Solved Brontok.e Trojan

This is the report from when Avira found the 13 worms:



Avira Free Antivirus
Report file date: Wednesday, December 05, 2012 10:25


The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Ultimate
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PRIDE

Version information:
BUILD.DAT : 13.0.0.2832 48424 Bytes 20/11/2012 13:53:00
AVSCAN.EXE : 13.4.0.294 639264 Bytes 27/11/2012 14:24:13
AVSCANRC.DLL : 13.4.0.219 54560 Bytes 30/10/2012 22:18:42
LUKE.DLL : 13.4.0.267 67360 Bytes 27/11/2012 14:24:32
AVSCPLR.DLL : 13.4.0.271 93984 Bytes 27/11/2012 14:24:37
AVREG.DLL : 13.4.0.267 245536 Bytes 27/11/2012 14:24:36
avlode.dll : 13.4.0.294 426784 Bytes 27/11/2012 14:24:37
avlode.rdf : 13.0.0.24 7196 Bytes 27/09/2012 16:30:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 20:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 20:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 20:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 20:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 20:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 20:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 20:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 12:11:58
VBASE008.VDF : 7.11.50.231 2048 Bytes 22/11/2012 12:11:58
VBASE009.VDF : 7.11.50.232 2048 Bytes 22/11/2012 12:11:58
VBASE010.VDF : 7.11.50.233 2048 Bytes 22/11/2012 12:11:58
VBASE011.VDF : 7.11.50.234 2048 Bytes 22/11/2012 12:11:59
VBASE012.VDF : 7.11.50.235 2048 Bytes 22/11/2012 12:11:59
VBASE013.VDF : 7.11.50.236 2048 Bytes 22/11/2012 12:11:59
VBASE014.VDF : 7.11.51.27 133632 Bytes 23/11/2012 06:11:46
VBASE015.VDF : 7.11.51.95 140288 Bytes 26/11/2012 14:24:03
VBASE016.VDF : 7.11.51.221 164352 Bytes 29/11/2012 01:25:11
VBASE017.VDF : 7.11.52.29 158208 Bytes 01/12/2012 22:28:32
VBASE018.VDF : 7.11.52.91 116736 Bytes 03/12/2012 22:28:30
VBASE019.VDF : 7.11.52.151 137728 Bytes 05/12/2012 14:15:52
VBASE020.VDF : 7.11.52.152 2048 Bytes 05/12/2012 14:15:52
VBASE021.VDF : 7.11.52.153 2048 Bytes 05/12/2012 14:15:52
VBASE022.VDF : 7.11.52.154 2048 Bytes 05/12/2012 14:15:53
VBASE023.VDF : 7.11.52.155 2048 Bytes 05/12/2012 14:15:53
VBASE024.VDF : 7.11.52.156 2048 Bytes 05/12/2012 14:15:53
VBASE025.VDF : 7.11.52.157 2048 Bytes 05/12/2012 14:15:53
VBASE026.VDF : 7.11.52.158 2048 Bytes 05/12/2012 14:15:53
VBASE027.VDF : 7.11.52.159 2048 Bytes 05/12/2012 14:15:53
VBASE028.VDF : 7.11.52.160 2048 Bytes 05/12/2012 14:15:54
VBASE029.VDF : 7.11.52.161 2048 Bytes 05/12/2012 14:15:54
VBASE030.VDF : 7.11.52.162 2048 Bytes 05/12/2012 14:15:54
VBASE031.VDF : 7.11.52.184 65024 Bytes 05/12/2012 14:15:54
Engine version : 8.2.10.214
AEVDF.DLL : 8.1.2.10 102772 Bytes 19/09/2012 20:42:55
AESCRIPT.DLL : 8.1.4.70 467323 Bytes 02/12/2012 22:28:42
AESCN.DLL : 8.1.9.4 131445 Bytes 15/11/2012 19:40:47
AESBX.DLL : 8.2.5.12 606578 Bytes 28/08/2012 22:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 09/11/2012 22:12:33
AEPACK.DLL : 8.3.0.40 815479 Bytes 12/11/2012 17:12:14
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 06/11/2012 22:47:29
AEHEUR.DLL : 8.1.4.156 5579128 Bytes 02/12/2012 22:28:42
AEHELP.DLL : 8.1.25.2 258423 Bytes 17/10/2012 03:05:38
AEGEN.DLL : 8.1.6.10 438646 Bytes 15/11/2012 19:38:54
AEEXP.DLL : 8.2.0.16 119157 Bytes 02/12/2012 22:28:43
AEEMU.DLL : 8.1.3.2 393587 Bytes 19/09/2012 20:42:55
AECORE.DLL : 8.1.29.2 201079 Bytes 09/11/2012 22:12:16
AEBB.DLL : 8.1.1.4 53619 Bytes 06/11/2012 22:47:22
AVWINLL.DLL : 13.4.0.163 25888 Bytes 20/09/2012 00:09:30
AVPREF.DLL : 13.4.0.163 50464 Bytes 20/09/2012 00:07:51
AVREP.DLL : 13.4.0.244 177952 Bytes 12/11/2012 17:12:18
AVARKT.DLL : 13.4.0.292 260384 Bytes 27/11/2012 14:24:08
AVEVTLOG.DLL : 13.4.0.267 167200 Bytes 27/11/2012 14:24:11
SQLITE3.DLL : 3.7.0.1 397088 Bytes 20/09/2012 00:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 20/09/2012 00:08:55
NETNT.DLL : 13.4.0.163 15648 Bytes 20/09/2012 00:16:26
RCIMAGE.DLL : 13.4.0.163 4782880 Bytes 20/09/2012 01:40:13
RCTEXT.DLL : 13.4.0.163 66336 Bytes 20/09/2012 14:18:43

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50bcbcb1\guard_slideup.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: Complete

Start of the scan: Wednesday, December 05, 2012 10:25

The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '35' Module(s) have been scanned
Scan process 'nvSCPAPISvr.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '93' Module(s) have been scanned
Scan process 'svchost.exe' - '113' Module(s) have been scanned
Scan process 'svchost.exe' - '179' Module(s) have been scanned
Scan process 'svchost.exe' - '90' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '30' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '52' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '102' Module(s) have been scanned
Scan process 'upeksvr.exe' - '75' Module(s) have been scanned
Scan process 'spoolsv.exe' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'armsvc.exe' - '28' Module(s) have been scanned
Scan process 'avguard.exe' - '80' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '68' Module(s) have been scanned
Scan process 'devmonsrv.exe' - '40' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'jtagserver.exe' - '32' Module(s) have been scanned
Scan process 'lxdwcoms.exe' - '54' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '38' Module(s) have been scanned
Scan process 'mbamservice.exe' - '45' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '31' Module(s) have been scanned
Scan process 'PowerBiosServer.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'vmware-usbarbitrator64.exe' - '33' Module(s) have been scanned
Scan process 'vmnat.exe' - '32' Module(s) have been scanned
Scan process 'WDDMService.exe' - '49' Module(s) have been scanned
Scan process 'WDDriveService.exe' - '53' Module(s) have been scanned
Scan process 'WDRulesEngine.exe' - '62' Module(s) have been scanned
Scan process 'mbamgui.exe' - '39' Module(s) have been scanned
Scan process 'Dwm.exe' - '32' Module(s) have been scanned
Scan process 'taskhost.exe' - '51' Module(s) have been scanned
Scan process 'Explorer.EXE' - '244' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '55' Module(s) have been scanned
Scan process 'obexsrv.exe' - '39' Module(s) have been scanned
Scan process 'vmnetdhcp.exe' - '23' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'WDFME.exe' - '95' Module(s) have been scanned
Scan process 'vmware-authd.exe' - '111' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '53' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '46' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
Scan process 'ipoint.exe' - '59' Module(s) have been scanned
Scan process 'rundll32.exe' - '40' Module(s) have been scanned
Scan process 'psqltray.exe' - '102' Module(s) have been scanned
Scan process 'lxdwmon.exe' - '37' Module(s) have been scanned
Scan process 'WDDMStatus.exe' - '63' Module(s) have been scanned
Scan process 'chrome.exe' - '70' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '77' Module(s) have been scanned
Scan process 'Hotkey.exe' - '73' Module(s) have been scanned
Scan process 'nvtray.exe' - '57' Module(s) have been scanned
Scan process 'Dropbox.exe' - '77' Module(s) have been scanned
Scan process 'speedfan.exe' - '88' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '36' Module(s) have been scanned
Scan process 'THXAudio.exe' - '57' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '53' Module(s) have been scanned
Scan process 'YouCamService.exe' - '69' Module(s) have been scanned
Scan process 'avgnt.exe' - '88' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'WDDriveAutoUnlock.exe' - '40' Module(s) have been scanned
Scan process 'avshadow.exe' - '20' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'WmiApSrv.exe' - '32' Module(s) have been scanned
Scan process 'mediasrv.exe' - '41' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '34' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '70' Module(s) have been scanned
Scan process 'alg.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'BTPlayerCtrl.exe' - '40' Module(s) have been scanned
Scan process 'BTHSAmpPalService.exe' - '20' Module(s) have been scanned
Scan process 'BTHSSecurityMgr.exe' - '45' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '54' Module(s) have been scanned
Scan process 'LMS.exe' - '33' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '117' Module(s) have been scanned
Scan process 'UNS.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '148' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '65' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'quartus.exe' - '319' Module(s) have been scanned
Scan process 'taskhost.exe' - '47' Module(s) have been scanned
Scan process 'adb-toolkit.exe' - '38' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'splwow64.exe' - '30' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '43' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'quartus.exe' - '304' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'AUDIODG.EXE' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '108' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '90' Module(s) have been scanned
Scan process 'lsm.exe' - '30' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Users\Public\Documents\Cyberlink\CLFaceLogin\CLFaceLogin.exe'
C:\Users\Public\Documents\Cyberlink\CLFaceLogin\CLFaceLogin.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Documents\Documents.exe'
C:\Users\Public\Documents\Documents.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Downloads\Downloads.exe'
C:\Users\Public\Downloads\Downloads.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Libraries\Libraries.exe'
C:\Users\Public\Libraries\Libraries.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Music\Music.exe'
C:\Users\Public\Music\Music.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Music\Sample Music\Sample Music.exe'
C:\Users\Public\Music\Sample Music\Sample Music.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\3D Vision preview pack 1.exe'
C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\3D Vision preview pack 1.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Pictures\Pictures.exe'
C:\Users\Public\Pictures\Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe'
C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Public.exe'
C:\Users\Public\Public.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Recorded TV\Recorded TV.exe'
C:\Users\Public\Recorded TV\Recorded TV.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe'
C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
Begin scan in 'C:\Users\Public\Videos\Videos.exe'
C:\Users\Public\Videos\Videos.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm

Beginning disinfection:
C:\Users\Public\Videos\Videos.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '59ffc40d.qua'!
C:\Users\Public\Recorded TV\Sample Media\Sample Media.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '4167ebb2.qua'!
C:\Users\Public\Recorded TV\Recorded TV.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '1336b15e.qua'!
C:\Users\Public\Public.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '7502fe8c.qua'!
C:\Users\Public\Pictures\Sample Pictures\Sample Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '308bd3a6.qua'!
C:\Users\Public\Pictures\Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '4f9ee1df.qua'!
C:\Users\Public\Pictures\NVIDIA Corporation\3D Vision Experience\3D Vision preview pack 1\3D Vision preview pack 1.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '02dbcd6a.qua'!
C:\Users\Public\Music\Sample Music\Sample Music.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '7f308ddd.qua'!
C:\Users\Public\Music\Music.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '5274a284.qua'!
C:\Users\Public\Libraries\Libraries.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '4b0f9912.qua'!
C:\Users\Public\Downloads\Downloads.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '2744b528.qua'!
C:\Users\Public\Documents\Documents.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '56e98cbd.qua'!
C:\Users\Public\Documents\Cyberlink\CLFaceLogin\CLFaceLogin.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.E.1 worm
[NOTE] The file was moved to the quarantine directory under the name '58d4bc97.qua'!


End of the scan: Wednesday, December 05, 2012 10:28
Used time: 00:26 Minute(s)

The scan has been done completely.

0 Scanned directories
2078 Files were scanned
13 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
13 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2065 Files not concerned
5 Archives were scanned
0 Warnings
13 Notes


The scan results will be transferred to the Guard.
 
And this is the report from the full scan you asked me to run.




Avira Free Antivirus
Report file date: Wednesday, December 05, 2012 18:44


The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Ultimate
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : Bolton
Computer name : PRIDE

Version information:
BUILD.DAT : 13.0.0.2832 48424 Bytes 20/11/2012 13:53:00
AVSCAN.EXE : 13.4.0.294 639264 Bytes 27/11/2012 14:24:13
AVSCANRC.DLL : 13.4.0.219 54560 Bytes 30/10/2012 22:18:42
LUKE.DLL : 13.4.0.267 67360 Bytes 27/11/2012 14:24:32
AVSCPLR.DLL : 13.4.0.271 93984 Bytes 27/11/2012 14:24:37
AVREG.DLL : 13.4.0.267 245536 Bytes 27/11/2012 14:24:36
avlode.dll : 13.4.0.294 426784 Bytes 27/11/2012 14:24:37
avlode.rdf : 13.0.0.24 7196 Bytes 27/09/2012 16:30:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 20:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 20:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 20:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 20:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 20:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 20:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 20:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 12:11:58
VBASE008.VDF : 7.11.50.231 2048 Bytes 22/11/2012 12:11:58
VBASE009.VDF : 7.11.50.232 2048 Bytes 22/11/2012 12:11:58
VBASE010.VDF : 7.11.50.233 2048 Bytes 22/11/2012 12:11:58
VBASE011.VDF : 7.11.50.234 2048 Bytes 22/11/2012 12:11:59
VBASE012.VDF : 7.11.50.235 2048 Bytes 22/11/2012 12:11:59
VBASE013.VDF : 7.11.50.236 2048 Bytes 22/11/2012 12:11:59
VBASE014.VDF : 7.11.51.27 133632 Bytes 23/11/2012 06:11:46
VBASE015.VDF : 7.11.51.95 140288 Bytes 26/11/2012 14:24:03
VBASE016.VDF : 7.11.51.221 164352 Bytes 29/11/2012 01:25:11
VBASE017.VDF : 7.11.52.29 158208 Bytes 01/12/2012 22:28:32
VBASE018.VDF : 7.11.52.91 116736 Bytes 03/12/2012 22:28:30
VBASE019.VDF : 7.11.52.151 137728 Bytes 05/12/2012 14:15:52
VBASE020.VDF : 7.11.52.152 2048 Bytes 05/12/2012 14:15:52
VBASE021.VDF : 7.11.52.153 2048 Bytes 05/12/2012 14:15:52
VBASE022.VDF : 7.11.52.154 2048 Bytes 05/12/2012 14:15:53
VBASE023.VDF : 7.11.52.155 2048 Bytes 05/12/2012 14:15:53
VBASE024.VDF : 7.11.52.156 2048 Bytes 05/12/2012 14:15:53
VBASE025.VDF : 7.11.52.157 2048 Bytes 05/12/2012 14:15:53
VBASE026.VDF : 7.11.52.158 2048 Bytes 05/12/2012 14:15:53
VBASE027.VDF : 7.11.52.159 2048 Bytes 05/12/2012 14:15:53
VBASE028.VDF : 7.11.52.160 2048 Bytes 05/12/2012 14:15:54
VBASE029.VDF : 7.11.52.161 2048 Bytes 05/12/2012 14:15:54
VBASE030.VDF : 7.11.52.162 2048 Bytes 05/12/2012 14:15:54
VBASE031.VDF : 7.11.52.188 82432 Bytes 05/12/2012 20:15:52
Engine version : 8.2.10.214
AEVDF.DLL : 8.1.2.10 102772 Bytes 19/09/2012 20:42:55
AESCRIPT.DLL : 8.1.4.70 467323 Bytes 02/12/2012 22:28:42
AESCN.DLL : 8.1.9.4 131445 Bytes 15/11/2012 19:40:47
AESBX.DLL : 8.2.5.12 606578 Bytes 28/08/2012 22:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 09/11/2012 22:12:33
AEPACK.DLL : 8.3.0.40 815479 Bytes 12/11/2012 17:12:14
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 06/11/2012 22:47:29
AEHEUR.DLL : 8.1.4.156 5579128 Bytes 02/12/2012 22:28:42
AEHELP.DLL : 8.1.25.2 258423 Bytes 17/10/2012 03:05:38
AEGEN.DLL : 8.1.6.10 438646 Bytes 15/11/2012 19:38:54
AEEXP.DLL : 8.2.0.16 119157 Bytes 02/12/2012 22:28:43
AEEMU.DLL : 8.1.3.2 393587 Bytes 19/09/2012 20:42:55
AECORE.DLL : 8.1.29.2 201079 Bytes 09/11/2012 22:12:16
AEBB.DLL : 8.1.1.4 53619 Bytes 06/11/2012 22:47:22
AVWINLL.DLL : 13.4.0.163 25888 Bytes 20/09/2012 00:09:30
AVPREF.DLL : 13.4.0.163 50464 Bytes 20/09/2012 00:07:51
AVREP.DLL : 13.4.0.244 177952 Bytes 12/11/2012 17:12:18
AVARKT.DLL : 13.4.0.292 260384 Bytes 27/11/2012 14:24:08
AVEVTLOG.DLL : 13.4.0.267 167200 Bytes 27/11/2012 14:24:11
SQLITE3.DLL : 3.7.0.1 397088 Bytes 20/09/2012 00:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 20/09/2012 00:08:55
NETNT.DLL : 13.4.0.163 15648 Bytes 20/09/2012 00:16:26
RCIMAGE.DLL : 13.4.0.163 4782880 Bytes 20/09/2012 01:40:13
RCTEXT.DLL : 13.4.0.163 66336 Bytes 20/09/2012 14:18:43

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, G:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Wednesday, December 05, 2012 18:44

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '35' Module(s) have been scanned
Scan process 'nvSCPAPISvr.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '93' Module(s) have been scanned
Scan process 'svchost.exe' - '115' Module(s) have been scanned
Scan process 'svchost.exe' - '180' Module(s) have been scanned
Scan process 'svchost.exe' - '108' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '30' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '52' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '102' Module(s) have been scanned
Scan process 'upeksvr.exe' - '75' Module(s) have been scanned
Scan process 'spoolsv.exe' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '65' Module(s) have been scanned
Scan process 'armsvc.exe' - '28' Module(s) have been scanned
Scan process 'avguard.exe' - '80' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '68' Module(s) have been scanned
Scan process 'devmonsrv.exe' - '40' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'jtagserver.exe' - '32' Module(s) have been scanned
Scan process 'lxdwcoms.exe' - '53' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '38' Module(s) have been scanned
Scan process 'mbamservice.exe' - '45' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '31' Module(s) have been scanned
Scan process 'PowerBiosServer.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'vmware-usbarbitrator64.exe' - '33' Module(s) have been scanned
Scan process 'vmnat.exe' - '32' Module(s) have been scanned
Scan process 'WDDMService.exe' - '49' Module(s) have been scanned
Scan process 'WDDriveService.exe' - '53' Module(s) have been scanned
Scan process 'WDRulesEngine.exe' - '62' Module(s) have been scanned
Scan process 'mbamgui.exe' - '39' Module(s) have been scanned
Scan process 'Dwm.exe' - '32' Module(s) have been scanned
Scan process 'taskhost.exe' - '51' Module(s) have been scanned
Scan process 'Explorer.EXE' - '253' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '55' Module(s) have been scanned
Scan process 'obexsrv.exe' - '39' Module(s) have been scanned
Scan process 'vmnetdhcp.exe' - '23' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'WDFME.exe' - '95' Module(s) have been scanned
Scan process 'vmware-authd.exe' - '111' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '53' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '46' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
Scan process 'ipoint.exe' - '59' Module(s) have been scanned
Scan process 'rundll32.exe' - '40' Module(s) have been scanned
Scan process 'psqltray.exe' - '102' Module(s) have been scanned
Scan process 'lxdwmon.exe' - '37' Module(s) have been scanned
Scan process 'WDDMStatus.exe' - '65' Module(s) have been scanned
Scan process 'chrome.exe' - '70' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '77' Module(s) have been scanned
Scan process 'Hotkey.exe' - '73' Module(s) have been scanned
Scan process 'nvtray.exe' - '57' Module(s) have been scanned
Scan process 'Dropbox.exe' - '77' Module(s) have been scanned
Scan process 'speedfan.exe' - '88' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '36' Module(s) have been scanned
Scan process 'THXAudio.exe' - '57' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '53' Module(s) have been scanned
Scan process 'YouCamService.exe' - '69' Module(s) have been scanned
Scan process 'avgnt.exe' - '88' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'WDDriveAutoUnlock.exe' - '40' Module(s) have been scanned
Scan process 'avshadow.exe' - '20' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'WmiApSrv.exe' - '32' Module(s) have been scanned
Scan process 'mediasrv.exe' - '41' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '34' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '64' Module(s) have been scanned
Scan process 'alg.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'BTPlayerCtrl.exe' - '40' Module(s) have been scanned
Scan process 'BTHSAmpPalService.exe' - '20' Module(s) have been scanned
Scan process 'BTHSSecurityMgr.exe' - '45' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '54' Module(s) have been scanned
Scan process 'LMS.exe' - '33' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '118' Module(s) have been scanned
Scan process 'UNS.exe' - '45' Module(s) have been scanned
Scan process 'taskhost.exe' - '47' Module(s) have been scanned
Scan process 'adb-toolkit.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'sppsvc.exe' - '27' Module(s) have been scanned
Scan process 'chrome.exe' - '136' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '65' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '43' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'chrome.exe' - '45' Module(s) have been scanned
Scan process 'taskeng.exe' - '28' Module(s) have been scanned
Scan process 'avcenter.exe' - '129' Module(s) have been scanned
Scan process 'avscan.exe' - '107' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '90' Module(s) have been scanned
Scan process 'lsm.exe' - '30' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '4285' files ).


Starting the file scan:

Begin scan in 'C:\'
[0] Archive type: RSRC
--> C:\Users\Bolton\AppData\Roaming\Dropbox\bin\Dropbox.exe
[1] Archive type: RSRC
--> C:\altera\11.1\quartus\drivers\usb-blaster-ii\amd64\winusbcoinstaller2.dll
[2] Archive type: RSRC
--> C:\altera\11.1\quartus\drivers\usb-blaster-ii\x86\winusbcoinstaller2.dll
[3] Archive type: RSRC
--> C:\android-sdk-windows\extras\google\usb_driver\amd64\winusbcoinstaller2.dll
[4] Archive type: RSRC
--> C:\android-sdk-windows\extras\google\usb_driver\amd64\WUDFUpdate_01009.dll
[5] Archive type: RSRC
--> C:\android-sdk-windows\extras\google\usb_driver\i386\winusbcoinstaller2.dll
[6] Archive type: RSRC
--> C:\android-sdk-windows\extras\google\usb_driver\i386\WUDFUpdate_01009.dll
[7] Archive type: RSRC
--> C:\Galaxy Nexus ToolKit\drivers\amd64\winusbcoinstaller2.dll
[8] Archive type: RSRC
--> C:\Galaxy Nexus ToolKit\drivers\amd64\WUDFUpdate_01009.dll
[9] Archive type: RSRC
--> C:\Galaxy Nexus ToolKit\drivers\i386\winusbcoinstaller2.dll
[10] Archive type: RSRC
--> C:\Galaxy Nexus ToolKit\drivers\i386\WUDFUpdate_01009.dll
[11] Archive type: RSRC
--> C:\Program Files\Protector Suite\Drivers\WinUSBCoInstaller2.dll
[12] Archive type: RSRC
--> C:\Program Files\Protector Suite\Drivers\WUDFUpdate_01009.dll
[13] Archive type: RSRC
--> C:\Program Files (x86)\Android\android-sdk\extras\google\usb_driver\amd64\winusbcoinstaller2.dll
[14] Archive type: RSRC
--> C:\Program Files (x86)\Android\android-sdk\extras\google\usb_driver\amd64\WUDFUpdate_01009.dll
[15] Archive type: RSRC
--> C:\Program Files (x86)\Android\android-sdk\extras\google\usb_driver\i386\winusbcoinstaller2.dll
[16] Archive type: RSRC
--> C:\Program Files (x86)\Android\android-sdk\extras\google\usb_driver\i386\WUDFUpdate_01009.dll
[17] Archive type: RSRC
--> C:\Users\Bolton\AppData\Roaming\Dropbox\bin\Dropbox.exe
[18] Archive type: RSRC
--> C:\Users\Bolton\Downloads\Installs\chromeinstall.exe
[19] Archive type: Runtime Packed
--> C:\Users\Bolton\Downloads\Installs\Dropbox 1.3.13.exe
[20] Archive type: NSIS
--> C:\Users\Bolton\Downloads\Installs\gamebooster.exe
[21] Archive type: Inno Setup
--> C:\Users\Bolton\Downloads\Installs\Games\CallOfDuty.BO2.SKIDROW.CRACK..MULTI.exe
[22] Archive type: RAR SFX (self extracting)
--> setup\Leap.exe
[DETECTION] Is the TR/Agent.30576640 Trojan
[WARNING] Infected files in archives cannot be repaired
C:\Users\Bolton\Downloads\Installs\Games\CallOfDuty.BO2.SKIDROW.CRACK..MULTI.exe
[DETECTION] Is the TR/Agent.30576640 Trojan
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'G:\' <My Passport>
--> C:\Users\Bolton\Root Stuff\Galaxy_Nexus_ToolKit_v10.1.0.exe
[22] Archive type: CAB SFX (self extracting)
--> drivers\amd64\winusbcoinstaller2.dll
[23] Archive type: RSRC
--> drivers\amd64\WUDFUpdate_01009.dll
[24] Archive type: RSRC
--> drivers\i386\winusbcoinstaller2.dll
[25] Archive type: RSRC
--> C:\Users\Bolton\Root Stuff\usb_driver\amd64\winusbcoinstaller2.dll
[26] Archive type: RSRC
--> C:\Users\Bolton\Root Stuff\usb_driver\amd64\WUDFUpdate_01009.dll
[27] Archive type: RSRC
--> C:\Users\Bolton\Root Stuff\usb_driver\i386\winusbcoinstaller2.dll
[28] Archive type: RSRC
--> C:\Users\Bolton\Root Stuff\usb_driver\i386\WUDFUpdate_01009.dll
[29] Archive type: RSRC
--> C:\Windows\System32\WinUsbCoinstaller2.dll
[30] Archive type: RSRC
--> C:\Windows\System32\WudfUpdate_01009.dll
[31] Archive type: RSRC
--> C:\Windows\System32\DriverStore\FileRepository\android_winusb.inf_amd64_neutral_615dd186a12d8aeb\amd64\WinUSBCoInstaller2.dll
[32] Archive type: RSRC
--> C:\Windows\System32\DriverStore\FileRepository\tcwbfadv.inf_amd64_neutral_85dd1f65516cbf86\WinUsbCoinstaller2.dll
[33] Archive type: RSRC
--> C:\Windows\System32\DriverStore\FileRepository\tcwbfadv.inf_amd64_neutral_85dd1f65516cbf86\WudfUpdate_01009.dll
[34] Archive type: RSRC
--> C:\Windows\System32\DriverStore\FileRepository\tcwbfadv.inf_amd64_neutral_9d470d57918f0cce\WinUsbCoinstaller2.dll
[35] Archive type: RSRC
--> C:\Windows\System32\DriverStore\FileRepository\tcwbfadv.inf_amd64_neutral_9d470d57918f0cce\WudfUpdate_01009.dll
[36] Archive type: RSRC
--> G:\Bolton\Downloads\Installs\Installs\chromeinstall.exe
[37] Archive type: Runtime Packed
--> G:\Bolton\Downloads\Installs\Installs\Dropbox 1.3.13.exe
[38] Archive type: NSIS
--> G:\Bolton\Downloads\Installs\Installs\gamebooster.exe
[39] Archive type: Inno Setup
--> G:\WD SmartWare.swstor\PRIDE\Volume.7ec8e042.3228.11e1.9db5.806e6f6e6963\Users\Bolton\Downloads\Installs\chromeinstall.exe
[40] Archive type: Runtime Packed
--> G:\WD SmartWare.swstor\PRIDE\Volume.7ec8e042.3228.11e1.9db5.806e6f6e6963\Users\Bolton\Downloads\Installs\Dropbox 1.3.13.exe
[41] Archive type: NSIS
--> G:\WD SmartWare.swstor\PRIDE\Volume.7ec8e042.3228.11e1.9db5.806e6f6e6963\Users\Bolton\Downloads\Installs\gamebooster.exe
[42] Archive type: Inno Setup
--> G:\WD SmartWare.swstor\PRIDE\Volume.7ec8e042.3228.11e1.9db5.806e6f6e6963\Users\Bolton\Downloads\Installs\Games\CallOfDuty.BO2.SKIDROW.CRACK..MULTI.exe
[43] Archive type: RAR SFX (self extracting)
--> setup\Leap.exe
[DETECTION] Is the TR/Agent.30576640 Trojan
[WARNING] Infected files in archives cannot be repaired
G:\WD SmartWare.swstor\PRIDE\Volume.7ec8e042.3228.11e1.9db5.806e6f6e6963\Users\Bolton\Downloads\Installs\Games\CallOfDuty.BO2.SKIDROW.CRACK..MULTI.exe
[DETECTION] Is the TR/Agent.30576640 Trojan

Beginning disinfection:
G:\WD SmartWare.swstor\PRIDE\Volume.7ec8e042.3228.11e1.9db5.806e6f6e6963\Users\Bolton\Downloads\Installs\Games\CallOfDuty.BO2.SKIDROW.CRACK..MULTI.exe
[DETECTION] Is the TR/Agent.30576640 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5968837e.qua'!
C:\Users\Bolton\Downloads\Installs\Games\CallOfDuty.BO2.SKIDROW.CRACK..MULTI.exe
[DETECTION] Is the TR/Agent.30576640 Trojan
[NOTE] The file was moved to the quarantine directory under the name '41ffacd9.qua'!


End of the scan: Thursday, December 06, 2012 00:27
Used time: 5:41:08 Hour(s)

The scan has been done completely.

82564 Scanned directories
4622242 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
4622238 Files not concerned
35179 Archives were scanned
2 Warnings
2 Notes
 
It doesn't seem to be detecting it anymore.

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Sorry I have yet to reply. I've got exams and they're really taking up a lot of my time. I'll try to get the aswMBR and the ComboFix logs to you as soon as possible.

Also, are there any specific instructions you'd like me to follow when using aswMBR?
 
ComboFix 12-12-17.02 - Bolton 18/12/2012 4:19.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8169.5397 [GMT -5:00]
Running from: c:\users\Bolton\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bolton\AppData\Local\Temp\INS_febd156a.TMP
c:\users\Bolton\AppData\Local\Temp\nvSCPAPI.dll
c:\users\Bolton\AppData\Local\Temp\nvStereoApiI.dll
c:\users\Bolton\AppData\Local\Temp\sfamcc00001.dll
c:\users\Bolton\AppData\Local\Temp\sfareca00001.dll
c:\windows\SysWow64\SET2EDC.tmp
c:\windows\SysWow64\SET4732.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))
.
.
2012-12-18 09:09 . 2012-12-18 09:09--------d-----w-c:\program files (x86)\AGEIA Technologies
2012-12-18 07:48 . 2012-12-18 07:48--------d-----w-c:\users\Bolton\AppData\Local\SCE
2012-12-15 12:24 . 2012-11-08 17:249125352----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E4BC5FA-0AA5-4094-8E95-B1339AFE7EC2}\mpengine.dll
2012-12-14 13:13 . 2012-12-14 13:13--------d-----w-c:\program files\iPod
2012-12-14 13:13 . 2012-12-14 13:13--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-14 13:13 . 2012-12-14 13:13--------d-----w-c:\program files\iTunes
2012-12-13 05:42 . 2012-12-13 14:46--------d-----w-c:\users\Bolton\AppData\Local\Solid State Networks
2012-12-13 05:39 . 2012-12-13 05:39--------d-----w-c:\program files (x86)\MeteorEntertainment
2012-12-11 22:46 . 2012-12-11 22:4642440----a-w-c:\windows\SysWow64\xfcodec.dll
2012-12-11 22:46 . 2012-12-11 22:4628104----a-w-c:\windows\system32\xfcodec64.dll
2012-12-08 19:29 . 2012-12-08 19:29--------d-----w-c:\users\Bolton\.eclipse
2012-12-08 19:07 . 2012-12-08 19:07--------d-----w-c:\users\Bolton\SystemRequirementsLab
2012-12-06 09:27 . 2012-12-18 09:27--------d-----w-c:\program files (x86)\Unlocker
2012-12-05 10:10 . 2012-12-05 10:13--------d-----w-c:\program files (x86)\Criterion Games
2012-12-03 08:34 . 2012-12-12 23:55--------d-----w-C:\Galaxy Nexus ToolKit
2012-12-01 03:43 . 2012-12-01 03:43438632----a-w-c:\windows\SysWow64\nvStreaming.exe
2012-11-23 17:44 . 2012-11-23 17:44--------d-----w-c:\users\Bolton\AppData\Local\Western_Digital
2012-11-23 12:15 . 2012-11-23 12:15--------d-----w-c:\programdata\Western Digital
2012-11-23 12:15 . 2012-11-23 12:15--------d-----w-c:\program files\Western Digital
2012-11-23 12:14 . 2012-11-23 12:14--------d-----w-c:\program files (x86)\Western Digital
2012-11-23 12:14 . 2012-11-23 12:14--------d-----w-c:\program files (x86)\Common Files\Western Digital
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 03:09 . 2012-02-18 11:20103736----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-12-16 03:08 . 2012-02-18 11:20103736----a-w-c:\windows\SysWow64\PnkBstrB.ex0
2012-12-12 01:42 . 2012-04-07 02:55697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 01:42 . 2012-01-30 19:4873656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 16:20 . 2012-10-17 03:04129216----a-w-c:\windows\system32\drivers\avipbb.sys
2012-12-11 16:20 . 2012-10-17 03:0499912----a-w-c:\windows\system32\drivers\avgntflt.sys
2012-12-03 15:47 . 2012-05-13 20:2915122280----a-w-c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-03-31 05:132816824----a-w-c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2012-03-31 05:132496976----a-w-c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2012-03-31 05:131805672----a-w-c:\windows\system32\nvdispco64.dll
2012-12-03 15:47 . 2012-03-31 05:1315016256----a-w-c:\windows\system32\nvwgf2umx.dll
2012-12-01 05:49 . 2012-03-31 05:152557800----a-w-c:\windows\system32\nvsvcr.dll
2012-12-01 05:49 . 2012-03-31 05:1563336----a-w-c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2012-03-31 05:15118120----a-w-c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2012-03-31 05:15890216----a-w-c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2012-03-31 05:156223208----a-w-c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2012-03-31 05:153311464----a-w-c:\windows\system32\nvsvc64.dll
2012-11-14 15:07 . 2012-11-14 15:07219----a-w-c:\users\Bolton\datefix.bat
2012-10-18 18:25 . 2012-11-15 19:043149824----a-w-c:\windows\system32\win32k.sys
2012-10-16 08:38 . 2012-11-28 08:47135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 08:47350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 08:47561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 19:3855296----a-w-c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 19:38226816----a-w-c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 19:3844032----a-w-c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 19:38193536----a-w-c:\windows\SysWow64\dhcpcore6.dll
2012-10-08 12:19 . 2012-11-16 08:0317811968----a-w-c:\windows\system32\mshtml.dll
2012-10-08 11:42 . 2012-11-16 08:0310925568----a-w-c:\windows\system32\ieframe.dll
2012-10-08 11:31 . 2012-11-16 08:032312704----a-w-c:\windows\system32\jscript9.dll
2012-10-08 11:24 . 2012-11-16 08:031346048----a-w-c:\windows\system32\urlmon.dll
2012-10-08 11:23 . 2012-11-16 08:031392128----a-w-c:\windows\system32\wininet.dll
2012-10-08 11:22 . 2012-11-16 08:031494528----a-w-c:\windows\system32\inetcpl.cpl
2012-10-08 11:22 . 2012-11-16 08:03237056----a-w-c:\windows\system32\url.dll
2012-10-08 11:20 . 2012-11-16 08:0385504----a-w-c:\windows\system32\jsproxy.dll
2012-10-08 11:18 . 2012-11-16 08:03173056----a-w-c:\windows\system32\ieUnatt.exe
2012-10-08 11:17 . 2012-11-16 08:03599040----a-w-c:\windows\system32\vbscript.dll
2012-10-08 11:17 . 2012-11-16 08:03816640----a-w-c:\windows\system32\jscript.dll
2012-10-08 11:15 . 2012-11-16 08:03729088----a-w-c:\windows\system32\msfeeds.dll
2012-10-08 11:15 . 2012-11-16 08:032144768----a-w-c:\windows\system32\iertutil.dll
2012-10-08 11:13 . 2012-11-16 08:0396768----a-w-c:\windows\system32\mshtmled.dll
2012-10-08 11:13 . 2012-11-16 08:032382848----a-w-c:\windows\system32\mshtml.tlb
2012-10-08 11:09 . 2012-11-16 08:03248320----a-w-c:\windows\system32\ieui.dll
2012-10-08 07:56 . 2012-11-16 08:031800704----a-w-c:\windows\SysWow64\jscript9.dll
2012-10-08 07:48 . 2012-11-16 08:031129472----a-w-c:\windows\SysWow64\wininet.dll
2012-10-08 07:47 . 2012-11-16 08:031427968----a-w-c:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44 . 2012-11-16 08:03142848----a-w-c:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43 . 2012-11-16 08:03420864----a-w-c:\windows\SysWow64\vbscript.dll
2012-10-08 07:40 . 2012-11-16 08:032382848----a-w-c:\windows\SysWow64\mshtml.tlb
2012-10-03 17:56 . 2012-11-15 19:031914248----a-w-c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 19:03303104----a-w-c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 19:0370656----a-w-c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 19:03246272----a-w-c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 19:0318944----a-w-c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 19:03216576----a-w-c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 19:03569344----a-w-c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 19:03175104----a-w-c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 19:0318944----a-w-c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 19:03156672----a-w-c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 19:0345568----a-w-c:\windows\system32\drivers\tcpipreg.sys
2012-09-30 00:54 . 2012-11-10 23:2025928----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-15 18:5778336----a-w-c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 18:5795744----a-w-c:\windows\system32\synceng.dll
2012-09-24 20:32 . 2012-06-23 08:54477168----a-w-c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 20:32 . 2011-12-29 18:47473072----a-w-c:\windows\SysWow64\deployJava1.dll
2012-09-24 14:58 . 2012-10-17 03:0427800----a-w-c:\windows\system32\drivers\avkmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:5894208----a-w-c:\users\Bolton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:5894208----a-w-c:\users\Bolton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:5894208----a-w-c:\users\Bolton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:5894208----a-w-c:\users\Bolton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D39EAF514DF81FA4B63869D0828412B1C2780BE7._service_run"="c:\users\Bolton\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2011-11-29 255208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Bolton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bolton\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2011-11-3 4657048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-1-17 2946560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification PackagesREG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe [2008-05-16 33960]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 ALSysIO;ALSysIO;c:\users\Bolton\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [2011-11-01 70480]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-31 283200]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe [2008-05-16 1040552]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-01-17 33280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-01 382824]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2011-12-16 246688]
S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31216]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-06-23 174680]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 01:42]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 08:03]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 08:03]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356875374-3957191015-1958065799-1000Core.job
- c:\users\Bolton\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 18:27]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356875374-3957191015-1958065799-1000UA.job
- c:\users\Bolton\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 18:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:5897792----a-w-c:\users\Bolton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:5897792----a-w-c:\users\Bolton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:5897792----a-w-c:\users\Bolton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:5897792----a-w-c:\users\Bolton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 21:58755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 21:58755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 21:58755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 21:58755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-04-27 20:485947656----a-w-c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-04-27 20:485947656----a-w-c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-04-27 84744]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
"lxdwmon.exe"="c:\program files (x86)\Lexmark 7600 Series\lxdwmon.exe" [2009-05-11 676520]
"lxdwamon"="c:\program files (x86)\Lexmark 7600 Series\lxdwamon.exe" [2009-05-11 16040]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 4244888]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Bolton\AppData\Roaming\Mozilla\Firefox\Profiles\b0wpanxi.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP21&ocid=univskyhp
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&q=
FF - ExtSQL: 2012-11-10 22:40; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-12-18 04:33:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-18 09:33
.
Pre-Run: 131,065,274,368 bytes free
Post-Run: 135,807,422,464 bytes free
.
- - End Of File - - 648EFC18F89CC8592092CE5FFE350CE1




aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-18 04:40:51
-----------------------------
04:40:51.940 OS Version: Windows x64 6.1.7601 Service Pack 1
04:40:51.940 Number of processors: 8 586 0x2A07
04:40:51.940 ComputerName: PRIDE UserName:
04:41:12.735 Initialize success
04:41:31.591 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:41:31.591 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
04:41:31.622 Disk 0 MBR read successfully
04:41:31.622 Disk 0 MBR scan
04:41:31.622 Disk 0 Windows 7 default MBR code
04:41:31.622 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
04:41:31.653 Disk 0 scanning C:\Windows\system32\drivers
04:41:53.805 Service scanning
04:42:22.899 Modules scanning
04:42:22.899 Disk 0 trace - called modules:
04:42:22.977 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
04:42:22.977 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a84790]
04:42:22.977 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007485050]
04:42:22.977 Scan finished successfully
04:43:51.304 Disk 0 MBR has been saved successfully to "C:\Users\Bolton\Desktop\MBR.dat"
04:43:51.320 The log file has been saved successfully to "C:\Users\Bolton\Desktop\aswMBR.txt"
 
It's doing pretty well. I may reinstall Windows during this holiday season, it's slowed down a bit since I earlier this year and I think a fresh start would be good. I'd get rid of a lot of unnecessary clutter.
 
You must log in or register to reply here.

Similar threads

midian182
Ad for a cheap BMW was used as Trojan horse in Russian cyberattack on Ukrainian diplomats
Replies
1
Views
332
Jaabaaar
Jaabaaar
midian182
LockBit ransomware group bounces back a week after law enforcement had disrupted hacking...
Replies
0
Views
119
midian182
midian182
Bubbajim
Biden backs bill that could kill TikTok in the US, TikTok fights back
Replies
22
Views
354
toooooot
T

Latest posts

Back