TechSpot

Windows Update nonoperable/ Trojan.Dropper.BCMiner

By Alexvdl
Aug 14, 2012
  1. First indication of system issue was when opening Facebook spawned an ad. Further indications when I used Google, clicked on al ink and it redirected me to a Get Hot Results or btscour websites. Did some more google searches, attempted to download and install AVG, but AVG told me that my Windows Update wasn't working, and when I searched my control panel and clicked that link it had a link for "Find out about more free software from (null)."

    Halfway through GMER scan, computer froze, pixel snow crash, blue screen. Restarted computer, ran GMER. When reconnected to the internet, still inundated with trash tabs.

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.14.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    von der Linden :: VONDERLINDENPC [administrator]

    8/13/2012 8:58:47 PM
    mbam-log-2012-08-13 (20-58-47).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 198536
    Time elapsed: 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)

    GMR

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-13 21:34:55
    Windows 6.1.7601 Service Pack 1
    Running: jw51p6sl.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\003091400135
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\003091400135 (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Users\von der Linden\AppData\Local\Mozilla\Firefox\Profiles\to0qjij1.default\Cache.Trash26991 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\498D3KE0\dnserrordiagoff_webOC[1] 6766 bytes

    ---- EOF - GMER 1.0.15 ----



    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by von der Linden at 21:35:43 on 2012-08-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5802 [GMT -10:00]
    .
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
    C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Users\von der Linden\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://nmd.msn.com
    uDefault_Page_URL = hxxp://nmd.msn.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
    BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [LMab1err] C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
    uRun: [LMADEmon] "C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe"
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [Google Update] "C:\Users\von der Linden\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [MusicManager] "C:\Users\von der Linden\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{51EA9CE5-9380-4E59-84D0-C7E1F2858771} : DhcpNameServer = 192.168.1.1
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
    BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    BHO-X64: AMD SteadyVideo BHO - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\von der Linden\AppData\Roaming\Mozilla\Firefox\Profiles\to0qjij1.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox/1363eb9cd424bda7|http://us.mg4.mail.yahoo.com/neo/la...w.kongregate.com/games/jmtb02/kongregate-chat
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\von der Linden\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\von der Linden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2012-3-7 68136]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 RTL8192cu;RNX-MiniN1 Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192cu.sys --> C:\Windows\system32\DRIVERS\RTL8192cu.sys [?]
    R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-24 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250056]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-3-7 79360]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-24 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-14 07:17:25 20480 ----a-w- C:\Windows\svchost.exe
    2012-08-14 06:54:15 -------- d-----w- C:\Users\von der Linden\AppData\Roaming\Malwarebytes
    2012-08-14 06:54:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-14 06:54:10 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-14 06:54:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-14 06:08:04 -------- d--h--w- C:\ProgramData\Common Files
    2012-08-14 06:08:04 -------- d-----w- C:\ProgramData\MFAData
    2012-08-14 04:29:58 -------- d-----w- C:\Users\von der Linden\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-14 04:29:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-08-14 04:29:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-08-12 19:33:59 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-08-12 04:53:01 -------- d-----w- C:\Users\von der Linden\AppData\Local\Navnet_Solutions
    2012-08-12 04:43:41 -------- d-----w- C:\Users\von der Linden\AppData\Roaming\NavNet Solutions
    2012-08-12 04:43:41 -------- d-----w- C:\Program Files (x86)\NavNetApp
    2012-08-12 04:42:40 -------- d-----w- C:\Program Files (x86)\TubEmAll Pro
    2012-08-05 08:39:23 -------- d-----w- C:\Users\von der Linden\AppData\Local\Programs
    2012-08-03 06:54:37 -------- d-----w- C:\Users\von der Linden\AppData\Local\MDG
    2012-08-03 06:35:58 -------- d-----w- C:\Users\von der Linden\AppData\Local\Samsung
    2012-08-03 06:35:55 -------- d-----w- C:\Users\von der Linden\AppData\Roaming\Samsung
    2012-08-03 06:17:08 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
    2012-08-03 06:17:08 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
    2012-08-03 06:17:08 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
    2012-08-03 06:16:23 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
    2012-08-03 06:16:17 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
    2012-08-03 06:16:17 -------- d-----w- C:\Program Files (x86)\MarkAny
    2012-08-03 06:16:08 -------- d-----w- C:\ProgramData\Samsung
    2012-08-03 06:16:08 -------- d-----w- C:\Program Files (x86)\Samsung
    2012-07-20 13:40:56 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1645.tmp
    2012-07-20 13:40:56 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1644.tmp
    .
    ==================== Find3M ====================
    .
    2012-08-14 07:23:58 25640 ----a-w- C:\Windows\gdrv.sys
    2012-07-29 06:48:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-29 06:48:17 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-11 23:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
    2012-06-11 23:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-06-11 23:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-06-11 23:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-06-11 23:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-06-11 23:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-06-11 23:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
    2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-06-03 01:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-03 01:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 21:36:08.51 ===============

    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/23/2012 10:20:00 PM
    System Uptime: 8/13/2012 9:23:40 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-970A-D3
    Processor: AMD FX(tm)-8150 Eight-Core Processor | Socket M2 | 3600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 14.648 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is FIXED (NTFS) - 1863 GiB total, 1462.324 GiB free.
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Amazon MP3 Downloader 1.0.15
    AMD USB Filter Driver
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    BlackBerry Desktop Software 6.1
    BlackBerry Device Software Updater
    Borderlands
    Breath of Death VII
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CDisplay 1.8
    Creative Audio Control Panel
    Creative Software AutoUpdate
    Creative Sound Blaster Properties x64 Edition
    Cthulhu Saves the World
    D3DX10
    EasySaver B9.1214.1
    Etron USB3.0 Host Controller
    Facebook Messenger 2.1.4570.0
    Facebook Video Calling 1.2.0.159
    Foxit Reader
    FoxyTunes for Firefox
    From Dust
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    Host OpenAL
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    IBM Lotus Forms Viewer 3.5.1
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    K-Lite Codec Pack 8.4.0 (Standard)
    Kingdoms of Amalur: Reckoning
    Magic: The Gathering - Duels of the Planeswalkers 2013
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Might & Magic ® Heroes ® VI
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    Music Manager
    NavNet
    NVIDIA PhysX
    ON_OFF Charge B11.0110.1
    Origin
    Penny Arcade's On the Rain-Slick Precipice of Darkness 3
    Realtek Ethernet Controller Driver
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Samsung Kies
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.10
    SoulSeek 157 NS 13e
    Spybot - Search & Destroy
    Star Wars: The Force Unleashed II
    Steam
    Swords and Soldiers HD
    The Elder Scrolls V: Skyrim
    TubEmAll Pro 1.4c
    Ubisoft Game Launcher
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    VLC media player 2.0.1
    Warlock - Master of the Arcane
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Wolfenstein 3D
    Yawcam 0.3.8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/8/2012 9:18:34 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\System32\config\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
    8/8/2012 9:18:32 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{65c3a356-6875-11e1-a930-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{BF1DB9BC-682E-40DF-B597-FE363439A607}' was corrupted and it has been recovered. Some data might have been lost.
    8/7/2012 8:38:09 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user vonderLindenPC\von der Linden SID (S-1-5-21-3109839055-431102336-2772829462-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    8/7/2012 8:38:08 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user vonderLindenPC\von der Linden SID (S-1-5-21-3109839055-431102336-2772829462-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    8/7/2012 6:09:57 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCR3310 v2.0 USB SC Reader 0' rejected IOCTL GET_STATE: The I/O operation has been aborted because of either a thread exit or an application request. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
    8/6/2012 8:22:22 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    8/6/2012 8:22:22 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    8/13/2012 9:33:36 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    8/13/2012 9:33:36 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    8/13/2012 9:33:19 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00-21-6A-00-39-BE. Network operations on this system may be disrupted as a result.
    8/13/2012 9:23:59 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    8/13/2012 9:23:58 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    8/13/2012 9:23:58 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    8/13/2012 9:23:58 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
    8/13/2012 9:23:57 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
    8/13/2012 8:37:38 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    8/13/2012 8:11:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/13/2012 8:08:47 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    8/13/2012 8:07:58 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    8/13/2012 8:07:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    8/13/2012 8:07:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    8/13/2012 8:07:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/13/2012 8:07:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/13/2012 8:07:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/13/2012 8:07:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/13/2012 8:07:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/13/2012 8:06:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
    8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    8/13/2012 8:06:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/13/2012 5:54:57 PM, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10003.
    8/13/2012 5:42:45 PM, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0xc0000017. The internal error state is 10003.
    8/13/2012 5:42:43 PM, Error: Schannel [36888] - The following fatal alert was generated: 80. The internal error state is 301.
    8/13/2012 5:42:43 PM, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL client credential private key. The error code returned from the cryptographic module is 0xc002001b. The internal error state is 10003.
    8/12/2012 3:01:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
    8/12/2012 3:01:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).
    8/12/2012 12:59:30 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{65c3a356-6875-11e1-a930-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D3780C80-B9DB-412C-9F7D-3EB498C5E731}' was corrupted and it has been recovered. Some data might have been lost.
    .
    ==== End Of File ===========================
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
     
  3. Alexvdl

    Alexvdl TS Member Topic Starter

    Thank you for your quick reply.

    Scan result of Farbar Recovery Scan Tool Version: 14-08-2012
    Ran by SYSTEM at 13-08-2012 22:32:28
    Running from H:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12666984 2011-08-09] (Realtek Semiconductor)
    HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2011-05-02] (ActivIdentity)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [489512 2011-05-02] (ActivIdentity)
    HKLM-x32\...\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-21] ()
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.)
    HKU\von der Linden\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-03] (Valve Corporation)
    HKU\von der Linden\...\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\lmab1err.exe [644160 2011-11-09] ()
    HKU\von der Linden\...\Run: [LMADEmon] "C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe" [948360 2011-11-23] ()
    HKU\von der Linden\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-11] (BitTorrent, Inc.)
    HKU\von der Linden\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [975800 2012-07-16] (Samsung)
    HKU\von der Linden\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
    HKU\von der Linden\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-16] ()
    HKU\von der Linden\...\Run: [Google Update] "C:\Users\von der Linden\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-05] (Google Inc.)
    HKU\von der Linden\...\Run: [MusicManager] "C:\Users\von der Linden\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [13806592 2012-06-01] (Google Inc.)
    HKU\von der Linden\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\von der Linden\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-07-09] (SUPERAntiSpyware.com)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk
    ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)

    ==================== Services (Whitelisted) ======

    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
    2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
    3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2009-08-24] ()

    ========================== Drivers (Whitelisted) =============

    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-08-13] (Windows (R) Server 2003 DDK provider)
    3 RTL8192cu; C:\Windows\System32\Drivers\RTL8192cu.sys [848384 2011-02-10] (Realtek Semiconductor Corporation )
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-13 23:34 - 2012-08-13 23:34 - 00000867 ____A C:\Users\von der Linden\Desktop\gmer.log
    2012-08-13 23:20 - 2012-08-13 23:20 - 00607260 ____R (Swearware) C:\Users\von der Linden\Downloads\dds.com
    2012-08-13 23:17 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-08-13 23:11 - 2012-08-13 23:11 - 00302592 ____A C:\Users\von der Linden\Downloads\jw51p6sl.exe
    2012-08-13 23:02 - 2012-08-13 23:02 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\von der Linden\Downloads\rkill.exe
    2012-08-13 23:01 - 2012-08-13 23:01 - 00044607 ____A C:\Users\von der Linden\Downloads\bootkit_remover.zip
    2012-08-13 22:54 - 2012-08-13 22:54 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-13 22:54 - 2012-08-13 22:54 - 00000000 ____D C:\Users\von der Linden\AppData\Roaming\Malwarebytes
    2012-08-13 22:54 - 2012-08-13 22:54 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-08-13 22:54 - 2012-08-13 22:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-13 22:54 - 2012-07-03 15:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-13 22:53 - 2012-08-13 22:54 - 04731392 ____A (AVAST Software) C:\Users\von der Linden\Downloads\aswMBR.exe
    2012-08-13 22:32 - 2012-08-13 22:32 - 00000000 ____D C:\FRST
    2012-08-13 22:29 - 2012-08-13 22:29 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\von der Linden\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-13 22:08 - 2012-08-13 22:47 - 00000000 ____D C:\Users\All Users\MFAData
    2012-08-13 20:29 - 2012-08-13 20:29 - 00001815 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-08-13 20:29 - 2012-08-13 20:29 - 00000000 ____D C:\Users\von der Linden\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-13 20:29 - 2012-08-13 20:29 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-08-13 20:29 - 2012-08-13 20:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-08-13 20:28 - 2012-08-13 20:28 - 03879800 ____A (AVG Technologies) C:\Users\von der Linden\Downloads\avg_free_stb_all_2012_2197_cnet.exe
    2012-08-13 20:26 - 2012-08-13 20:28 - 19140240 ____A (SUPERAntiSpyware.com) C:\Users\von der Linden\Downloads\SUPERAntiSpyware.exe
    2012-08-12 11:33 - 2012-08-12 11:33 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-08-11 20:53 - 2012-08-11 20:53 - 00000000 ____D C:\Users\von der Linden\AppData\Local\Navnet_Solutions
    2012-08-11 20:43 - 2012-08-11 20:43 - 03550047 ____A (NavNet Solutions ) C:\Users\von der Linden\Downloads\NavNetSetupB443.exe
    2012-08-11 20:43 - 2012-08-11 20:43 - 00000000 ____D C:\Users\von der Linden\AppData\Roaming\NavNet Solutions
    2012-08-11 20:43 - 2012-08-11 20:43 - 00000000 ____D C:\Program Files (x86)\NavNetApp
    2012-08-11 20:42 - 2012-08-11 20:43 - 00000000 ____D C:\Program Files (x86)\TubEmAll Pro
    2012-08-11 20:42 - 2012-08-11 20:42 - 00001042 ____A C:\Users\von der Linden\Desktop\TubEmAll Pro.lnk
    2012-08-11 20:41 - 2012-08-11 20:41 - 03001283 ____A C:\Users\von der Linden\Downloads\TubEmAllPro_Setup.exe
    2012-08-07 08:59 - 2012-08-07 08:59 - 00403496 ____A C:\Users\von der Linden\Desktop\PDHRA.xps
    2012-08-05 00:39 - 2012-08-14 00:02 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001UA.job
    2012-08-05 00:39 - 2012-08-13 01:02 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001Core.job
    2012-08-05 00:39 - 2012-08-05 00:39 - 00739808 ____A (Google Inc.) C:\Users\von der Linden\Downloads\musicmanagerinstaller.exe
    2012-08-05 00:39 - 2012-08-05 00:39 - 00739808 ____A (Google Inc.) C:\Users\von der Linden\Downloads\musicmanagerinstaller(1).exe
    2012-08-02 22:54 - 2012-08-02 22:54 - 00000000 ____D C:\Users\von der Linden\AppData\Local\MDG
    2012-08-02 22:35 - 2012-08-02 22:35 - 00000000 ____D C:\Users\von der Linden\Documents\samsung
    2012-08-02 22:35 - 2012-08-02 22:35 - 00000000 ____D C:\Users\von der Linden\AppData\Roaming\Samsung
    2012-08-02 22:35 - 2012-08-02 22:35 - 00000000 ____D C:\Users\von der Linden\AppData\Local\Samsung
    2012-08-02 22:18 - 2012-08-02 22:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2012-08-02 22:17 - 2012-06-03 23:59 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
    2012-08-02 22:17 - 2012-06-03 23:59 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
    2012-08-02 22:17 - 2010-12-20 21:55 - 00708168 ____A (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll
    2012-08-02 22:16 - 2012-08-02 22:16 - 00000000 ____D C:\Users\All Users\Samsung
    2012-08-02 22:16 - 2012-08-02 22:16 - 00000000 ____D C:\Program Files (x86)\Samsung
    2012-08-02 22:16 - 2012-08-02 22:16 - 00000000 ____D C:\Program Files (x86)\MarkAny
    2012-08-02 22:16 - 2012-06-26 18:03 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
    2012-08-02 22:16 - 2012-06-26 18:02 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
    2012-08-02 22:06 - 2012-08-02 22:11 - 93721296 ____A (Samsung Electronics Co., Ltd. ) C:\Users\von der Linden\Downloads\Kies_2.3.2.12064_10_1.exe
    2012-07-31 09:32 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120731-073255.backup
    2012-07-31 09:29 - 2012-08-13 20:30 - 00000133 ____A C:\Windows\wininit.ini
    2012-07-31 08:51 - 2012-07-29 12:46 - 00000000 ____D C:\Users\von der Linden\Desktop\Magarena-1.28
    2012-07-31 08:45 - 2012-07-31 08:45 - 10250182 ____A C:\Users\von der Linden\Desktop\Magarena-1.28.zip
    2012-07-30 14:36 - 2012-07-30 18:58 - 00046855 ____N C:\Users\von der Linden\Desktop\Move to Brigade.xfdl
    2012-07-27 13:36 - 2012-07-27 13:36 - 00000000 ____D C:\Users\von der Linden\Documents\My Cheat Tables
    2012-07-27 13:36 - 2011-10-13 16:59 - 00002349 ____A C:\Users\von der Linden\Desktop\homm6_plus5_trainer.txt
    2012-07-27 13:36 - 2011-10-13 16:45 - 03248640 ____A C:\Users\von der Linden\Desktop\homm6_plus5_trainer.EXE
    2012-07-27 13:35 - 2012-07-27 13:35 - 02977216 ____A C:\Users\von der Linden\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.0.31758.GERI.ZIP
    2012-07-21 12:12 - 2012-07-21 12:12 - 43543200 ____A (Plex, Inc.) C:\Users\von der Linden\Downloads\Plex-Media-Center-v0.9.5.3-657a503-en-US.exe
    2012-07-15 13:00 - 2012-07-15 13:00 - 00001370 ____A C:\Users\von der Linden\Desktop\MMH +6 Trainer - Shortcut.lnk
    2012-07-14 10:56 - 2012-07-14 10:56 - 00000000 ____D C:\Users\von der Linden\Documents\LucasArts
    2012-07-14 10:56 - 2012-07-14 10:56 - 00000000 ____D C:\Users\von der Linden\AppData\Local\LucasArts


    ============ 3 Months Modified Files ========================

    2012-08-14 00:29 - 2012-03-07 09:47 - 00000282 ____A C:\service.log
    2012-08-14 00:27 - 2012-03-07 08:52 - 01221503 ____A C:\Windows\WindowsUpdate.log
    2012-08-14 00:23 - 2012-08-14 00:23 - 01442429 ____A (Farbar) C:\Users\von der Linden\Downloads\FRST64.exe
    2012-08-14 00:22 - 2012-03-24 05:01 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-14 00:02 - 2012-08-05 00:39 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001UA.job
    2012-08-13 23:34 - 2012-08-13 23:34 - 00000867 ____A C:\Users\von der Linden\Desktop\gmer.log
    2012-08-13 23:32 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-13 23:32 - 2009-07-13 20:45 - 00021888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-13 23:30 - 2009-07-13 21:13 - 00006032 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-13 23:24 - 2012-03-24 05:01 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-13 23:23 - 2012-03-07 09:55 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2012-08-13 23:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-13 23:23 - 2009-07-13 20:51 - 00075049 ____A C:\Windows\setupact.log
    2012-08-13 23:20 - 2012-08-13 23:20 - 00607260 ____R (Swearware) C:\Users\von der Linden\Downloads\dds.com
    2012-08-13 23:11 - 2012-08-13 23:11 - 00302592 ____A C:\Users\von der Linden\Downloads\jw51p6sl.exe
    2012-08-13 23:02 - 2012-08-13 23:02 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\von der Linden\Downloads\rkill.exe
    2012-08-13 23:01 - 2012-08-13 23:01 - 00044607 ____A C:\Users\von der Linden\Downloads\bootkit_remover.zip
    2012-08-13 22:57 - 2010-11-20 19:47 - 00017800 ____A C:\Windows\PFRO.log
    2012-08-13 22:54 - 2012-08-13 22:54 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-13 22:54 - 2012-08-13 22:53 - 04731392 ____A (AVAST Software) C:\Users\von der Linden\Downloads\aswMBR.exe
    2012-08-13 22:29 - 2012-08-13 22:29 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\von der Linden\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-13 22:07 - 2012-07-10 19:54 - 00012800 __ASH C:\Users\von der Linden\Thumbs.db
    2012-08-13 21:41 - 2012-03-24 00:43 - 00000964 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001UA.job
    2012-08-13 20:34 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-13 20:30 - 2012-07-31 09:29 - 00000133 ____A C:\Windows\wininit.ini
    2012-08-13 20:29 - 2012-08-13 20:29 - 00001815 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-08-13 20:28 - 2012-08-13 20:28 - 03879800 ____A (AVG Technologies) C:\Users\von der Linden\Downloads\avg_free_stb_all_2012_2197_cnet.exe
    2012-08-13 20:28 - 2012-08-13 20:26 - 19140240 ____A (SUPERAntiSpyware.com) C:\Users\von der Linden\Downloads\SUPERAntiSpyware.exe
    2012-08-13 09:41 - 2012-03-24 00:43 - 00000942 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001Core.job
    2012-08-13 01:02 - 2012-08-05 00:39 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001Core.job
    2012-08-11 20:43 - 2012-08-11 20:43 - 03550047 ____A (NavNet Solutions ) C:\Users\von der Linden\Downloads\NavNetSetupB443.exe
    2012-08-11 20:42 - 2012-08-11 20:42 - 00001042 ____A C:\Users\von der Linden\Desktop\TubEmAll Pro.lnk
    2012-08-11 20:41 - 2012-08-11 20:41 - 03001283 ____A C:\Users\von der Linden\Downloads\TubEmAllPro_Setup.exe
    2012-08-10 13:51 - 2011-11-22 08:42 - 00618377 ____A C:\Windows\DirectX.log
    2012-08-07 08:59 - 2012-08-07 08:59 - 00403496 ____A C:\Users\von der Linden\Desktop\PDHRA.xps
    2012-08-05 00:39 - 2012-08-05 00:39 - 00739808 ____A (Google Inc.) C:\Users\von der Linden\Downloads\musicmanagerinstaller.exe
    2012-08-05 00:39 - 2012-08-05 00:39 - 00739808 ____A (Google Inc.) C:\Users\von der Linden\Downloads\musicmanagerinstaller(1).exe
    2012-08-02 22:18 - 2012-08-02 22:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2012-08-02 22:11 - 2012-08-02 22:06 - 93721296 ____A (Samsung Electronics Co., Ltd. ) C:\Users\von der Linden\Downloads\Kies_2.3.2.12064_10_1.exe
    2012-07-31 08:45 - 2012-07-31 08:45 - 10250182 ____A C:\Users\von der Linden\Desktop\Magarena-1.28.zip
    2012-07-30 18:58 - 2012-07-30 14:36 - 00046855 ____N C:\Users\von der Linden\Desktop\Move to Brigade.xfdl
    2012-07-28 22:48 - 2012-03-31 00:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-28 22:48 - 2012-03-24 00:44 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-27 13:35 - 2012-07-27 13:35 - 02977216 ____A C:\Users\von der Linden\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.0.31758.GERI.ZIP
    2012-07-21 12:12 - 2012-07-21 12:12 - 43543200 ____A (Plex, Inc.) C:\Users\von der Linden\Downloads\Plex-Media-Center-v0.9.5.3-657a503-en-US.exe
    2012-07-19 11:57 - 2012-06-19 07:48 - 00001203 ____A C:\Users\All Users\LMADEscan.log
    2012-07-15 13:00 - 2012-07-15 13:00 - 00001370 ____A C:\Users\von der Linden\Desktop\MMH +6 Trainer - Shortcut.lnk
    2012-07-12 13:21 - 2012-07-12 13:21 - 11068226 ____A C:\Users\von der Linden\Downloads\H5AI_31.zip
    2012-07-11 05:00 - 2012-03-31 13:09 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-09 09:43 - 2012-06-22 03:50 - 00000528 ____A C:\Windows\SysWOW64\debug.log
    2012-07-08 17:30 - 2012-07-08 17:30 - 00001870 ____A C:\Users\von der Linden\Desktop\Yawcam.lnk
    2012-07-08 17:29 - 2012-07-08 17:29 - 04640781 ____A (Magnus Lundvall ) C:\Users\von der Linden\Downloads\yawcam_install.exe
    2012-07-05 23:02 - 2012-07-05 23:02 - 00001056 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-07-05 22:59 - 2012-07-05 22:58 - 16574016 ____A (Mozilla) C:\Users\von der Linden\Downloads\Firefox Setup 13.0.exe
    2012-07-03 15:46 - 2012-08-13 22:54 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-03 10:07 - 2012-07-03 10:07 - 00276856 ____A C:\Windows\Minidump\070312-33134-01.dmp
    2012-07-01 15:55 - 2012-07-01 15:55 - 01637016 ____A C:\Users\von der Linden\Downloads\AmazonMP3DownloaderInstall.exe
    2012-06-26 20:50 - 2012-06-26 20:46 - 183762944 ____A C:\Users\von der Linden\Downloads\LPS-1.3.5_public.iso
    2012-06-26 20:46 - 2012-06-26 20:43 - 15587840 ____A C:\Users\von der Linden\Downloads\ActivClient CAC x64 62050(1).msi
    2012-06-26 20:37 - 2012-06-26 20:37 - 00341664 ____A C:\Users\von der Linden\Downloads\InstallRoot_v3.15A.exe
    2012-06-26 20:34 - 2012-06-26 20:34 - 01135371 ____A C:\Users\von der Linden\Downloads\HashTabv4.0.0Setup.zip
    2012-06-26 20:34 - 2012-06-26 20:33 - 05151066 ____A C:\Users\von der Linden\Downloads\AC_6.2.0.119_x64_FIXS1105002.zip
    2012-06-26 18:32 - 2009-07-13 20:45 - 00301712 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-26 18:03 - 2012-08-02 22:16 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
    2012-06-26 18:02 - 2012-08-02 22:16 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00974848 ____A C:\Windows\SysWOW64\cis-2.4.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00569344 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzdecode.ax
    2012-06-26 18:02 - 2012-06-26 18:02 - 00491520 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00352256 ____A (Sample Corporation) C:\Windows\SysWOW64\MSLUR71.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00258048 ____A ((c) PeeringPortal) C:\Windows\SysWOW64\muzoggsp.ax
    2012-06-26 18:02 - 2012-06-26 18:02 - 00245760 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSCLib.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00200704 ____A ( (c) MusicCity) C:\Windows\SysWOW64\muzwmts.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe
    2012-06-26 18:02 - 2012-06-26 18:02 - 00155648 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSFLib.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00143360 ____A C:\Windows\SysWOW64\3DAudio.ax
    2012-06-26 18:02 - 2012-06-26 18:02 - 00135168 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzaf1.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00131072 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmpgsp.ax
    2012-06-26 18:02 - 2012-06-26 18:02 - 00122880 ____A ((c) MUSICCITY) C:\Windows\SysWOW64\muzeffect.ax
    2012-06-26 18:02 - 2012-06-26 18:02 - 00118784 ____A ((?)????) C:\Windows\SysWOW64\MaDRM.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00110592 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmp4sp.ax
    2012-06-26 18:02 - 2012-06-26 18:02 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx
    2012-06-26 18:02 - 2012-06-26 18:02 - 00081920 ____A C:\Windows\SysWOW64\issacapi_bs-2.3.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00065536 ____A C:\Windows\SysWOW64\issacapi_pe-2.3.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00057344 ____A C:\Windows\SysWOW64\issacapi_se-2.3.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00057344 ____A (Marktek) C:\Windows\SysWOW64\MK_Lyric.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00057344 ____A (Marktek Inc.) C:\Windows\SysWOW64\MTXSYNCICON.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00049152 ____A ((?) ????) C:\Windows\SysWOW64\MaJGUILib.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MaXMLProto.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MACXMLProto.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00040960 ____A (Telechips Inc.,) C:\Windows\SysWOW64\MTTELECHIP.dll
    2012-06-26 18:02 - 2012-06-26 18:02 - 00030568 ____A () C:\Windows\MusiccityDownload.exe
    2012-06-26 18:02 - 2012-06-26 18:02 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe
    2012-06-26 12:51 - 2012-06-26 12:49 - 32390275 ____A C:\Users\von der Linden\Downloads\ActivClient 6_1 for CAC x64 BN39.zip
    2012-06-26 12:50 - 2012-06-26 12:49 - 15587840 ____A C:\Users\von der Linden\Downloads\ActivClient CAC x64 62050.msi
    2012-06-26 12:38 - 2012-06-26 12:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
    2012-06-25 18:03 - 2012-03-24 00:20 - 00064080 ____A C:\Users\von der Linden\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-25 15:37 - 2012-06-25 15:36 - 71935640 ____A (IBM ) C:\Users\von der Linden\Downloads\Viewer_DSig_3.5.1.333.exe
    2012-06-25 15:31 - 2012-06-25 15:31 - 00046523 ____A C:\Users\von der Linden\Downloads\A4187.xfdl
    2012-06-25 10:47 - 2012-06-19 11:47 - 00772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-17 09:36 - 2012-06-17 09:36 - 00493520 ____A (Facebook Inc.) C:\Users\von der Linden\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
    2012-06-14 20:03 - 2012-06-14 20:03 - 02375363 ____A C:\Users\von der Linden\Downloads\Youngin' Alex.rar
    2012-06-13 14:45 - 2012-06-13 14:45 - 00276856 ____A C:\Windows\Minidump\061312-8283-01.dmp
    2012-06-13 14:01 - 2012-06-13 14:01 - 00276856 ____A C:\Windows\Minidump\061312-8158-01.dmp
    2012-06-12 06:43 - 2012-06-12 06:43 - 00276856 ____A C:\Windows\Minidump\061212-8221-01.dmp
    2012-06-11 23:37 - 2012-06-11 23:37 - 00276912 ____A C:\Windows\Minidump\061112-9313-01.dmp
    2012-06-11 15:50 - 2012-06-11 15:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-06-11 15:50 - 2012-06-11 15:50 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-06-11 15:50 - 2012-06-11 15:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-06-11 15:50 - 2012-06-11 15:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-06-11 15:50 - 2012-06-11 15:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-06-11 15:50 - 2012-06-11 15:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-06-11 15:49 - 2012-06-11 15:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
    2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
    2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-06-11 09:24 - 2011-12-05 19:17 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-06-11 09:23 - 2011-12-05 19:16 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-06-11 09:16 - 2011-12-05 19:06 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-06-11 09:01 - 2011-12-05 18:51 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-06-11 08:51 - 2011-12-05 18:39 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
    2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-06-11 08:43 - 2012-06-11 08:43 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-06-11 08:36 - 2011-12-05 18:24 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-06-11 08:25 - 2011-12-05 18:11 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-06-11 08:25 - 2011-12-05 18:11 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-06-11 08:25 - 2011-12-05 18:11 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-06-11 08:24 - 2011-12-05 18:11 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-06-08 12:29 - 2012-06-08 12:29 - 00001899 ____A C:\Users\von der Linden\Desktop - Shortcut.lnk
    2012-06-07 18:55 - 2012-06-07 18:55 - 00001265 ____A C:\Users\von der Linden\Desktop\Spybot - Search & Destroy.lnk
    2012-06-07 18:53 - 2012-06-07 18:52 - 16409960 ____A (Safer Networking Limited ) C:\Users\von der Linden\Downloads\spybotsd162.exe
    2012-06-07 08:19 - 2012-06-07 08:17 - 192432486 ____A C:\Users\von der Linden\Downloads\The Dark Clan - The Dark Clan Hogs The Covers.zip
    2012-06-03 23:59 - 2012-08-02 22:17 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
    2012-06-03 23:59 - 2012-08-02 22:17 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
    2012-06-02 17:19 - 2012-06-08 15:35 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 17:15 - 2012-06-08 15:35 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 14:19 - 2012-06-08 15:35 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-08 15:35 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-08 15:35 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-08 15:35 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-08 15:35 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-08 15:35 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-08 15:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-05-17 18:47 - 2012-06-15 05:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-15 05:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-15 05:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-15 05:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-15 05:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-15 05:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-15 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-15 05:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-15 05:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-15 05:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-15 05:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-15 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-15 05:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-15 05:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-15 05:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-15 05:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-15 05:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-15 05:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-15 05:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-15 05:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-15 05:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-15 05:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-15 05:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-15 05:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-15 05:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-15 05:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-15 05:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-15 05:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    ZeroAccess:
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\@
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\L
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\L\00000004.@
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\L\201d3dde
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\00000004.@
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\00000008.@
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\000000cb.@
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000000.@
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000032.@
    C:\Windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    Type 00 partition infection:
    C:\Windows\svchost.exe

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 10%
    Total physical RAM: 8173.21 MB
    Available physical RAM: 7343.32 MB
    Total Pagefile: 8171.41 MB
    Available Pagefile: 7337.7 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Windows) (Fixed) (Total:111.69 GB) (Free:14.05 GB) NTFS
    2 Drive d: (von der PC Data) (Fixed) (Total:1863.01 GB) (Free:1462.32 GB) NTFS
    4 Drive g: (Movies and Comics) (Fixed) (Total:931.48 GB) (Free:314.61 GB) NTFS
    5 Drive h: (VON DER SD) (Removable) (Total:7.65 GB) (Free:1.21 GB) FAT32
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    9 Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 111 GB 0 B
    Disk 1 Online 1863 GB 0 B
    Disk 2 Online 931 GB 0 B
    Disk 3 Online 7858 MB 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 111 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Windows NTFS Partition 111 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D von der PC NTFS Partition 1863 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G Movies and NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7854 MB 4096 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H VON DER SD FAT32 Removable 7854 MB Healthy

    ==================================================================================

    Last Boot: 2012-08-07 02:05

    ======================= End Of Log ==========================
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Additional FRST Scan

    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
     
  5. Alexvdl

    Alexvdl TS Member Topic Starter

    Farbar Recovery Scan Tool Version: 14-08-2012
    Ran by SYSTEM at 2012-08-14 22:17:32
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  6. Alexvdl

    Alexvdl TS Member Topic Starter

    Downloaded Combofix, running it as svchost.exe . During first attempt computer blue screened with error (Stop 0x000000ICOxFFFFFFFFC000005, 0xFFFFF8003777CEA, etc.) Restarted, ran program again, had numerous Corrupt warnings, but program continued. At one point something about PVC, continued, restarted, finished running gave me log. At that point nothing would run on computer, so I restarted.


    ComboFix 12-08-14.05 - von der Linden 08/14/2012 22:41:32.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6476 [GMT -10:00]
    Running from: c:\users\von der Linden\Desktop\ComboFix.exe
    Command switches used :: c:\users\von der Linden\Desktop\svchost.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ntuser.dat
    c:\users\von der Linden\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
    c:\users\VONDER~1\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\@
    c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\L\00000004.@
    c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\L\201d3dde
    c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\00000004.@
    c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\00000008.@
    c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\000000cb.@
    c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000000.@
    c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000032.@
    c:\windows\Installer\{7a259517-8d8a-910f-b537-6de564ee2281}\U\80000064.@
    c:\windows\svchost.exe
    c:\windows\SysWow64\DEBUG.log
    c:\windows\SysWow64\muzapp.exe
    G:\install.exe
    .
    Infected copy of c:\windows\system32\Services.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-15 08:49 . 2012-08-15 08:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-14 06:54 . 2012-08-14 06:54 -------- d-----w- c:\users\von der Linden\AppData\Roaming\Malwarebytes
    2012-08-14 06:54 . 2012-08-14 06:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-14 06:54 . 2012-08-14 06:54 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-14 06:54 . 2012-07-03 23:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-14 06:32 . 2012-08-14 06:32 -------- d-----w- C:\FRST
    2012-08-14 06:08 . 2012-08-14 06:47 -------- d-----w- c:\programdata\MFAData
    2012-08-14 06:08 . 2012-08-14 06:08 -------- d--h--w- c:\programdata\Common Files
    2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\users\von der Linden\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-08-12 19:33 . 2012-08-12 19:33 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-08-12 04:53 . 2012-08-12 04:53 -------- d-----w- c:\users\von der Linden\AppData\Local\Navnet_Solutions
    2012-08-12 04:43 . 2012-08-12 04:43 -------- d-----w- c:\program files (x86)\NavNetApp
    2012-08-12 04:43 . 2012-08-12 04:43 -------- d-----w- c:\users\von der Linden\AppData\Roaming\NavNet Solutions
    2012-08-12 04:42 . 2012-08-12 04:43 -------- d-----w- c:\program files (x86)\TubEmAll Pro
    2012-08-05 08:39 . 2012-08-05 08:39 -------- d-----w- c:\users\von der Linden\AppData\Local\Programs
    2012-08-03 06:54 . 2012-08-03 06:54 -------- d-----w- c:\users\von der Linden\AppData\Local\MDG
    2012-08-03 06:35 . 2012-08-03 06:35 -------- d-----w- c:\users\von der Linden\AppData\Local\Samsung
    2012-08-03 06:35 . 2012-08-03 06:35 -------- d-----w- c:\users\von der Linden\AppData\Roaming\Samsung
    2012-08-03 06:17 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2012-08-03 06:17 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2012-08-03 06:17 . 2010-12-21 05:55 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
    2012-08-03 06:16 . 2012-06-27 02:03 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
    2012-08-03 06:16 . 2012-08-03 06:16 -------- d-----w- c:\program files (x86)\MarkAny
    2012-08-03 06:16 . 2012-06-27 02:02 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
    2012-08-03 06:16 . 2012-08-03 06:16 -------- d-----w- c:\program files (x86)\Samsung
    2012-08-03 06:16 . 2012-08-03 06:16 -------- d-----w- c:\programdata\Samsung
    2012-07-20 13:40 . 2012-07-20 13:40 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\1645.tmp
    2012-07-20 13:40 . 2012-07-20 13:40 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\1644.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-15 08:51 . 2012-03-07 17:55 25640 ----a-w- c:\windows\gdrv.sys
    2012-07-29 06:48 . 2012-03-31 08:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-29 06:48 . 2012-03-24 08:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 13:00 . 2012-03-31 21:09 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-27 02:02 . 2012-06-27 02:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2012-06-27 02:02 . 2012-06-27 02:02 330240 ----a-w- c:\windows\MASetupCaller.dll
    2012-06-27 02:02 . 2012-06-27 02:02 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2012-06-27 02:02 . 2012-06-27 02:02 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
    2012-06-27 02:02 . 2012-06-27 02:02 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
    2012-06-27 02:02 . 2012-06-27 02:02 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
    2012-06-27 02:02 . 2012-06-27 02:02 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
    2012-06-27 02:02 . 2012-06-27 02:02 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
    2012-06-27 02:02 . 2012-06-27 02:02 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
    2012-06-27 02:02 . 2012-06-27 02:02 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
    2012-06-27 02:02 . 2012-06-27 02:02 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
    2012-06-27 02:02 . 2012-06-27 02:02 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
    2012-06-27 02:02 . 2012-06-27 02:02 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
    2012-06-27 02:02 . 2012-06-27 02:02 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
    2012-06-27 02:02 . 2012-06-27 02:02 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
    2012-06-27 02:02 . 2012-06-27 02:02 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
    2012-06-27 02:02 . 2012-06-27 02:02 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
    2012-06-27 02:02 . 2012-06-27 02:02 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
    2012-06-27 02:02 . 2012-06-27 02:02 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
    2012-06-27 02:02 . 2012-06-27 02:02 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
    2012-06-27 02:02 . 2012-06-27 02:02 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
    2012-06-27 02:02 . 2012-06-27 02:02 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
    2012-06-27 02:02 . 2012-06-27 02:02 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
    2012-06-27 02:02 . 2012-06-27 02:02 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
    2012-06-27 02:02 . 2012-06-27 02:02 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
    2012-06-27 02:02 . 2012-06-27 02:02 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
    2012-06-27 02:02 . 2012-06-27 02:02 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
    2012-06-27 02:02 . 2012-06-27 02:02 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
    2012-06-18 13:12 . 2012-07-13 00:21 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4932917E-1544-46E0-9D09-7D3F4E9CEDFF}\mpengine.dll
    2012-06-11 23:50 . 2012-06-11 23:50 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-06-11 23:50 . 2012-06-11 23:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-06-11 23:50 . 2012-06-11 23:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-06-11 23:50 . 2012-06-11 23:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-06-11 23:50 . 2012-06-11 23:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-06-11 23:50 . 2012-06-11 23:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
    2012-06-11 23:49 . 2012-06-11 23:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
    2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
    2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-06-11 17:24 . 2011-12-06 03:17 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-06-11 17:23 . 2011-12-06 03:16 1090560 ----a-w- c:\windows\system32\aticfx64.dll
    2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
    2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16 . 2011-12-06 03:06 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-06-11 17:01 . 2011-12-06 02:51 6914560 ----a-w- c:\windows\system32\atidxx64.dll
    2012-06-11 16:51 . 2011-12-06 02:39 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-06-11 16:36 . 2011-12-06 02:24 6605824 ----a-w- c:\windows\system32\atiumd64.dll
    2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-06-11 16:25 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-06-11 16:25 . 2011-12-06 02:11 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25 . 2011-12-06 02:11 45056 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-06-11 16:24 . 2011-12-06 02:11 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-06-03 01:19 . 2012-06-08 23:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-03 01:15 . 2012-06-08 23:35 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:19 . 2012-06-08 23:35 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-08 23:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-08 23:35 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-08 23:35 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-08 23:35 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-08 23:35 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-08 23:35 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-05-18 02:47 . 2012-06-15 13:00 17807360 ----a-w- c:\windows\system32\mshtml.dll
    2012-05-18 02:16 . 2012-06-15 13:00 10924032 ----a-w- c:\windows\system32\ieframe.dll
    2012-05-18 02:06 . 2012-06-15 13:00 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-05-18 01:59 . 2012-06-15 13:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-05-18 01:59 . 2012-06-15 13:00 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-05-18 01:58 . 2012-06-15 13:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-18 01:58 . 2012-06-15 13:00 237056 ----a-w- c:\windows\system32\url.dll
    2012-05-18 01:56 . 2012-06-15 13:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "LMab1err"="c:\program files\Lexmark\ErrorApp\lmab1err.exe" [2011-11-09 644160]
    "LMADEmon"="c:\program files (x86)\Lexmark S310 Series\LMADEmon.exe" [2011-11-23 948360]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
    "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
    "MusicManager"="c:\users\von der Linden\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-02 90448]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-12 641704]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-06 53888]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 250056]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-03-07 79360]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-06 113120]
    R3 RTL8192cu;RNX-MiniN1 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-11 848384]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-24 1255736]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-11 21104]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-06 53888]
    S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
    S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-06-04 639512]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 13:01]
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 13:01]
    .
    2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001Core.job
    - c:\users\von der Linden\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 08:39]
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001UA.job
    - c:\users\von der Linden\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 08:39]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
    "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2011-05-02 196648]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2011-05-02 489512]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://nmd.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\von der Linden\AppData\Roaming\Mozilla\Firefox\Profiles\to0qjij1.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox/1363eb9cd424bda7|http://us.mg4.mail.yahoo.com/neo/la...w.kongregate.com/games/jmtb02/kongregate-chat
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    HKLM-Run-(Default) - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{0941C58F-E461-4E03-BD7D-44C27392ADE1}"=hex:51,66,7a,6c,4c,1d,38,12,e1,c6,52,
    0d,53,aa,6d,0b,c2,6b,07,82,76,cc,e9,f5
    "{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,
    0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09
    "{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
    68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:26,88,93,86,2f,67,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\\.\globalroot\systemroot\svchost.exe
    .
    **************************************************************************
    .
    Completion time: - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-15 09:03
    .
    Pre-Run: 18,441,523,200 bytes free
    Post-Run: 21,070,217,216 bytes free
    .
    - - End Of File - - 817095A71FBBADA8E04AC4F534E8762F
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Okay. Not a problem, but please stick with me here...

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  8. Alexvdl

    Alexvdl TS Member Topic Starter

    Roger. I apologize, I tend to get ahead of myself.

    ComboFix 12-08-14.05 - von der Linden 08/15/2012 6:12.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.6330 [GMT -10:00]
    Running from: c:\users\von der Linden\Desktop\ComboFix.exe
    Command switches used :: c:\users\von der Linden\Desktop\CFScript.txt
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\von der Linden\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
    c:\users\VONDER~1\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-15 16:16 . 2012-08-15 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-14 06:54 . 2012-08-14 06:54 -------- d-----w- c:\users\von der Linden\AppData\Roaming\Malwarebytes
    2012-08-14 06:54 . 2012-08-14 06:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-14 06:54 . 2012-08-14 06:54 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-14 06:54 . 2012-07-03 23:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-14 06:32 . 2012-08-14 06:32 -------- d-----w- C:\FRST
    2012-08-14 06:08 . 2012-08-14 06:47 -------- d-----w- c:\programdata\MFAData
    2012-08-14 06:08 . 2012-08-14 06:08 -------- d--h--w- c:\programdata\Common Files
    2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\users\von der Linden\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-08-12 19:33 . 2012-08-12 19:33 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-08-12 04:53 . 2012-08-12 04:53 -------- d-----w- c:\users\von der Linden\AppData\Local\Navnet_Solutions
    2012-08-12 04:43 . 2012-08-12 04:43 -------- d-----w- c:\program files (x86)\NavNetApp
    2012-08-12 04:43 . 2012-08-12 04:43 -------- d-----w- c:\users\von der Linden\AppData\Roaming\NavNet Solutions
    2012-08-12 04:42 . 2012-08-12 04:43 -------- d-----w- c:\program files (x86)\TubEmAll Pro
    2012-08-05 08:39 . 2012-08-05 08:39 -------- d-----w- c:\users\von der Linden\AppData\Local\Programs
    2012-08-03 06:54 . 2012-08-03 06:54 -------- d-----w- c:\users\von der Linden\AppData\Local\MDG
    2012-08-03 06:35 . 2012-08-03 06:35 -------- d-----w- c:\users\von der Linden\AppData\Local\Samsung
    2012-08-03 06:35 . 2012-08-03 06:35 -------- d-----w- c:\users\von der Linden\AppData\Roaming\Samsung
    2012-08-03 06:17 . 2012-06-04 07:59 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2012-08-03 06:17 . 2012-06-04 07:59 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2012-08-03 06:17 . 2010-12-21 05:55 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
    2012-08-03 06:16 . 2012-06-27 02:03 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
    2012-08-03 06:16 . 2012-08-03 06:16 -------- d-----w- c:\program files (x86)\MarkAny
    2012-08-03 06:16 . 2012-06-27 02:02 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
    2012-08-03 06:16 . 2012-08-03 06:16 -------- d-----w- c:\program files (x86)\Samsung
    2012-08-03 06:16 . 2012-08-03 06:16 -------- d-----w- c:\programdata\Samsung
    2012-07-20 13:40 . 2012-07-20 13:40 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\1645.tmp
    2012-07-20 13:40 . 2012-07-20 13:40 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\1644.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-15 16:17 . 2012-03-07 17:55 25640 ----a-w- c:\windows\gdrv.sys
    2012-07-29 06:48 . 2012-03-31 08:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-29 06:48 . 2012-03-24 08:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 13:00 . 2012-03-31 21:09 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-27 02:02 . 2012-06-27 02:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx
    2012-06-27 02:02 . 2012-06-27 02:02 330240 ----a-w- c:\windows\MASetupCaller.dll
    2012-06-27 02:02 . 2012-06-27 02:02 30568 ----a-w- c:\windows\MusiccityDownload.exe
    2012-06-27 02:02 . 2012-06-27 02:02 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
    2012-06-27 02:02 . 2012-06-27 02:02 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
    2012-06-27 02:02 . 2012-06-27 02:02 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
    2012-06-27 02:02 . 2012-06-27 02:02 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
    2012-06-27 02:02 . 2012-06-27 02:02 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
    2012-06-27 02:02 . 2012-06-27 02:02 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
    2012-06-27 02:02 . 2012-06-27 02:02 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
    2012-06-27 02:02 . 2012-06-27 02:02 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
    2012-06-27 02:02 . 2012-06-27 02:02 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
    2012-06-27 02:02 . 2012-06-27 02:02 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
    2012-06-27 02:02 . 2012-06-27 02:02 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
    2012-06-27 02:02 . 2012-06-27 02:02 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
    2012-06-27 02:02 . 2012-06-27 02:02 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
    2012-06-27 02:02 . 2012-06-27 02:02 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
    2012-06-27 02:02 . 2012-06-27 02:02 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
    2012-06-27 02:02 . 2012-06-27 02:02 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
    2012-06-27 02:02 . 2012-06-27 02:02 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
    2012-06-27 02:02 . 2012-06-27 02:02 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
    2012-06-27 02:02 . 2012-06-27 02:02 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
    2012-06-27 02:02 . 2012-06-27 02:02 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
    2012-06-27 02:02 . 2012-06-27 02:02 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
    2012-06-27 02:02 . 2012-06-27 02:02 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
    2012-06-27 02:02 . 2012-06-27 02:02 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
    2012-06-27 02:02 . 2012-06-27 02:02 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
    2012-06-27 02:02 . 2012-06-27 02:02 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
    2012-06-18 13:12 . 2012-07-13 00:21 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4932917E-1544-46E0-9D09-7D3F4E9CEDFF}\mpengine.dll
    2012-06-11 23:50 . 2012-06-11 23:50 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-06-11 23:50 . 2012-06-11 23:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-06-11 23:50 . 2012-06-11 23:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-06-11 23:50 . 2012-06-11 23:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-06-11 23:50 . 2012-06-11 23:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-06-11 23:50 . 2012-06-11 23:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
    2012-06-11 23:49 . 2012-06-11 23:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
    2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
    2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-06-11 17:24 . 2011-12-06 03:17 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-06-11 17:23 . 2011-12-06 03:16 1090560 ----a-w- c:\windows\system32\aticfx64.dll
    2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
    2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16 . 2011-12-06 03:06 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-06-11 17:01 . 2011-12-06 02:51 6914560 ----a-w- c:\windows\system32\atidxx64.dll
    2012-06-11 16:51 . 2011-12-06 02:39 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-06-11 16:36 . 2011-12-06 02:24 6605824 ----a-w- c:\windows\system32\atiumd64.dll
    2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-06-11 16:25 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-06-11 16:25 . 2011-12-06 02:11 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25 . 2011-12-06 02:11 45056 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-06-11 16:24 . 2011-12-06 02:11 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-06-03 01:19 . 2012-06-08 23:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-03 01:15 . 2012-06-08 23:35 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:19 . 2012-06-08 23:35 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-08 23:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-08 23:35 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-08 23:35 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-08 23:35 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-08 23:35 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-08 23:35 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-05-18 02:47 . 2012-06-15 13:00 17807360 ----a-w- c:\windows\system32\mshtml.dll
    2012-05-18 02:16 . 2012-06-15 13:00 10924032 ----a-w- c:\windows\system32\ieframe.dll
    2012-05-18 02:06 . 2012-06-15 13:00 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-05-18 01:59 . 2012-06-15 13:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-05-18 01:59 . 2012-06-15 13:00 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-05-18 01:58 . 2012-06-15 13:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-18 01:58 . 2012-06-15 13:00 237056 ----a-w- c:\windows\system32\url.dll
    2012-05-18 01:56 . 2012-06-15 13:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-15_08.51.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-07-20 13:43 . 2012-08-15 12:06 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-07-20 13:43 . 2012-08-15 08:36 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2010-11-21 03:09 . 2012-08-15 09:07 43082 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-08-15 09:07 40026 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2012-08-12 13:00 . 2012-04-09 19:32 15264 c:\windows\SoftwareDistribution\Download\Install\mpsyschk.exe
    + 2012-03-24 08:37 . 2012-08-15 09:07 3974 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3109839055-431102336-2772829462-1001_UserData.bin
    - 2012-08-15 08:51 . 2012-08-15 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-15 16:17 . 2012-08-15 16:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-20 13:43 . 2012-08-15 16:10 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2012-07-20 13:43 . 2012-08-15 08:40 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2012-08-15 05:11 . 2012-08-15 08:40 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-08-15 05:11 . 2012-08-15 16:10 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 02:36 . 2012-08-15 09:11 300994 c:\windows\system32\perfc009.dat
    + 2012-03-07 17:54 . 2012-08-15 16:16 938344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2012-03-07 17:54 . 2012-08-15 08:50 938344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2009-07-14 05:01 . 2012-08-15 08:50 263528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-15 16:16 263528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 02:36 . 2012-08-15 09:11 1180112 c:\windows\system32\perfh009.dat
    + 2009-07-14 04:54 . 2012-08-15 16:10 14434304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-15 08:40 14434304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-15 16:10 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-15 08:40 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-24 14:20 . 2012-08-15 16:16 32005248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3109839055-431102336-2772829462-1001-8192.dat
    + 2012-07-26 20:01 . 2012-08-15 16:16 11152056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    - 2012-07-26 20:01 . 2012-08-15 08:50 11152056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "LMab1err"="c:\program files\Lexmark\ErrorApp\lmab1err.exe" [2011-11-09 644160]
    "LMADEmon"="c:\program files (x86)\Lexmark S310 Series\LMADEmon.exe" [2011-11-23 948360]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
    "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
    "MusicManager"="c:\users\von der Linden\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-19 254696]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-02 90448]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-12 641704]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-06 53888]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 136176]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 250056]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-03-07 79360]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-06 113120]
    R3 RTL8192cu;RNX-MiniN1 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-11 848384]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-24 1255736]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-11 21104]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-06 53888]
    S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
    S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-06-04 639512]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 13:01]
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 13:01]
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001Core.job
    - c:\users\von der Linden\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 08:39]
    .
    2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109839055-431102336-2772829462-1001UA.job
    - c:\users\von der Linden\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 08:39]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
    "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2011-05-02 196648]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2011-05-02 489512]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://nmd.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\von der Linden\AppData\Roaming\Mozilla\Firefox\Profiles\to0qjij1.default\
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox/1363eb9cd424bda7|http://us.mg4.mail.yahoo.com/neo/la...w.kongregate.com/games/jmtb02/kongregate-chat
    FF - prefs.js: network.proxy.type - 0
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{0941C58F-E461-4E03-BD7D-44C27392ADE1}"=hex:51,66,7a,6c,4c,1d,38,12,e1,c6,52,
    0d,53,aa,6d,0b,c2,6b,07,82,76,cc,e9,f5
    "{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,
    0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09
    "{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
    68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:26,88,93,86,2f,67,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\\.\globalroot\systemroot\svchost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-15 06:54:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-15 16:54
    ComboFix2.txt 2012-08-15 09:04
    .
    Pre-Run: 19,520,270,336 bytes free
    Post-Run: 20,239,179,776 bytes free
    .
    - - End Of File - - 3FE0639A411093773FF3E5C4EE0C96DC
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    TDSSKiller

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    aswMBR

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
     
  10. Alexvdl

    Alexvdl TS Member Topic Starter

    Okay. Done and done.


    TDSS LOG IS ATTACHED

    ASW LOG

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-15 22:47:13
    -----------------------------
    22:47:13.976 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:47:13.976 Number of processors: 8 586 0x102
    22:47:13.976 ComputerName: VONDERLINDENPC UserName: von der Linden
    22:47:14.210 Initialize success
    22:48:14.108 AVAST engine defs: 12081503
    22:48:53.560 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
    22:48:53.560 Disk 0 Vendor: ADATA_SS 3.3. Size: 114473MB BusType: 11
    22:48:53.576 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006a
    22:48:53.576 Disk 1 Vendor: Hitachi_ MN6O Size: 1907729MB BusType: 11
    22:48:53.576 Disk 0 MBR read successfully
    22:48:53.592 Disk 0 MBR scan
    22:48:53.592 Disk 0 Windows 7 default MBR code
    22:48:53.592 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    22:48:53.607 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
    22:48:53.623 Disk 0 scanning C:\Windows\system32\drivers
    22:48:55.869 Service scanning
    22:49:01.626 Modules scanning
    22:49:01.641 Disk 0 trace - called modules:
    22:49:01.641 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
    22:49:01.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006e58790]
    22:49:01.657 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8006b25040]
    22:49:01.672 5 amdxata.sys[fffff880010e87a8] -> nt!IofCallDriver -> [0xfffffa8006b0ae40]
    22:49:01.672 7 ACPI.sys[fffff88000f2a7a1] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8006c309c0]
    22:49:01.906 AVAST engine scan C:\Windows
    22:49:02.608 AVAST engine scan C:\Windows\system32
    22:49:58.224 AVAST engine scan C:\Windows\system32\drivers
    22:50:01.000 AVAST engine scan C:\Users\von der Linden
    22:50:30.484 AVAST engine scan C:\ProgramData
    22:50:34.556 Scan finished successfully
    22:52:03.195 Disk 0 MBR has been saved successfully to "C:\Users\von der Linden\Desktop\MBR.dat"
    22:52:03.211 The log file has been saved successfully to "C:\Users\von der Linden\Desktop\aswMBR.txt"
     

    Attached Files:

  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Good!

    Run TDSSKiller once more and post a log, please.
     
  12. Alexvdl

    Alexvdl TS Member Topic Starter

    Log is attached.
     

    Attached Files:

  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
     
  14. Alexvdl

    Alexvdl TS Member Topic Starter

    Switching things up? Usually you're on quite a bit later.

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.16.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    von der Linden :: VONDERLINDENPC [administrator]

    8/16/2012 1:19:23 PM
    mbam-log-2012-08-16 (13-19-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 198453
    Time elapsed: 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    New log from ComboFix

    I would like to see a ☆new log☆ from ComboFix. Please find the ComboFix icon on your Desktop, and double-click on it. Once it finishes running, post the new log.
     
  16. Alexvdl

    Alexvdl TS Member Topic Starter

    I had a helluva time finishing this ComboFix run. It went through normally, but then when it restarted my computer was going slow as molasses.The combofix window did a cascade across the desktop, and when I tried to restart it wouldn't... I finally restarted into safe mode and it worked there.

    And this log was too big so it's attached.
     

    Attached Files:

  17. Alexvdl

    Alexvdl TS Member Topic Starter

    And now... I can't start iTunes, trying to start Steam tells me it's already running in another Windows session. My computer is running much, much slower than it ever has, trying to restart the computer takes twenty minutes...
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Sorry to hear you had trouble with that.

    Please click Start > Run, type in CMD and hit Enter.

    Run the following command exactly:

    takeown /f "C:\Program Files (x86)\iTunes" /r /d y

    and hit Enter.

    After that, exit Command Prompt if successful and test iTunes.
     
  19. Alexvdl

    Alexvdl TS Member Topic Starter

    So I tried that, but it told me ERROR: The current logged on user does not have ownership privileges on the file (or folder) "C:\Program Files (x86)\iTunes".

    But that's sort of irrelevant because when I woke up iTunes was open. And I could open/close it at will? Wow this is frustrating. And now I can restart/shut down/run all of my programs at normal speed. WTF?
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    That's okay. Let's move along...

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  21. Alexvdl

    Alexvdl TS Member Topic Starter

    So... the first time I ran the ESET scan, it found like 23 malicious files, but the program uninstalled itself after use and I was unable to find a log. So I restarted the computer and reran it...

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=c6f98c6253b3b64dbf6dfb70aca00054
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-08-18 01:08:43
    # local_time=2012-08-18 03:08:43 (-1000, Hawaiian Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776573 100 94 0 96837618 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=267628
    # found=0
    # cleaned=0
    # scan_time=1154
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Once again do the following:

    Scan with Malwarebytes' Anti-Malware

    Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
     
  23. Alexvdl

    Alexvdl TS Member Topic Starter

    I started getting some BSODs that indicated I needed upgrade my BIOS. I did that and then Windows refused to reboot, even if I flashed back to the original BIOS, or used other restore points. So I reinstalled Windows. I didn't format the drive and then reinstall, so if you think I should rescan the system I'm willing to go ahead and continue to follow your lead.

    If you think I'm good, well, you're the guy with the knowledge. Either way, I dropped a donation into the pot to thank you for your help.
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Thanks for that, it is indeed appreciated. I think that your computer should be fine now. See the following, please:

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

    Any other questions before I mark this topic solved?
     
  25. Alexvdl

    Alexvdl TS Member Topic Starter

    If you don't explaining what I was actually doing, I'd love to hear it, but other than that nope. Thank you VERY much.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...