TechSpot

Windows 7 acting strange after removing potential malware

Inactive
By txcat
Jun 19, 2012
  1. After removing some files with malwarebytes and avast boot scan I couldnt launch anything like firefox or other programs and my start menu programs file was empty. It wouldn't let me reboot the computer so I had to hard power down. I ran MWB's in safe mode and it turned up nothing. My program files are showing up again and firefox is now working. Is there something else I can do to make sure my computer is clean?
     
  2. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. txcat

    txcat TS Rookie Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.19.07


    Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
    Internet Explorer 9.0.8112.16421
    Wilsons :: WILSONS-PC [administrator]

    Protection: Disabled

    6/19/2012 6:50:33 PM
    mbam-log-2012-06-19 (18-50-33).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 202257
    Time elapsed: 2 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    -------------------------

    GMER log is blank

    -------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Wilsons at 21:29:54 on 2012-06-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5704 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Users\Wilsons\Desktop\u058g60g.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [<NO NAME>]
    mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A3E4C954-CAE9-4A05-A74E-752118325193} : DhcpNameServer = 192.168.1.1
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    BHO-X64: AMD SteadyVideo BHO - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [(Default)]
    mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Wilsons\AppData\Roaming\Mozilla\Firefox\Profiles\93h3dee9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2012-2-21 30592]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-7 44768]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-14 654408]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-28 1153368]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 rzudd;Razer Mouse Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]
    R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-6-17 166576]
    S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-06-19 22:16:15 -------- d-----r- C:\Sandbox
    2012-06-19 22:13:11 -------- d-----w- C:\Program Files\Sandboxie
    2012-06-19 21:00:55 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2409A4ED-0EB2-4F7F-BA5E-7A2456EEB858}\mpengine.dll
    2012-06-18 22:16:54 -------- d-----w- C:\ProgramData\SecTaskMan
    2012-06-18 22:16:42 -------- d-----w- C:\Program Files (x86)\Security Task Manager
    2012-06-18 21:48:10 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-18 21:47:27 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-18 21:47:03 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-18 21:47:03 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-16 13:43:08 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-16 13:43:08 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-15 00:04:13 -------- d-----w- C:\Users\Wilsons\AppData\Roaming\Malwarebytes
    2012-06-15 00:04:08 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-15 00:04:07 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-15 00:04:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-14 23:12:39 -------- d-----w- C:\Users\Wilsons\AppData\Local\Microsoft Help
    2012-06-13 21:27:53 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 11:55:56 -------- d-----w- C:\Users\Wilsons\AppData\Local\Macromedia
    2012-06-12 01:11:02 -------- d-----w- C:\Program Files (x86)\Monitor Calibration Wizard
    2012-05-24 23:13:48 -------- d-----w- C:\Program Files (x86)\Coupons
    .
    ==================== Find3M ====================
    .
    2012-06-13 11:55:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-13 11:55:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 02:50:18 94208 ----a-w- C:\Windows\System32\drivers\rzudd.sys
    2012-05-15 02:36:12 142848 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
    2012-05-15 02:36:02 354816 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
    2012-05-15 02:36:00 165888 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-05 08:17:22 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-04-06 03:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
    2012-04-06 03:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-04-06 03:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-04-06 03:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-04-06 03:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-04-06 03:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-04-06 03:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
    2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
    2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-04-06 01:17:04 71680 ----a-w- C:\Windows\System32\amdave64.dll
    2012-04-06 01:16:58 72704 ----a-w- C:\Windows\SysWow64\amdave32.dll
    2012-04-06 01:16:48 72704 ----a-w- C:\Windows\System32\atisamu64.dll
    2012-04-06 01:16:42 67584 ----a-w- C:\Windows\atisamu32.dll
    2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 21:30:10.55 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/28/2012 1:03:01 PM
    System Uptime: 6/19/2012 6:54:02 PM (3 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4N68T-M-V2
    Processor: AMD Phenom(tm) II X6 1055T Processor | AM3 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 527.569 GiB free.
    D: is CDROM ()
    E: is FIXED (FAT32) - 931 GiB total, 858.633 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP65: 6/13/2012 11:06:47 PM - Windows Update
    RP66: 6/14/2012 6:11:44 PM - Installed Microsoft Office Professional Plus 2010 Trial
    RP67: 6/14/2012 6:45:04 PM - Windows Update
    RP68: 6/18/2012 4:46:38 PM - Windows Update
    RP69: 6/19/2012 3:58:29 PM - Windows Update
    RP70: 6/19/2012 4:47:35 PM - Removed Microsoft Office Professional Plus 2010
    .
    ==== Installed Programs ======================
    .
    4500_G510gm_Help
    4500G510gm
    4500G510gm_Software_Min
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    AMD VISION Engine Control Center
    Amnesia: The Dark Descent
    avast! Free Antivirus
    BOSS
    BufferChm
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cool & Quiet
    Coupon Printer for Windows
    Creation Kit
    Diablo III
    Diablo III Beta
    Fallout Mod Manager 0.13.21
    FXAA Post Process Injector
    GIMP 2.6.11
    Java Auto Updater
    Java(TM) 6 Update 31
    Left 4 Dead
    Left 4 Dead 2
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mass Effect
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0 Refresh
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Monitor Calibration Wizard 1.0
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Portal
    Portal 2
    Python 2.7 pywin32-216
    Python 2.7.2
    Razer Synapse 2.0
    Realistic Colors and Real Nights 2.0 - HDR Edition -
    Rhapsody
    Scan
    Security Task Manager 1.8d
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Sid Meier's Civilization V
    Skyrim NPC Editor
    Spybot - Search & Destroy
    Star Wars: The Old Republic
    Steam
    The Elder Scrolls V: Skyrim
    The Walking Dead
    The Witcher 2
    Toolbox
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    WebReg
    WinRAR 4.10 (32-bit)
    Wrye Bash
    wxPython 2.8.12.1 (unicode) for Python 2.7
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/19/2012 6:54:50 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
    6/19/2012 6:50:20 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 6:50:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    6/19/2012 6:50:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/19/2012 6:50:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/19/2012 6:50:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/19/2012 6:50:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/19/2012 6:49:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/19/2012 6:49:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO aswRdr aswSnx aswSP aswTdi DfsC discache HWiNFO32 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    6/19/2012 6:49:46 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 6:49:46 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 6:49:46 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 6:49:46 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 6:49:46 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 6:49:46 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 6:49:46 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 6:49:46 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/19/2012 6:49:46 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 6:49:46 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/19/2012 6:46:42 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    6/19/2012 6:44:06 PM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.
    6/19/2012 6:41:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    6/19/2012 6:41:29 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/19/2012 6:40:58 PM, Error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting.
    6/19/2012 6:38:45 PM, Error: Service Control Manager [7022] - The Peer Networking Identity Manager service hung on starting.
    6/19/2012 6:38:45 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    6/19/2012 6:38:45 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    6/19/2012 6:38:44 PM, Error: Service Control Manager [7022] - The HomeGroup Listener service hung on starting.
    6/19/2012 6:36:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    6/19/2012 6:36:02 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/18/2012 10:01:24 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
    6/18/2012 1:29:50 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    6/14/2012 3:45:32 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. txcat

    txcat TS Rookie Topic Starter

    ComboFix 12-06-19.03 - Wilsons 06/19/2012 22:09:09.1.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5465 [GMT -5:00]
    Running from: c:\users\Wilsons\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    E:\Autorun.inf
    E:\install.exe
    E:\Music.lnk
    E:\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-20 03:13 . 2012-06-20 03:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-19 22:16 . 2012-06-19 22:16 -------- d-----r- C:\Sandbox
    2012-06-19 22:13 . 2012-06-19 22:13 -------- d-----w- c:\program files\Sandboxie
    2012-06-19 21:00 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2409A4ED-0EB2-4F7F-BA5E-7A2456EEB858}\mpengine.dll
    2012-06-18 22:16 . 2012-06-18 22:26 -------- d-----w- c:\programdata\SecTaskMan
    2012-06-18 22:16 . 2012-06-18 22:16 -------- d-----w- c:\program files (x86)\Security Task Manager
    2012-06-18 21:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-18 21:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-18 21:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-18 21:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-18 21:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-18 21:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-18 21:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-18 21:47 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-18 21:47 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-16 13:43 . 2012-06-16 13:43 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-16 13:43 . 2012-06-16 13:43 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-15 00:04 . 2012-06-15 00:04 -------- d-----w- c:\users\Wilsons\AppData\Roaming\Malwarebytes
    2012-06-15 00:04 . 2012-06-15 00:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-15 00:04 . 2012-06-15 00:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-15 00:04 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-14 23:12 . 2012-06-14 23:12 -------- d-----w- c:\users\Wilsons\AppData\Local\Microsoft Help
    2012-06-14 23:12 . 2012-06-19 21:55 -------- d-----w- c:\programdata\Microsoft Help
    2012-06-13 21:27 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 11:55 . 2012-06-13 11:55 -------- d-----w- c:\users\Wilsons\AppData\Local\Macromedia
    2012-06-12 01:11 . 2012-06-12 01:11 -------- d-----w- c:\program files (x86)\Monitor Calibration Wizard
    2012-05-24 23:13 . 2012-05-24 23:13 -------- d-----w- c:\program files (x86)\Coupons
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-13 11:55 . 2012-03-30 03:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-13 11:55 . 2012-01-28 19:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-15 02:50 . 2012-05-15 02:50 94208 ----a-w- c:\windows\system32\drivers\rzudd.sys
    2012-05-15 02:36 . 2012-05-15 02:36 142848 ----a-w- c:\windows\SysWow64\rztouchdll.dll
    2012-05-15 02:36 . 2012-05-15 02:36 354816 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
    2012-05-15 02:36 . 2012-05-15 02:36 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
    2012-05-05 08:17 . 2012-03-30 03:17 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 03:34 . 2012-04-06 03:34 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-04-06 03:34 . 2012-04-06 03:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-04-06 03:34 . 2012-04-06 03:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-04-06 03:33 . 2012-04-06 03:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-04-06 03:33 . 2012-04-06 03:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-04-06 03:33 . 2012-04-06 03:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
    2012-04-06 03:32 . 2012-04-06 03:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2011-12-08 21:55 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-04-06 02:20 . 2011-12-08 21:53 1067520 ----a-w- c:\windows\system32\aticfx64.dll
    2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
    2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13 . 2011-12-08 21:45 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
    2012-04-06 02:00 . 2011-04-20 07:27 64000 ----a-w- c:\windows\system32\coinst.dll
    2012-04-06 01:54 . 2011-12-08 21:29 7479296 ----a-w- c:\windows\system32\atidxx64.dll
    2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-04-06 01:34 . 2011-12-08 21:12 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
    2012-04-06 01:22 . 2011-12-08 21:02 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-04-06 01:17 . 2012-04-06 01:17 71680 ----a-w- c:\windows\system32\amdave64.dll
    2012-04-06 01:16 . 2012-04-06 01:16 72704 ----a-w- c:\windows\SysWow64\amdave32.dll
    2012-04-06 01:16 . 2012-04-06 01:16 72704 ----a-w- c:\windows\system32\atisamu64.dll
    2012-04-06 01:16 . 2012-04-06 01:16 67584 ----a-w- c:\windows\atisamu32.dll
    2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-04-06 01:09 . 2011-12-08 20:53 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2011-12-08 20:52 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2011-12-08 20:52 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-03-30 11:35 . 2012-05-12 13:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 694032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
    "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-05-29 313768]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2012-02-07 30592]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2012-01-28 21:31]
    .
    2012-06-18 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    - c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2012-01-28 21:31]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Wilsons\AppData\Roaming\Mozilla\Firefox\Profiles\93h3dee9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe
    AddRemove-Realistic Colors and Real Nights 2.0 - HDR Edition - - c:\program files (x86)\Steam\steamapps\common\skyrim\Uninstall-RealisticColors.exe
    AddRemove-Steam App 72850 - c:\program files (x86)\Steam\steam.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-19 22:20:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-20 03:20
    .
    Pre-Run: 566,322,032,640 bytes free
    Post-Run: 566,241,173,504 bytes free
    .
    - - End Of File - - C7585655D79823E6D14B88DD212A8369
     
  6. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    I don't see anything malicious.
    You should be good to go.
     
  7. txcat

    txcat TS Rookie Topic Starter

    Thank you for your help!:D
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.