tzres.dll
    2012-11-17 23:23 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-11-17 23:22 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
    2012-11-17 23:22 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
    2012-11-17 23:22 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
    2012-11-17 23:22 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
    2012-11-17 23:22 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2012-11-17 23:22 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2012-11-17 23:22 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2012-11-17 23:22 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2012-11-17 23:22 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
    2012-11-17 23:22 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
    2012-11-17 22:48 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
    2012-11-17 22:48 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
    2012-11-17 22:48 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
    2012-11-17 22:48 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
    2012-11-17 22:48 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
    2012-11-17 22:48 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
    2012-11-17 22:48 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
    2012-11-17 22:48 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
    2012-11-17 22:48 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
    2012-11-17 22:48 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-11-17 22:48 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-11-17 18:45 . 2012-11-18 06:45--------d-----w-c:\program files (x86)\AVG Secure Search
    2012-11-15 22:37 . 2012-11-15 22:37--------d-----w-C:\FRST
    2012-11-14 20:57 . 2012-11-14 20:57--------d-----w-c:\users\Black mage\AppData\Roaming\Malwarebytes
    2012-11-14 20:57 . 2012-11-14 20:57--------d-----w-c:\programdata\Malwarebytes
    2012-11-14 20:57 . 2012-09-30 03:5425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-11-13 23:14 . 2012-11-13 23:14--------d-----w-c:\users\Black mage\AppData\Roaming\AVG2013
    2012-11-11 02:14 . 2012-11-11 02:14--------d-----w-c:\users\Black mage\AppData\Roaming\TuneUp Software
    2012-11-11 02:09 . 2012-11-22 21:17--------d-----w-c:\programdata\AVG2013
    2012-11-11 01:50 . 2012-11-14 21:04--------d-----w-c:\users\Black mage\AppData\Local\Avg2013
    2012-11-11 01:50 . 2012-11-11 01:50--------d-----w-c:\users\Black mage\AppData\Local\MFAData
    2012-11-04 23:37 . 2012-11-04 23:37--------d-----w-c:\users\Black mage\AppData\Roaming\Big Fish Games
    2012-11-04 08:55 . 2012-11-04 08:56--------d-----w-c:\program files (x86)\Fairway
    2012-11-04 08:40 . 2012-11-04 08:40--------d-----w-c:\programdata\Big Fish Games
    2012-11-04 08:40 . 2012-11-04 08:40--------d-----w-c:\program files (x86)\bfgclient
    2012-11-04 08:38 . 2012-11-05 00:37--------d-----w-C:\BigFishGamesCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-01 05:30 . 2012-04-03 07:214940----a-w-c:\windows\system32\PerfStringBackup.TMP
    2012-11-09 07:22 . 2012-07-21 21:5530568----a-w-c:\windows\system32\drivers\avgtpx64.sys
    2012-10-30 05:04 . 2011-12-05 22:4666395536----a-w-c:\windows\system32\MRT.exe
    2012-10-15 11:48 . 2012-10-15 11:4863328----a-w-c:\windows\system32\drivers\avgidsha.sys
    2012-10-08 20:49 . 2012-04-07 05:09696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-08 20:49 . 2011-11-18 01:4373656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-30 03:47 . 2012-09-30 03:4795208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-30 03:47 . 2012-08-07 10:21821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-09-30 03:47 . 2012-01-10 05:29746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-09-21 11:46 . 2012-09-21 11:46200032----a-w-c:\windows\system32\drivers\avgtdia.sys
    2012-09-21 11:46 . 2012-09-21 11:46225120----a-w-c:\windows\system32\drivers\avgloga.sys
    2012-09-12 23:07 . 2012-09-12 23:0758368----a-w-c:\windows\SysWow64\sirenacm.dll
    2012-09-12 22:57 . 2012-09-12 22:57322048----a-w-c:\windows\WLXPGSS.SCR
    2012-09-12 22:20 . 2012-10-29 05:1557856----a-w-c:\windows\system32\drivers\fssfltr.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 08:49176936----a-w-c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-11-18 06:451796552----a-w-c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-18 1796552]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-10-29 05:13220632----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-10-29 05:13220632----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-10-29 05:13220632----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Black mage\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-19 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-11-18 296056]
    "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-25 801792]
    "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-05 103896]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-18 997320]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
    "ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-11-17 856160]
    .
    c:\users\Black mage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Black mage\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux2"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-18 1255736]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-01-05 793048]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-05 75816]
    S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    AkamaiREG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 20:49]
    .
    2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:43]
    .
    2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:43]
    .
    2012-12-01 c:\windows\Tasks\RMSchedule.job
    - c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2011-12-08 05:24]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-10-29 05:13244696----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-10-29 05:13244696----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-10-29 05:13244696----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
    "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
    "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
    "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
    uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Black mage\AppData\Roaming\Mozilla\Firefox\Profiles\cpyojn77.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1033597099-3782703190-954538369-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1033597099-3782703190-954538369-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-01 10:38:37
    ComboFix-quarantined-files.txt 2012-12-01 18:38
    ComboFix2.txt 2012-11-21 20:32
    .
    Pre-Run: 134,125,137,920 bytes free
    Post-Run: 133,698,985,984 bytes free
    .
    - - End Of File - - D38C8ACA3EA978F57AA726EBC0668DF8
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.


    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  15. fmirza

    fmirza TS Rookie Topic Starter

    I appreciate your patience, I know that this is all your free time that you're donating and I'm certainly not looking to abuse it. As of Monday, I just started working two jobs, and the computer has sort of fallen on the backburner a little. The computer gets slow every once in a while, and it's fixed with a quick reboot in nearly all cases. Occasionally, the CPU usage also clocks to 100%, which is usually when the computer slows. I'll go ahead and run the programs as soon as I can. Just wanted to check in.
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okie dokie. :)
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Still waiting for you. :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.