Solved 2 iexplore.exe in task manager tries to connect to malware site

Status
Not open for further replies.
P

Ponder

Posts: 17   +0
Hello, I started having problems with my internet 2 days ago. First I couldn't connect to the internet at all, I tried pretty much everything and after deleting my recently updated ad-aware I was able to reconnect again. I still had avast and that started occasionally prompting a warning where the infection details we're as follows
Code: 
Infection Details
URL:    [b]Bad link deleted by Bobbye[/b]
Process:    C:\Program Files (x86)\Internet Explorer...
Infection:    URL:Mal
Soon after I checked my task manager and it shows 2 iexplore.exes and I can't close them. I actually use firefox so that was even more weird.

I did a bunch of scans with malwarebytes and avast and found a few things but this iexplore.exe problem still persists.

Here's the logs that you requested

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.18.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Gasoline :: GASOLINE-PC [administrator]

Protection: Enabled

18.5.2012 16:03:18
mbam-log-2012-05-18 (16-03-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208298
Time elapsed: 1 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

gmerlog had nothing in it.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Gasoline at 16:20:48 on 2012-05-18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.358.1033.18.8191.5152 [GMT 3:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ASDR.exe
F:\Games\Tribes Ascend\HiPatchService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = astroburn-search.com
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Astroburn Toolbar: {efeed92a-a33d-4873-ba8f-32baa631e54d} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [LicenseValidator] C:\Users\Gasoline\AppData\Roaming\Identities\{56EE14C5-861F-4115-ABC2-35412EEA1C71}\LicenseValidator.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Gasoline\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{B019938B-002E-4799-8BA1-2A2F10C828DD} : DhcpNameServer = 192.168.100.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Astroburn Toolbar: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gasoline\AppData\Roaming\Mozilla\Firefox\Profiles\t73cmd08.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\system32\DRIVERS\CLBStor.sys --> C:\Windows\system32\DRIVERS\CLBStor.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-5-6 44768]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-5-6 134920]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;F:\Games\Tribes Ascend\HiPatchService.exe [2012-4-22 8704]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-17 654408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R3 cmudaxp;ASUS Xonar Essence ST Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys --> C:\Windows\system32\drivers\cmudaxp.sys [?]
R3 IOMap;IOMap;\??\C:\Windows\system32\drivers\IOMap64.sys --> C:\Windows\system32\drivers\IOMap64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/28 17:49:14;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 257696]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-6 135584]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;WatAdminSvc;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2012-05-18 12:38:46 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-18 11:03:10 -------- d-----w- C:\Users\Gasoline\AppData\Local\{32D596C6-563C-47E8-B092-D01D115EBC90}
2012-05-18 11:03:00 -------- d-----w- C:\Users\Gasoline\AppData\Local\{5D6B73F3-8AE3-46FF-83D8-CDDFDD019E97}
2012-05-17 14:17:27 -------- d-----w- C:\Users\Gasoline\AppData\Local\{86B1905B-E14E-437E-8550-49451B6D09BA}
2012-05-17 14:17:13 -------- d-----w- C:\Users\Gasoline\AppData\Local\{3C1DCFCF-167C-4538-9C76-FD977F91BD1C}
2012-05-17 13:25:07 -------- d-----w- C:\Users\Gasoline\AppData\Roaming\Malwarebytes
2012-05-17 13:25:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-17 13:25:02 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-17 13:25:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-17 02:16:50 -------- d-----w- C:\Users\Gasoline\AppData\Local\{A6C8C0CB-76A1-4C02-B9F7-78CCCC817FA6}
2012-05-17 02:16:37 -------- d-----w- C:\Users\Gasoline\AppData\Local\{2BEE6E36-93D5-4877-9022-16FBF6AD5877}
2012-05-17 00:32:32 -------- d-----w- C:\ProgramData\GFI Software
2012-05-16 23:53:21 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-05-16 23:53:21 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-05-16 23:52:56 -------- d-----w- C:\Program Files (x86)\Realtek
2012-05-16 16:44:39 -------- d-----w- C:\Users\Gasoline\AppData\Local\ElevatedDiagnostics
2012-05-16 16:00:53 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67C9C634-3BBA-4303-8521-37535ED4659E}\mpengine.dll
2012-05-16 14:38:46 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-05-16 14:37:32 -------- d-----w- C:\Users\Gasoline\AppData\Roaming\Ad-Aware Antivirus
2012-05-16 14:16:14 -------- d-----w- C:\Users\Gasoline\AppData\Local\{18456DE9-070D-40DE-81E8-B15F87677B32}
2012-05-16 14:15:55 -------- d-----w- C:\Users\Gasoline\AppData\Local\{8D8C6096-DABB-46E5-9367-1E9B1A03469E}
2012-05-16 01:57:50 -------- d-----w- C:\Users\Gasoline\AppData\Local\{DF21D111-D4BD-4FCD-ACE6-96F47D2DFC29}
2012-05-16 01:57:37 -------- d-----w- C:\Users\Gasoline\AppData\Local\{EB24A5AB-0843-42B2-AD37-BD5DB6F8487E}
2012-05-15 19:43:49 -------- d-----w- C:\Users\Gasoline\AppData\Roaming\Windows Desktop Search
2012-05-15 19:43:49 -------- d-----w- C:\Users\Gasoline\AppData\Roaming\TeamViewer
2012-05-15 13:57:14 -------- d-----w- C:\Users\Gasoline\AppData\Local\{A56899CE-AE10-4C85-993A-34E48D931C21}
2012-05-15 13:57:00 -------- d-----w- C:\Users\Gasoline\AppData\Local\{39F1A0D4-F46C-4A2F-8AA5-A461CD362B7E}
2012-05-15 01:56:41 -------- d-----w- C:\Users\Gasoline\AppData\Local\{BEA102CC-9135-41E1-B3B9-7F7E28E5154F}
2012-05-15 01:56:28 -------- d-----w- C:\Users\Gasoline\AppData\Local\{B66C350A-63E0-4AB0-9A67-362E478185E8}
2012-05-14 13:56:17 -------- d-----w- C:\Users\Gasoline\AppData\Local\{0CF8B57E-C9D6-4A7E-8EA8-790215C57232}
2012-05-14 01:55:53 -------- d-----w- C:\Users\Gasoline\AppData\Local\{AFCEBAB2-1D04-4162-B1C6-8C829196B3CD}
2012-05-14 01:55:40 -------- d-----w- C:\Users\Gasoline\AppData\Local\{AB3C3A75-C6B9-4843-BCDA-EA06B018650C}
2012-05-13 13:55:17 -------- d-----w- C:\Users\Gasoline\AppData\Local\{3D5FF046-5826-44EC-A7C7-B3F4DC04F1B0}
2012-05-13 13:55:07 -------- d-----w- C:\Users\Gasoline\AppData\Local\{C25D7406-320C-4877-B95E-C6CF9FAE2BB2}
2012-05-12 13:23:29 -------- d-----w- C:\Users\Gasoline\AppData\Local\{24D2EA6B-F44C-44FE-A603-7081A7EC6489}
2012-05-12 13:23:19 -------- d-----w- C:\Users\Gasoline\AppData\Local\{55294916-B583-4F03-9998-6D364AC14985}
2012-05-11 20:50:52 -------- d-----w- C:\Users\Gasoline\AppData\Local\{3E7AE193-1859-4B10-B943-FB5BCD2004D1}
2012-05-11 20:50:28 -------- d-----w- C:\Users\Gasoline\AppData\Local\{6497C87B-9ED3-4866-B52E-851EE94ABB76}
2012-05-11 08:50:16 -------- d-----w- C:\Users\Gasoline\AppData\Local\{14E4DD51-0539-49AF-8179-0E7E614C63B3}
2012-05-11 08:50:07 -------- d-----w- C:\Users\Gasoline\AppData\Local\{332524DB-C8BC-4A96-9DF6-0E467DD8DB94}
2012-05-10 20:31:38 -------- d-----w- C:\Users\Gasoline\AppData\Local\{EE3D5802-5508-4C69-A4EC-0418EC6FCFDD}
2012-05-10 20:31:25 -------- d-----w- C:\Users\Gasoline\AppData\Local\{36336D31-57AF-4EB9-A3D3-FDDB753459C8}
2012-05-10 08:31:02 -------- d-----w- C:\Users\Gasoline\AppData\Local\{6B616F24-A1FE-40FF-9733-37069D6309FD}
2012-05-10 08:30:49 -------- d-----w- C:\Users\Gasoline\AppData\Local\{A2199D86-FB54-44A9-9373-2D6ABFD0931C}
2012-05-09 20:30:38 -------- d-----w- C:\Users\Gasoline\AppData\Local\{8C0BC2B4-3FA3-4BCC-A278-6A6E10315A9F}
2012-05-09 20:30:24 -------- d-----w- C:\Users\Gasoline\AppData\Local\{49624C3A-4C1B-41C6-9411-B61F8A780D1F}
2012-05-09 08:35:13 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-09 08:35:13 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-09 08:35:13 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-09 08:35:13 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-09 08:35:13 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-09 08:35:13 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-09 08:35:13 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-09 08:35:13 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 08:35:13 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-09 08:35:13 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 08:34:47 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 08:34:47 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 08:34:46 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 08:34:46 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 08:34:43 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 08:34:40 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 08:34:38 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 08:34:38 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 08:34:38 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 08:34:38 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 08:34:38 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 08:30:01 -------- d-----w- C:\Users\Gasoline\AppData\Local\{E2184097-37FB-4BE9-94A1-0162231B98BB}
2012-05-09 08:29:50 -------- d-----w- C:\Users\Gasoline\AppData\Local\{55BD5AFF-BB12-4D6D-A831-80541CF9A696}
2012-05-08 20:00:59 -------- d-----w- C:\Users\Gasoline\AppData\Local\{FF747E8C-EC33-4BB3-B91F-6A080C1D0D22}
2012-05-08 20:00:46 -------- d-----w- C:\Users\Gasoline\AppData\Local\{ED7014A9-8DEC-4AF8-B332-5A7D536D4618}
2012-05-08 10:10:58 -------- d-----w- C:\Users\Gasoline\AppData\Roaming\OpenOffice.org
2012-05-08 10:10:29 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-05-08 08:00:35 -------- d-----w- C:\Users\Gasoline\AppData\Local\{6C08EDC7-0FEA-4438-9E5D-D6B880E1253D}
2012-05-08 08:00:23 -------- d-----w- C:\Users\Gasoline\AppData\Local\{D1A31453-B97C-4378-9A87-E8CE3CE1D91B}
2012-05-07 20:00:00 -------- d-----w- C:\Users\Gasoline\AppData\Local\{4C8DEE43-99B9-4864-95E6-5D2AD33E0991}
2012-05-07 19:59:47 -------- d-----w- C:\Users\Gasoline\AppData\Local\{07C030E4-70A7-4E3D-8172-42B0EF88D4BF}
2012-05-07 07:59:36 -------- d-----w- C:\Users\Gasoline\AppData\Local\{A2265C1A-B21B-4971-9C02-5B77CA59D306}
2012-05-07 07:59:26 -------- d-----w- C:\Users\Gasoline\AppData\Local\{48285F6A-BD58-40D5-8D54-87E16AD90F78}
2012-05-06 12:20:05 -------- d-----w- C:\Users\Gasoline\AppData\Local\{1FFA57F2-C54C-44DE-BD55-349A7BD9102B}
2012-05-06 12:19:52 -------- d-----w- C:\Users\Gasoline\AppData\Local\{E6444D96-B939-421E-A2DD-BFA9A4A9A2EF}
2012-05-06 10:54:35 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-05-06 10:54:35 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-05-06 00:19:29 -------- d-----w- C:\Users\Gasoline\AppData\Local\{38B48483-B7D7-4874-80E1-603B335B43F9}
2012-05-06 00:19:16 -------- d-----w- C:\Users\Gasoline\AppData\Local\{D29F8BAB-079F-45C6-8BCA-80F3C29D76E8}
2012-05-05 12:19:01 -------- d-----w- C:\Users\Gasoline\AppData\Local\{D3D30229-1935-4F39-A435-9476C0A7E605}
2012-05-05 12:18:47 -------- d-----w- C:\Users\Gasoline\AppData\Local\{9E097870-A6A5-4999-B5B8-AA358A89D19E}
2012-05-05 00:18:36 -------- d-----w- C:\Users\Gasoline\AppData\Local\{B5A0BB52-2F8E-4DB5-802F-94FDD6209E77}
2012-05-05 00:18:23 -------- d-----w- C:\Users\Gasoline\AppData\Local\{AF566C2D-C0F4-49CB-994E-5774C51D7993}
2012-05-04 12:18:09 -------- d-----w- C:\Users\Gasoline\AppData\Local\{4932D014-A3A6-47CB-9010-173ED564FBBF}
2012-05-04 12:17:58 -------- d-----w- C:\Users\Gasoline\AppData\Local\{9D8F502C-9939-4468-9B76-DDB9FCBFEFD8}
2012-05-03 14:25:23 -------- d-----w- C:\Users\Gasoline\AppData\Local\{38E230D9-AC68-458E-8971-B7C1AC55011D}
2012-05-03 14:25:13 -------- d-----w- C:\Users\Gasoline\AppData\Local\{633841DF-7D19-4F8D-9557-FCF023E16B61}
2012-05-02 10:27:59 -------- d-----w- C:\Users\Gasoline\AppData\Local\{DB6C712A-6B46-46FD-85B3-F978D15E125D}
2012-05-02 10:27:45 -------- d-----w- C:\Users\Gasoline\AppData\Local\{820D9269-3F5A-4D10-AB4F-364397825227}
2012-05-01 22:27:22 -------- d-----w- C:\Users\Gasoline\AppData\Local\{957CD4E6-C65C-4DF2-AECF-34DEB38772C0}
2012-05-01 22:27:01 -------- d-----w- C:\Users\Gasoline\AppData\Local\{93B39153-88C1-4B67-B711-7F1F6478F908}
2012-05-01 10:26:50 -------- d-----w- C:\Users\Gasoline\AppData\Local\{78278BE7-AE58-4E24-8711-2091916174C6}
2012-05-01 10:26:34 -------- d-----w- C:\Users\Gasoline\AppData\Local\{91F6C3ED-EB80-42F2-A6D6-0EFCE955AFCE}
2012-04-30 15:28:36 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2012-04-30 15:24:01 -------- d-----w- C:\Program Files (x86)\Audacity
2012-04-30 13:56:42 -------- d-----w- C:\Users\Gasoline\AppData\Local\{913E3D44-6A46-4369-B096-05EB5A91539F}
2012-04-30 13:56:32 -------- d-----w- C:\Users\Gasoline\AppData\Local\{32D24ED3-5897-480C-94F5-61BC107E5257}
2012-04-29 13:18:28 -------- d-----w- C:\Users\Gasoline\AppData\Local\{512D2DDE-DDA8-4CBB-B427-163B4C0B3046}
2012-04-29 13:18:15 -------- d-----w- C:\Users\Gasoline\AppData\Local\{350FAEE4-2F84-436E-A14D-B7833AFEFABF}
2012-04-29 01:18:04 -------- d-----w- C:\Users\Gasoline\AppData\Local\{78AFAEA1-A763-41B1-9767-9BA5459CF326}
2012-04-29 01:17:53 -------- d-----w- C:\Users\Gasoline\AppData\Local\{28FDB96C-7292-457A-9B4D-BC98EEFE440D}
2012-04-28 10:30:12 -------- d-----w- C:\Users\Gasoline\AppData\Local\{B9D7F72F-A656-4C9F-8BEB-6A18C9522DE8}
2012-04-28 10:30:02 -------- d-----w- C:\Users\Gasoline\AppData\Local\{DB5676A1-E197-49CD-B960-E4523C558914}
2012-04-27 12:36:09 -------- d-----w- C:\Users\Gasoline\AppData\Local\{7D88E7D5-0B3D-41EB-AE94-E72FF94CD1BB}
2012-04-27 12:35:58 -------- d-----w- C:\Users\Gasoline\AppData\Local\{61EF2CC7-A5A6-4D1B-B14F-791686B87BAC}
2012-04-26 12:35:09 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 12:35:08 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 12:35:08 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-26 12:34:23 -------- d-----w- C:\Users\Gasoline\AppData\Local\{124789F5-A74E-4374-9F85-FE184C871CF7}
2012-04-26 12:34:11 -------- d-----w- C:\Users\Gasoline\AppData\Local\{C581BB91-3397-4F31-913E-04B3A861E531}
2012-04-25 13:04:21 -------- d-----w- C:\Users\Gasoline\AppData\Local\{50F656A6-D5F0-41EE-9C83-76C34986C392}
2012-04-25 13:04:10 -------- d-----w- C:\Users\Gasoline\AppData\Local\{065DD38F-857F-4E78-ABAE-4A210948FA56}
2012-04-24 15:14:49 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-24 15:14:38 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-24 15:14:38 2580552 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-04-24 11:57:07 -------- d-----w- C:\Users\Gasoline\AppData\Local\{21D19127-D0F8-4CEA-991B-2E2DF58ADC50}
2012-04-24 11:56:57 -------- d-----w- C:\Users\Gasoline\AppData\Local\{E2D735BF-5467-4C92-9A19-185584E25D2D}
2012-04-23 11:53:15 -------- d-----w- C:\Users\Gasoline\AppData\Local\{7648C287-7D7E-4A5F-A6A7-A154FF608B4A}
2012-04-23 11:53:04 -------- d-----w- C:\Users\Gasoline\AppData\Local\{2A9567D2-739B-4944-A4E6-14BCD6112909}
2012-04-22 20:08:31 -------- d-----w- C:\Users\Gasoline\AppData\Local\{62D3CB78-D0B9-413E-89DF-DB621E51E213}
2012-04-22 20:08:10 -------- d-----w- C:\Users\Gasoline\AppData\Local\{D8729CDC-DC04-4DDB-AA97-BD0D05D4FF41}
2012-04-22 10:56:51 -------- d-----w- C:\Users\Gasoline\AppData\Local\Chromium
2012-04-22 09:21:05 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-04-22 08:07:59 -------- d-----w- C:\Users\Gasoline\AppData\Local\{1B11E63C-5398-450B-AF2C-6F50D0DDD773}
2012-04-22 08:07:49 -------- d-----w- C:\Users\Gasoline\AppData\Local\{705F1E05-1D04-4863-8021-E69AB4F00A09}
2012-04-21 09:36:11 -------- d-----w- C:\Users\Gasoline\AppData\Local\{B39F462C-04F9-4529-A687-6AFDEEF0E534}
2012-04-21 09:36:00 -------- d-----w- C:\Users\Gasoline\AppData\Local\{4C7E22F5-144B-4DEB-8D63-702ECF0BDFB5}
2012-04-20 11:44:08 -------- d-----w- C:\Users\Gasoline\AppData\Local\{7D4E317E-4DDB-4735-A602-59FE7FD49B74}
2012-04-20 11:43:57 -------- d-----w- C:\Users\Gasoline\AppData\Local\{8463BFB4-2BFD-4EAB-A04E-E146CF3F6A99}
2012-04-19 12:19:08 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-04-19 12:16:32 -------- d-----w- C:\Users\Gasoline\AppData\Local\{5E63EC59-AB58-4186-873E-CE5812730CF8}
2012-04-19 12:16:21 -------- d-----w- C:\Users\Gasoline\AppData\Local\{87A805D1-888A-49AC-B590-AD5356C99408}
.
==================== Find3M ====================
.
2012-05-14 23:11:58 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-14 23:11:48 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-04 21:42:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 21:42:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:42:06 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 12:19:11 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-03-08 15:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 15:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:31 141144 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:03:29 258904 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 07:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:21:05,30 ===============

Edit: Attached Attach.txt file from DDS has been opened and pasted in below by Bobbye

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume6
Install Date: 12.11.2011 18:22:11
System Uptime: 18.5.2012 15:24:26 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A88T-V EVO/USB3
Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 23,856 GiB free.
D: is FIXED (NTFS) - 432 GiB total, 59,188 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 54,314 GiB free.
F: is FIXED (NTFS) - 500 GiB total, 52,348 GiB free.
G: is FIXED (NTFS) - 349 GiB total, 28,103 GiB free.
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {85b5ddd0-e090-4b15-bdf2-a443a3ca0b66}
Description: ATITool Driver
Device ID: ROOT\*ATITOOLDEVICE\0000
Manufacturer: W1zzard
Name: ATITool Driver
PNP Device ID: ROOT\*ATITOOLDEVICE\0000
Service: ATITool
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&3A484DD5&0&0050
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_84131043&REV_03\4&3A484DD5&0&0050
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3DMark 11
Adobe AIR
Adobe Community Help
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
Astroburn Lite
Astroburn Toolbar
ASUS Smart Doctor
ATITool Overclocking Utility
µTorrent
Audacity 2.0
avast! Internet Security
Battlefield 3™
Battlelog Web Plugins
Command & Conquer 3
CrystalDiskInfo 4.1.4
CyberLink InstantBurn
CyberLink Media Suite
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDVD 10
D3DX10
DAEMON Tools Lite
Dead Space
DOOM 3
DOOM 3: Resurrection of Evil
Dxtory 2.0.108
ESN Sonar
Exact Audio Copy 1.0beta3
FLAC 1.2.1a (remove only)
foobar2000 v1.1
Fraps (remove only)
Futuremark SystemInfo
Geeks3D.com FurMark 1.9.2
GOM Player
GOMTV Streamer
Half-Life 2
Hard Reset
Hi-Rez Studios Authenticate and Update Service
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 29
K-Lite Codec Pack 6.3.0 (Full)
LAME v3.99.3 (for Windows)
Left 4 Dead 2
Livestream Procaster
Malwarebytes Anti-Malware version 1.61.0.1400
Mass Effect™ 3
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSI Afterburner 2.1.0
MSVCRT
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OCCT Perestroika 3.0.0
OpenAL
OpenOffice.org 3.3
Origin
PDF Settings CS5
PunkBuster Services
Realtek Ethernet Controller Driver For Windows 7
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.5
StarCraft II
Steam
The Witcher 2
Tribes Ascend
Ultra Fractal 4.03
Unreal Tournament 3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Utility
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
X3: Albion Prelude
X3: Terran Conflict
.
==== Event Viewer Messages From Past Week ========
.
18.5.2012 4:19:22, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
18.5.2012 15:51:00, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
18.5.2012 15:24:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
18.5.2012 15:24:38, Error: Service Control Manager [7000] - The CyberLink InstantBurn UDF Filesystem service failed to start due to the following error: The system cannot find the file specified.
18.5.2012 15:20:43, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
18.5.2012 13:55:00, Error: bowser [8003] - The master browser has received a server announcement from the computer EKT43 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B019938B-002E-4799-8BA1-2A2F10C828DD}. The master browser is stopping or an election is being forced.
16.5.2012 19:53:29, Error: bowser [8003] - The master browser has received a server announcement from the computer EKT43 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1FBC95C7-9F65-4B33-B0DB-DC41EDC69A31}. The master browser is stopping or an election is being forced.
16.5.2012 19:13:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ASDR service.
16.5.2012 17:15:42, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
15.5.2012 0:18:01, Error: Service Control Manager [7034] - The Zune Windows Mobile Connectivity Service service terminated unexpectedly. It has done this 2 time(s).
14.5.2012 13:45:46, Error: Service Control Manager [7034] - The Zune Windows Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
12.5.2012 17:59:54, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035b2611, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051212-13712-01.
.
==== End Of File ===========================
 
Good Morning and welcome to TechSpot!

As you see, I opened the attachment and pasted it in your post. The author put the 'don not post' and the 'zip' directions in the Attaxch.txt log and we can't remove it. However, we added instruction to ignore this and paste it in- so I did some housekeeping. I lso deletes the link ou left.

About your problem:
The domain beagleabschirmkiste.de is in Germany. McAfee TrustedSource web reputation analysis found potential security risks with this site. Use with extreme caution. What I don't know is if this was an attempt to access your system that was blocked, or whether something in your system is atempting to access the site on the internet. The former is normal and the AV is doing what it should. The latter would indicate that there is malware in the system to be found and removed.

About multiple iexplore.exe:
If you have IE8, it is normal to have 2 or more of these processes in the Task Manager. But since malware can hide in almost every process, we will tke that into consideration.

Did you run GMER? Log?

I would like you to temporarily remove the CD emulators as they can interfer with the cans. This would be Daemon Lite and I think also include Astroburn.
To disable CD Emulation programs using DeFogger please perform these steps:
  1. . Please download DeFogger to your desktop.
  2. . Double-click on the DeFogger icon to start the tool.
  3. . The application window will> appear> click on the Disable button to disable your CD Emulation drivers
  4. . At prompt to continue> click on the Yes button to continue
  5. . When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
---------------------------
The following can be done when we're finished:
To enable CD Emulation programs using DeFogger please perform these steps:
  1. . Please download DeFogger to your desktop.
  2. . Once downloaded, double-click on the DeFogger icon to start the tool.
  3. . The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  4. . When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. . When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. . If CD Emulation programs are present and have been enabled,
DeFogger will now ask you to reboot the machine. Please allow it to do so
by clicking on the OK button.
Click to expand...
=======================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------

  • Download Combofix from HERE or HEREand save to the desktop
    • Double click combofix.exe
      cf-icon.jpg
      & follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
      Click to expand...
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • Close any open browsers.
  • Before you run the Combofix scan, please disable any security software you have running.
    (If you need help with this, please see HERE)
  • Click on Yes, to continue scanning for malware
  • If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
=========================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==================================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.

Please leave the logs for Combofix and the Eset scan in your next reply.
 
Update on the situation, yesterday I lost my connection for around 5 minutes again. The symptom is that everytime I try to open a site, it won't even try to load. Windows does say I'm connected though but running internet explorers troubleshoot I get "The remote device or resource won't accept the connection." I forgot to mention that earlier.

Also last time avast blocked the connection to the beagle.de site, my soundcards drivers were the one's trying to connect there.

I did ran GMER and the Log had nothing in it.

ESET also found nothing

combofix log
ComboFix 12-05-18.02 - Gasoline 18.05.2012 20:51:14.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.358.1033.18.8191.6015 [GMT 3:00]
Sijainti: c:\users\Gasoline\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gasoline\AppData\Roaming\Help\coredb\storage
c:\users\Gasoline\AppData\Roaming\Identities\{56EE14C5-861F-4115-ABC2-35412EEA1C71}\LicenseValidator.exe
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-04-18 to 2012-05-18 )))))))))))))))))
.
.
2012-05-18 17:54 . 2012-05-18 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-17 13:25 . 2012-05-17 13:25 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Malwarebytes
2012-05-17 13:25 . 2012-05-17 13:25 -------- d-----w- c:\programdata\Malwarebytes
2012-05-17 13:25 . 2012-05-17 13:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-17 13:25 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 00:32 . 2012-05-17 00:32 -------- d-----w- c:\programdata\GFI Software
2012-05-16 23:53 . 2010-05-20 04:04 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-05-16 23:53 . 2010-05-20 04:04 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-05-16 23:52 . 2012-05-16 23:52 -------- d-----w- c:\program files (x86)\Realtek
2012-05-16 16:44 . 2012-05-16 16:44 -------- d-----w- c:\users\Gasoline\AppData\Local\ElevatedDiagnostics
2012-05-16 16:00 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67C9C634-3BBA-4303-8521-37535ED4659E}\mpengine.dll
2012-05-16 14:38 . 2012-05-17 00:32 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-05-16 14:37 . 2012-05-16 15:57 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Ad-Aware Antivirus
2012-05-15 23:28 . 2012-05-15 23:28 -------- d-----w- c:\users\Gasoline\AppData\Roaming\vlc
2012-05-15 19:43 . 2012-05-15 19:43 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Windows Desktop Search
2012-05-15 19:43 . 2012-05-15 19:43 -------- d-----w- c:\users\Gasoline\AppData\Roaming\TeamViewer
2012-05-09 08:35 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 08:35 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-09 08:35 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-09 08:35 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-09 08:35 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-09 08:35 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 08:35 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-09 08:35 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-09 08:35 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-09 08:35 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-09 08:34 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 08:34 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 08:34 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 08:34 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 08:34 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 08:34 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 08:34 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 08:34 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 08:34 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 08:34 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 08:34 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 10:10 . 2012-05-08 10:10 -------- d-----w- c:\users\Gasoline\AppData\Roaming\OpenOffice.org
2012-05-08 10:10 . 2012-05-08 10:10 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-05-06 10:54 . 2012-03-06 23:02 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-05-06 10:54 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-30 15:28 . 2012-04-30 15:28 -------- d-----w- c:\program files (x86)\Lame For Audacity
2012-04-30 15:24 . 2012-05-15 21:58 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Audacity
2012-04-30 15:24 . 2012-04-30 15:24 -------- d-----w- c:\program files (x86)\Audacity
2012-04-26 12:35 . 2012-04-26 12:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 12:35 . 2012-04-26 12:35 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 12:35 . 2012-04-26 12:35 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-24 15:14 . 2012-05-14 23:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-24 15:14 . 2012-04-24 15:19 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-24 15:14 . 2011-10-10 14:42 2580552 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-04-22 10:56 . 2012-04-22 10:56 -------- d-----w- c:\users\Gasoline\AppData\Local\Chromium
2012-04-22 09:21 . 2012-04-22 10:56 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-04-19 12:19 . 2012-04-19 12:19 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 23:11 . 2011-11-13 13:58 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-14 23:11 . 2011-11-13 13:30 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-04 21:42 . 2012-04-09 10:52 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:42 . 2011-11-12 17:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 21:42 . 2012-04-09 11:42 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 12:19 . 2011-11-14 18:46 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-09 10:43 . 2012-03-09 10:43 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-09 10:43 . 2012-03-09 10:43 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-09 10:43 . 2012-03-09 10:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-09 10:43 . 2012-03-09 10:43 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-09 10:43 . 2012-03-09 10:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-09 10:43 . 2012-03-09 10:43 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-09 10:43 . 2012-03-09 10:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-09 10:43 . 2012-03-09 10:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-09 10:43 . 2012-03-09 10:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-09 10:43 . 2012-03-09 10:43 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-09 10:43 . 2012-03-09 10:43 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-09 10:43 . 2012-03-09 10:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-09 10:43 . 2012-03-09 10:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-09 10:43 . 2012-03-09 10:43 448512 ----a-w- c:\windows\system32\html.iec
2012-03-09 10:43 . 2012-03-09 10:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-09 10:43 . 2012-03-09 10:43 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-09 10:43 . 2012-03-09 10:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-09 10:43 . 2012-03-09 10:43 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-09 10:43 . 2012-03-09 10:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-09 10:43 . 2012-03-09 10:43 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-09 10:43 . 2012-03-09 10:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-09 10:43 . 2012-03-09 10:43 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-09 10:43 . 2012-03-09 10:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-09 10:43 . 2012-03-09 10:43 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-09 10:43 . 2012-03-09 10:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-09 10:43 . 2012-03-09 10:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-09 10:43 . 2012-03-09 10:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-09 10:43 . 2012-03-09 10:43 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-09 10:43 . 2012-03-09 10:43 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-09 10:43 . 2012-03-09 10:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-09 10:43 . 2012-03-09 10:43 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-09 10:43 . 2012-03-09 10:43 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-09 10:43 . 2012-03-09 10:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-09 10:43 . 2012-03-09 10:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-08 15:50 . 2012-03-08 15:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 15:37 . 2012-03-08 15:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 23:15 . 2011-11-12 17:43 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-11-12 17:43 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-11-12 17:43 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-12-13 15:16 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-03-06 23:04 . 2011-11-12 17:43 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-11-12 17:43 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:03 . 2011-12-13 15:16 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-03-06 23:01 . 2011-11-12 17:43 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-11-12 17:43 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-11-12 17:43 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 06:54 . 2012-04-12 23:18 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-12 23:18 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-12 23:18 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-12 23:18 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-12 23:18 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-12 23:18 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 23:18 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 23:18 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 23:18 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 23:18 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 23:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 23:18 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 23:18 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 23:18 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 23:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 07:18 . 2011-11-12 16:55 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files (x86)\Astroburn Toolbar\ABToolbar.dll" [2011-05-23 1000768]
.
[HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Gasoline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 CLBUDFbk;CyberLink InstantBurn UDF Filesystem; [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/28 17:49;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GPU-Z;GPU-Z;c:\users\Gasoline\AppData\Local\Temp\GPU-Z.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;f:\games\Tribes Ascend\HiPatchService.exe [2012-04-05 8704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 cmudaxp;ASUS Xonar Essence ST Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 21:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files (x86)\Astroburn Toolbar\ABToolbar64.dll" [2011-05-23 1536320]
.
[HKEY_CLASSES_ROOT\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-10-30 8151040]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Täydentävä tarkistus -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = astroburn-search.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\users\Gasoline\AppData\Roaming\Mozilla\Firefox\Profiles\t73cmd08.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-LicenseValidator - c:\users\Gasoline\AppData\Roaming\Identities\{56EE14C5-861F-4115-ABC2-35412EEA1C71}\LicenseValidator.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Muut prosessit ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\ASDR.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE
c:\program files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
.
**************************************************************************
.
Valmistumisajankohta: 2012-05-18 20:58:37 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2012-05-18 17:58
.
Ennen ajoa: 24 473 923 584 bytes free
Ajon jälkeen: 25 721 954 304 bytes free
.
- - End Of File - - CC09F2D85AD2712905DB68609C55249E


Combofix-quarantined-files.txt

2012-05-18 17:58:08 . 2012-05-18 17:58:08 2,908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-PunkBusterSvc.reg.dat
2012-05-18 17:58:08 . 2012-05-18 17:58:08 1,164 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Battlelog Web Plugins.reg.dat
2012-05-18 17:57:49 . 2012-05-18 17:57:49 213 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-LicenseValidator.reg.dat
2012-05-18 17:57:49 . 2012-05-18 17:57:49 141 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES.reg.dat
2012-05-18 17:57:49 . 2012-05-18 17:57:49 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-AdobeBridge.reg.dat
2012-05-18 17:53:20 . 2012-05-18 17:53:20 4,200 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-05-18 17:50:31 . 2012-05-18 17:50:31 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-05-17 15:36:29 . 2012-05-17 20:14:04 239,616 ----a-w- C:\Qoobox\Quarantine\C\Users\Gasoline\AppData\Roaming\Identities\{56EE14C5-861F-4115-ABC2-35412EEA1C71}\LicenseValidator.exe.vir
2012-05-15 20:03:55 . 2012-05-18 17:49:00 142,096 ----a-w- C:\Qoobox\Quarantine\C\Users\Gasoline\AppData\Roaming\Help\coredb\storage.vir
 
"The remote device or resource won't accept the connection."
Click to expand...

Please refer to THIS Microsoft site. Go through the 6 recommended methord to resolve the issue.
--------------------------------------
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
c:\program files (x86)\MSI Afterburner\RTCore64.sys
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"=-
[HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"=- "
[HKEY_CLASSES_ROOT\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
DDS::
uStart Page = astroburn-search.com
TB: Astroburn Toolbar: {efeed92a-a33d-4873-ba8f-32baa631e54d} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll
uRun: [LicenseValidator] C:\Users\Gasoline\AppData\Roaming\Identities\{56EE14C5-861F-4115-ABC2-35412EEA1C71}\LicenseValidator.exe
TB-X64: Astroburn Toolbar: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll
Clearjavacache::
Driver::
RTCore64
FCopy::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Per this Combofix scan the the contents of the Qoobox folder:
CoreDB: 2-way integration with Techlog in order to exchange, locate and question data. Generate inventories
\LicenseValidator.exe
It appears they are related to Divine IT Limited with description "a pioneer company specializing in enterprise, telecom and End user software in Bangladesh." Among it's functions are payroll, wages, salary, resource planning.

These are for work, yes? Do you have an IT in the office? Because Combofix wants these entries out. If they are work-related, if they are clean, the IT is the one to determine that.
====================
Directions in Combofix:
Before you run the Combofix scan, please disable any security software you have running.
Click to expand...

The header in Combofix that you ran:
AV: avast! Antivirus *Enabled/Updated*
SP: avast! Antivirus *Enabled/Updated*
Click to expand...
This can affect the results in the scan.

Both of the site you mentioned that were blocked were German. You have German on the system. Are there any other DE site that Avast blocks?.

Let me kniow if one of the 6 MS Methods resolves the connection problem.
 
The 6 methods didn't work back when I tried everything at first. And this losing of internet only happened twice after it for a period of minutes.

This is also my own personal computer at home, no work related stuff on here. Those corporate things you mentioned about bangladesh and all I have no idea what they are and I'm inclined to believe they're related to the malware stuff.

Also when combofix reboots my pc, avast opens automatically, otherwise it was disabled.

And no, it's always the same site it wants to connect to.

Here's new log, also after doing the combofix now my MSI afterburner won't start. Was that supposed to happen?
ComboFix 12-05-18.02 - Gasoline 19.05.2012 20:13:53.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.358.1033.18.8191.6562 [GMT 3:00]
Sijainti: c:\users\Gasoline\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Gasoline\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\MSI Afterburner\RTCore64.sys"
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Astroburn Toolbar\ABToolbar.dll
c:\program files (x86)\MSI Afterburner\RTCore64.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RTCORE64
-------\Service_RTCore64
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-04-19 to 2012-05-19 )))))))))))))))))
.
.
2012-05-19 17:17 . 2012-05-19 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-18 17:59 . 2012-05-18 17:59 -------- d-----w- c:\program files (x86)\ESET
2012-05-17 13:25 . 2012-05-17 13:25 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Malwarebytes
2012-05-17 13:25 . 2012-05-17 13:25 -------- d-----w- c:\programdata\Malwarebytes
2012-05-17 13:25 . 2012-05-17 13:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-17 13:25 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 00:32 . 2012-05-17 00:32 -------- d-----w- c:\programdata\GFI Software
2012-05-16 23:53 . 2010-05-20 04:04 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-05-16 23:53 . 2010-05-20 04:04 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-05-16 23:52 . 2012-05-16 23:52 -------- d-----w- c:\program files (x86)\Realtek
2012-05-16 16:44 . 2012-05-16 16:44 -------- d-----w- c:\users\Gasoline\AppData\Local\ElevatedDiagnostics
2012-05-16 16:00 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67C9C634-3BBA-4303-8521-37535ED4659E}\mpengine.dll
2012-05-16 14:38 . 2012-05-17 00:32 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-05-16 14:37 . 2012-05-16 15:57 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Ad-Aware Antivirus
2012-05-15 23:28 . 2012-05-15 23:28 -------- d-----w- c:\users\Gasoline\AppData\Roaming\vlc
2012-05-15 19:43 . 2012-05-15 19:43 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Windows Desktop Search
2012-05-15 19:43 . 2012-05-15 19:43 -------- d-----w- c:\users\Gasoline\AppData\Roaming\TeamViewer
2012-05-09 08:35 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 08:35 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-09 08:35 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-09 08:35 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-09 08:35 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-09 08:35 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 08:35 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-09 08:35 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-09 08:35 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-09 08:35 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-09 08:34 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 08:34 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 08:34 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 08:34 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 08:34 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 08:34 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 08:34 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 08:34 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 08:34 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 08:34 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 08:34 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 10:10 . 2012-05-08 10:10 -------- d-----w- c:\users\Gasoline\AppData\Roaming\OpenOffice.org
2012-05-08 10:10 . 2012-05-08 10:10 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-05-06 10:54 . 2012-03-06 23:02 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-05-06 10:54 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-30 15:28 . 2012-04-30 15:28 -------- d-----w- c:\program files (x86)\Lame For Audacity
2012-04-30 15:24 . 2012-05-15 21:58 -------- d-----w- c:\users\Gasoline\AppData\Roaming\Audacity
2012-04-30 15:24 . 2012-04-30 15:24 -------- d-----w- c:\program files (x86)\Audacity
2012-04-26 12:35 . 2012-04-26 12:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 12:35 . 2012-04-26 12:35 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 12:35 . 2012-04-26 12:35 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-24 15:14 . 2012-05-14 23:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-24 15:14 . 2012-04-24 15:19 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-24 15:14 . 2011-10-10 14:42 2580552 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-04-22 10:56 . 2012-04-22 10:56 -------- d-----w- c:\users\Gasoline\AppData\Local\Chromium
2012-04-22 09:21 . 2012-04-22 10:56 -------- d-----w- c:\programdata\Hi-Rez Studios
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 23:11 . 2011-11-13 13:58 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-14 23:11 . 2011-11-13 13:30 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-04 21:42 . 2012-04-09 10:52 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:42 . 2011-11-12 17:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 21:42 . 2012-04-09 11:42 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 12:19 . 2011-11-14 18:46 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-09 10:43 . 2012-03-09 10:43 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-09 10:43 . 2012-03-09 10:43 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-09 10:43 . 2012-03-09 10:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-09 10:43 . 2012-03-09 10:43 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-09 10:43 . 2012-03-09 10:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-09 10:43 . 2012-03-09 10:43 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-09 10:43 . 2012-03-09 10:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-09 10:43 . 2012-03-09 10:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-09 10:43 . 2012-03-09 10:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-09 10:43 . 2012-03-09 10:43 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-09 10:43 . 2012-03-09 10:43 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-09 10:43 . 2012-03-09 10:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-09 10:43 . 2012-03-09 10:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-09 10:43 . 2012-03-09 10:43 448512 ----a-w- c:\windows\system32\html.iec
2012-03-09 10:43 . 2012-03-09 10:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-09 10:43 . 2012-03-09 10:43 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-09 10:43 . 2012-03-09 10:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-09 10:43 . 2012-03-09 10:43 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-09 10:43 . 2012-03-09 10:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-09 10:43 . 2012-03-09 10:43 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-09 10:43 . 2012-03-09 10:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-09 10:43 . 2012-03-09 10:43 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-09 10:43 . 2012-03-09 10:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-09 10:43 . 2012-03-09 10:43 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-09 10:43 . 2012-03-09 10:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-09 10:43 . 2012-03-09 10:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-09 10:43 . 2012-03-09 10:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-09 10:43 . 2012-03-09 10:43 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-09 10:43 . 2012-03-09 10:43 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-09 10:43 . 2012-03-09 10:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-09 10:43 . 2012-03-09 10:43 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-09 10:43 . 2012-03-09 10:43 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-09 10:43 . 2012-03-09 10:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-09 10:43 . 2012-03-09 10:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-08 15:50 . 2012-03-08 15:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 15:37 . 2012-03-08 15:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 23:15 . 2011-11-12 17:43 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-11-12 17:43 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-11-12 17:43 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-12-13 15:16 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-03-06 23:04 . 2011-11-12 17:43 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-11-12 17:43 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:03 . 2011-12-13 15:16 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-03-06 23:01 . 2011-11-12 17:43 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-11-12 17:43 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-11-12 17:43 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 06:54 . 2012-04-12 23:18 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-12 23:18 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-12 23:18 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-12 23:18 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-12 23:18 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-12 23:18 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-12 23:18 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 23:18 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 23:18 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 23:18 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 23:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 23:18 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 23:18 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 23:18 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 23:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 07:18 . 2011-11-12 16:55 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-18_17.57.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-18 17:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-19 17:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-18 17:57 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-19 17:18 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-18 17:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-19 17:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-12 16:38 . 2012-05-18 17:58 52948 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-19 11:59 36952 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-13 21:23 . 2012-05-19 02:26 4308 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-08 18:38 . 2012-05-18 23:47 1840 c:\windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2011-11-12 16:24 . 2012-05-19 11:59 9314 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1833706481-1927669099-1257457944-1000_UserData.bin
- 2012-05-18 17:55 . 2012-05-18 17:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-19 17:18 . 2012-05-19 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-15 18:57 . 2012-05-19 16:40 336562 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-05-18 17:53 651938 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-19 11:59 651938 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-18 17:53 120870 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-19 11:59 120870 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-19 17:17 362188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-18 17:55 362188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-09 17:28 . 2012-05-18 17:55 897224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-12288.dat
+ 2012-03-09 17:28 . 2012-05-19 17:17 897224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-12288.dat
- 2012-03-12 22:27 . 2012-05-18 17:55 2243844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1833706481-1927669099-1257457944-1000-4096.dat
+ 2012-03-12 22:27 . 2012-05-19 02:26 2243844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1833706481-1927669099-1257457944-1000-4096.dat
+ 2009-07-14 02:34 . 2012-05-19 12:07 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-05-18 17:11 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-11-12 16:34 . 2012-05-19 17:17 56284628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1833706481-1927669099-1257457944-1000-8192.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Gasoline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 CLBUDFbk;CyberLink InstantBurn UDF Filesystem; [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/28 17:49;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GPU-Z;GPU-Z;c:\users\Gasoline\AppData\Local\Temp\GPU-Z.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;f:\games\Tribes Ascend\HiPatchService.exe [2012-04-05 8704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 cmudaxp;ASUS Xonar Essence ST Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 21:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files (x86)\Astroburn Toolbar\ABToolbar64.dll" [2011-05-23 1536320]
.
[HKEY_CLASSES_ROOT\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2009-10-30 8151040]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF25316.3XE" [2009-07-14 344576]
.
------- Täydentävä tarkistus -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\users\Gasoline\AppData\Roaming\Mozilla\Firefox\Profiles\t73cmd08.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Muut prosessit ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\ASDR.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
.
**************************************************************************
.
Valmistumisajankohta: 2012-05-19 20:20:07 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2012-05-19 17:20
ComboFix2.txt 2012-05-18 17:58
.
Ennen ajoa: 24 168 214 528 bytes free
Ajon jälkeen: 23 887 532 032 bytes free
.
- - End Of File - - 7A06C9BA3A44DAE1D79E98A8C0B2FB97
 
Sorry- that was my mistake. You have entries for both MSI Afterburner and another for Astroburn. Plus RTCore64. and coredb.

I should be able to move it out of quarantine: Please run this for me again: Combofix-quarantined-files.txt
 
You mean post the log of it?

Combofix-quarantined-files.txt
2012-05-19 17:16:12 . 2012-05-19 17:16:12 1,540 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_RTCore64.reg.dat
2012-05-19 17:16:12 . 2012-05-19 17:16:12 1,100 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_RTCORE64.reg.dat
2012-05-19 17:13:51 . 2012-05-19 17:13:51 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-05-18 17:58:08 . 2012-05-18 17:58:08 2,908 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-PunkBusterSvc.reg.dat
2012-05-18 17:58:08 . 2012-05-18 17:58:08 1,164 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Battlelog Web Plugins.reg.dat
2012-05-18 17:57:49 . 2012-05-18 17:57:49 213 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-LicenseValidator.reg.dat
2012-05-18 17:57:49 . 2012-05-18 17:57:49 141 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES.reg.dat
2012-05-18 17:57:49 . 2012-05-18 17:57:49 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-AdobeBridge.reg.dat
2012-05-18 17:53:20 . 2012-05-19 17:16:01 4,146 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-05-18 17:50:31 . 2012-05-19 17:13:12 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-05-17 15:36:29 . 2012-05-17 20:14:04 239,616 ----a-w- C:\Qoobox\Quarantine\C\Users\Gasoline\AppData\Roaming\Identities\{56EE14C5-861F-4115-ABC2-35412EEA1C71}\LicenseValidator.exe.vir
2012-05-15 20:03:55 . 2012-05-18 17:49:00 142,096 ----a-w- C:\Qoobox\Quarantine\C\Users\Gasoline\AppData\Roaming\Help\coredb\storage.vir
2011-05-23 14:08:58 . 2011-05-23 14:08:58 1,000,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll.vir
2010-05-27 00:43:00 . 2010-05-27 00:43:00 14,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\MSI Afterburner\RTCore64.sys.vir
 
Yes, thank you. I thought there was just one file:

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::

DeQuarantine::
C:\Qoobox\Quarantine\C\Program Files (x86)\MSI Afterburner\RTCore64.sys.vir 

Quit::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply>> you won't have a full Combofix log, just one for the DeQuarantine. Let make sure that gets your overclocking back.

====================
Please let me know what problems remain.
 
Just to note, after running the script and starting up avast and malwarbytes, I couldnt connect to the internet again. Rebooting fixed it though.

Afterburner seems to work fine again!

DeQuarantine
C:\Qoobox\Quarantine\C\Program Files (x86)\MSI Afterburner\RTCore64.sys.vir -> C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
 
Malwarebytes just notified me with this..

2012/05/21 02:58:50 +0300 GASOLINE-PC Gasoline IP-BLOCK 212.117.175.145 (Type: outgoing, Port: 50108, Process: avastsvc.exe)
2012/05/21 02:58:51 +0300 GASOLINE-PC Gasoline IP-BLOCK 212.117.175.145 (Type: outgoing, Port: 50109, Process: avastsvc.exe)
 
No you haven't been forgetten. I haven't been well and am several days behind.

2012/05/21 02:58:50 +0300 GASOLINE-PC Gasoline IP-BLOCK 212.117.175.145 (Type: outgoing, Port: 50108, Process: avastsvc.exe)
2012/05/21 02:58:51 +0300 GASOLINE-PC Gasoline IP-BLOCK 212.117.175.145 (Type: outgoing, Port: 50109, Process: avastsvc.exe)
Click to expand...
Please see this information for the above. If you need more, please search the Mbam forum:
=========================================

Are you having any other problems now?
 
So what about if it blocks a connection to an IP from time to time without me even surfing? I have no way of knowing what it is that tries to connect.

Should I be safe otherwise with everything we did so far? I haven't experienced any other issues anymore except this IP blocking. It makes me feel unsafe though..

Some of the IPs from the MB logs
91.205.41.227
91.224.160.206
95.211.136.71
146.185.18.114
88.85.93.34
 
FYI:
IP Address: 91.205.41.227 ISP: Dragonara Alliance Ltd.
IP Address: 91.224.160.206 Organization: Bergdorf Group Ltd.
IP Address: 95.211.136.71 ISP: LeaseWeb B.V. Location: Amsterdam, Netherlands
IP Address: 146.185.18.114 ISP: Unknown Organization: Hosting Services
IP Address: 88.85.93.34 is invalid
======================================================
Security programs capable of blocking have sites listed within them to block, or may block a site with an invalid IP or if it doesn't recognize the IP. If a block is happening to a legitimate IP, then you open the program and enter the IP as an exception, such as for your sound card. The security programs usually have a section where you can uncheck the 'alert me to the block.'

Please find that section and uncheck it.

Any processes that starts on boot and runs in the background that has the capability of accessing the internet may try to access whether you're using the system or not. For instance, all the auto-updates you have running will be accessing the internet several times a day, every day, looking for updates. That's one reason why you should keep the startup processes to a minimum.

You have an exceptional amount of traffic: 87 processes for C:\Users\Gasoline\AppData\Local\{CLSD}>> =============== Created Last 30 ================! And you using file sharing> µTorrent.
 
Sorry I have been busy past week!

I'm not sure if I do. All the problems I mentioned in the first post have been gone. Should this mean that I'm safe for now?

And yes for the high amount of traffic I do sometimes use utorrent.
 
Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
    [o] Click START> then RUN
    [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
    [o] Double click OTCleanIt.exe.
    [o] Click the CleanUp! button.
    [o] If you are prompted to Reboot during the cleanup, select Yes.
    [o]The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • Set a new, clean Restore Point
    [o] Click on Start> right click on Computer> Properties
    [o] Select System Protection
    [o] Click on the Create button (near bottom)
    [o] Type a name for the Restore Point
    [o] Click on Create again to save the restore point.
  • Deleting all but the most recent System Protection point in Windows 7
    [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
    [o] Click Disk Cleanup from there.
    image2.png

    [o] Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
    [o] Click the More Options tab
    w7-srp2.png

    [o] Click the Clean up under System Restore and Shadow Copies.
    [o] Click OK.
    [o] You will get a confirmation screen> Just click Delete.
    [o] Click OK on the Disk Cleanup Screen.
    [o] Click Delete Files on the Confirmation screen.
image6.png

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
 
  • Like
Reactions: Ponder
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
782
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back