Unknown infection, lost Win7 Security Center, firewall & defender

Hi,

Somehow I got infected with something which disabled Security Center, firewall & defender. Their registry records were removed and I had to add them back via reg files.

I did not think of a current or past infection, until I realised that all 3 were down. I only thought firewall was not working right.
Currently have no symptoms, the services are back in action after reg import and reboot.

But just to be sure, in case theres a backdoor or super deep rootkit infection (malwarebytes and avira showed nothing)

So.. hopefully you guys can give me a peace of mind.
GMER doesn't allow me to unselect certain options? everything seems greyed out (see apic.jpg attachment), so I just scanned as it is.

cheers.

btw, as a side issue/knowledge for myself, avira antivira premium has a rootkit scanner inbuilt right? does it use the GMER engine?



DDS:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Alvin at 15:00:37 on 2012-08-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.65.1033.18.3071.410 [GMT 10:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Windows\splwow64.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Alvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alvin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\mmc.exe
C:\Users\Alvin\AppData\Local\Temp\Rar$EX83.064\gmer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = proxy.singnet.com.sg:8080;127.0.0.1;192.168.1.1;10.0.0.1;<local>
uInternet Settings,ProxyServer = 118.139.163.241:8888
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: 5CC9F367-9125-CA5C-B5BD-A560352F41BC Class: {5cc9f367-9125-ca5c-b5bd-a560352f41bc} - C:\Program Files (x86)\Funshion Online\Funshion\FunshionAddr\funshionAddr.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Alvin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Funshion] C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe startbywindows tray
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [<NO NAME>]
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to &Teleport - E:\Program Files\Teleport Pro\teleport.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F788ED93-5157-4D83-A7E3-2160CC04ADD3} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: 5CC9F367-9125-CA5C-B5BD-A560352F41BC Class: {5CC9F367-9125-CA5C-B5BD-A560352F41BC} - C:\Program Files (x86)\Funshion Online\Funshion\FunshionAddr\funshionAddr.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [(Default)]
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRunOnce-x64: [GrpConv] grpconv -o
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alvin\AppData\Roaming\Mozilla\Firefox\Profiles\ow6rg82d.FFnew\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Alvin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Alvin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Alvin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys --> C:\Windows\system32\Drivers\BtHidBus.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R3 NETwLv64; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwLv64.sys --> C:\Windows\system32\DRIVERS\NETwLv64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
RUnknown 64253122;64253122; [x]
RUnknown 8645359drv;8645359drv; [x]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\system32\Drivers\btnetBus.sys --> C:\Windows\system32\Drivers\btnetBus.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys --> C:\Windows\system32\Drivers\IvtBtBus.sys [?]
S3 massfilter_lte;LTE Device Mass Storage Filter Driver;\??\C:\Windows\system32\drivers\massfilter_lte.sys --> C:\Windows\system32\drivers\massfilter_lte.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
.
=============== Created Last 30 ================
.
2012-08-18 03:20:05 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-08-17 10:11:37 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-17 05:07:03 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-08-17 05:07:03 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-08-17 05:07:02 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-08-17 05:07:02 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-08-17 05:07:02 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-08-17 05:07:02 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-08-17 05:06:23 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-08-17 05:06:22 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-08-17 05:06:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-08-17 05:06:17 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-17 05:06:16 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-17 05:06:15 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-17 05:03:25 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-17 05:03:25 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-17 05:03:25 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-17 04:47:01 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-08-17 04:47:00 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-08-17 04:46:59 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-08-17 04:46:58 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-08-17 04:46:58 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-08-17 04:46:58 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-08-17 04:46:58 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-08-17 04:46:58 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-08-17 04:46:57 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-08-17 04:46:57 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-08-17 04:46:56 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-08-17 04:46:56 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-08-17 04:46:56 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-08-17 04:45:54 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-17 03:10:25 -------- d-----w- C:\Program Files (x86)\IVT Corporation
2012-08-16 13:10:38 -------- d-----w- C:\Windows\XSxS
2012-08-16 13:10:38 -------- d-----w- C:\Program Files (x86)\Xenocode
2012-08-15 03:47:28 -------- d-----w- C:\Program Files (x86)\Resource Hacker
2012-08-09 09:42:17 3982240 ----a-w- C:\Windows\SysWow64\Flash10d.ocx
2012-08-09 09:42:16 -------- d-----w- C:\Program Files (x86)\StreamTransport
2012-08-07 10:50:16 -------- d-----w- C:\Program Files (x86)\Ico's Immo Cleaner
2012-08-02 10:52:55 -------- d-----w- C:\Users\Alvin\AppData\Roaming\gpdf2swf
.
==================== Find3M ====================
.
2012-08-17 10:51:01 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-17 10:51:01 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-17 10:48:21 151552 ----a-w- C:\Windows\KMSEmulator.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-03 03:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-08 16:37:32 942744 ----a-w- C:\Windows\System32\vnetlib64.dll
2012-06-08 16:37:26 63128 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2012-06-08 16:37:04 433816 ----a-w- C:\Windows\SysWow64\vmnat.exe
2012-06-08 16:36:36 354456 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2012-06-08 16:36:16 32920 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2012-06-08 16:35:38 30360 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2012-06-08 14:29:42 252056 ----a-w- C:\Windows\SysWow64\vmnc.dll
2012-06-08 13:52:20 62064 ----a-w- C:\Windows\System32\vmnetbridge.dll
2012-06-08 13:52:20 48752 ----a-w- C:\Windows\System32\vnetinst.dll
2012-06-08 13:52:20 45680 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2012-06-08 13:52:20 24176 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2012-06-08 13:52:20 20080 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 05:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 05:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 15:02:49.39 ===============

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465656 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

• If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
• A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
  
  • Please do this even if you have previously posted logs for us.
  • If you were unable to produce the logs originally please try once more.
  • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
  • If you are unsure about any of these characteristics just post what you can and we will guide you.
• Please tell us if you have your original Windows CD/DVD available.
• Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

• Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • DDS.com
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

still need help! (:

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

This topic has been re-opened at the request of the person who originally posted.

Hello stalker878, and welcome to the forums!

Sorry for the delay in response! Your topic had been closed by HelpBot for some reason. Had it still shown in active backlog, your topic would have been picked up earlier. We apologize for the inconvenience!

My name is bloopie and I'll be helping you with your problems as best I can!

Do not worry about the GMER log as your machine is 64bit.

==========

A few things to keep in mind while we are working together:

• If you have since resolved the original problem you were having, I would appreciate it if you let me know.
• If you are unsure about any of the steps just post what you can and I will guide you!
• Please tell me if you have your original Windows CD/DVD available.
• If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
• Upon completing the steps below I will review your topic an do my best to resolve your issues.
• If you have already posted a DDS log, please do so again, as your situation may have changed.

==========

Warning
Going over your logs I noticed that you have µTorrent installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
• They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========


We need to see some information about what is happening in your machine. Please perform the following scan again:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

==========


Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

==========

In your next reply, please provide:

• The latest DDS log
• The aswMBR log

bloopie

hi,

here they are!

thanks!

Hi again,

Please copy and paste all logs here as it's much easier to read that way.

Did you allow the Avast definitions to install during the aswMBR scan?

==========

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2

• Close any open browsers or any other programs that are open.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

In your next post, please provide the ComboFix.txt! How is the machine running now?

bloopie

Hello again,

Are you still with me?

bloopie

yea, sorry for the delay.

aswMBR log after downloading the new definitions:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 10:52:36
-----------------------------
10:52:36.382 OS Version: Windows x64 6.1.7601 Service Pack 1
10:52:36.382 Number of processors: 2 586 0xF0A
10:52:36.384 ComputerName: ASUS-G1SN UserName: Alvin
10:52:39.724 Initialize success
10:53:11.119 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
10:53:11.123 Disk 0 Vendor: Hitachi_HTS547564A9E384 JEDOA40J Size: 610480MB BusType: 11
10:53:11.138 Disk 0 MBR read successfully
10:53:11.142 Disk 0 MBR scan
10:53:11.157 Disk 0 Windows 7 default MBR code
10:53:11.180 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:53:11.198 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 153500 MB offset 206848
10:53:11.216 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456877 MB offset 314574848
10:53:11.255 Disk 0 scanning C:\Windows\system32\drivers
10:53:21.356 Service scanning
10:53:50.381 Modules scanning
10:53:50.405 Disk 0 trace - called modules:
10:53:50.416
10:53:50.423 Scan finished successfully
10:54:03.633 Disk 0 MBR has been saved successfully to "C:\Users\Alvin\Desktop\MBR.dat"
10:54:03.643 The log file has been saved successfully to "C:\Users\Alvin\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-31 22:14:51
-----------------------------
22:14:51.980 OS Version: Windows x64 6.1.7601 Service Pack 1
22:14:51.981 Number of processors: 2 586 0xF0A
22:14:51.982 ComputerName: ASUS-G1SN UserName: Alvin
22:14:56.156 Initialize success
22:40:36.125 AVAST engine defs: 12083100
22:45:03.665 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
22:45:03.674 Disk 0 Vendor: Hitachi_HTS547564A9E384 JEDOA40J Size: 610480MB BusType: 11
22:45:03.696 Disk 0 MBR read successfully
22:45:03.702 Disk 0 MBR scan
22:45:03.720 Disk 0 Windows 7 default MBR code
22:45:03.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:45:03.756 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 153500 MB offset 206848
22:45:03.785 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456877 MB offset 314574848
22:45:03.830 Disk 0 scanning C:\Windows\system32\drivers
22:45:24.432 Service scanning
22:46:15.028 Modules scanning
22:46:15.044 Disk 0 trace - called modules:
22:46:15.088 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:46:15.436 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c83060]
22:46:15.451 3 CLASSPNP.SYS[fffff8800186c43f] -> nt!IofCallDriver -> [0xfffffa8004782520]
22:46:15.464 5 ACPI.sys[fffff88000f957a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8004acf1f0]
22:46:16.117 AVAST engine scan C:\Windows
22:46:19.370 AVAST engine scan C:\Windows\system32
22:51:34.656 AVAST engine scan C:\Windows\system32\drivers
22:51:55.896 AVAST engine scan C:\Users\Alvin
23:05:09.298 Disk 0 MBR has been saved successfully to "C:\Users\Alvin\Desktop\MBR.dat"
23:05:09.354 The log file has been saved successfully to "C:\Users\Alvin\Desktop\aswMBR.txt"

Hi again,

The aswMBR looks good! Let's now run Combofix as described in post #8 of this thread.

Please copy and paste the log here when finished.

bloopie

The com is functionally alright.
I managed to restore the security centre, win defender and win firewall via importing of reg entries.

would you recommend microsoft security essentials in addition?

ComboFix 12-08-31.08 - Alvin 01-Sep-12 20:27:49.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.65.1033.18.4095.2690 [GMT 10:00]
Running from: c:\users\Alvin\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alvin\AppData\Local\Temp\sfamcc00001.dll
c:\users\Alvin\AppData\Local\Temp\sfareca00001.dll
c:\users\Alvin\AppData\Roaming\FFSJ
c:\users\Alvin\AppData\Roaming\FFSJ\FFSJ.cfg
c:\windows\assembly\tmp\U
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 10:37 . 2012-09-01 10:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-01 10:37 . 2012-09-01 10:37 -------- d-----w- c:\users\Acronis Agent User\AppData\Local\temp
2012-09-01 10:23 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D48C81F5-7932-43AB-80AB-7F8AC68D8013}\mpengine.dll
2012-08-30 08:33 . 2012-08-30 08:33 13440 ----a-w- c:\windows\SysWow64\drivers\thpIO64.sys
2012-08-25 04:30 . 2012-08-25 04:30 -------- d-----w- c:\program files (x86)\TurboCCC
2012-08-25 03:45 . 2012-08-25 03:45 -------- d-----w- c:\program files (x86)\Universal Extractor
2012-08-24 06:42 . 2012-07-06 02:30 67224 ----a-w- c:\windows\system32\vsocklib.dll
2012-08-24 06:42 . 2012-07-06 02:29 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
2012-08-24 06:42 . 2012-07-06 02:29 70256 ----a-w- c:\windows\system32\drivers\vsock.sys
2012-08-24 06:42 . 2012-08-15 05:18 67224 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-08-24 06:42 . 2012-08-15 05:16 32920 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2012-08-24 06:41 . 2012-08-15 05:18 357016 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-08-24 06:41 . 2012-08-15 05:17 435864 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-08-24 06:41 . 2012-08-15 05:18 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-08-24 06:41 . 2012-08-15 05:18 933528 ----a-w- c:\windows\system32\vnetlib64.dll
2012-08-24 06:41 . 2012-08-01 07:10 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-08-24 06:40 . 2012-08-24 06:40 -------- d-----w- c:\program files\Common Files\VMware
2012-08-24 06:39 . 2012-08-24 06:39 -------- d-----w- c:\program files (x86)\VMware
2012-08-24 06:39 . 2012-08-24 06:39 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-08-23 11:11 . 2012-08-23 11:11 -------- d-----w- c:\users\Alvin\AppData\Local\Macromedia
2012-08-19 04:52 . 2009-07-14 01:41 1011712 ----a-w- c:\program files (x86)\Windows Defender\MpSvc.dll
2012-08-18 03:20 . 2012-08-18 03:20 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-17 10:11 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-17 10:01 . 2012-08-17 10:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-08-17 05:08 . 2012-08-02 18:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-17 05:07 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-08-17 05:07 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-08-17 05:07 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-17 05:07 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-17 05:07 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-08-17 05:07 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-08-17 05:06 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-08-17 05:06 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-08-17 05:06 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-08-17 05:06 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-17 05:06 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-17 05:06 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-17 05:03 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-08-17 05:03 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-17 05:03 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-17 05:03 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-17 05:03 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-17 04:47 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-08-17 04:47 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-08-17 04:46 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-08-17 04:46 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-08-17 04:46 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-08-17 04:46 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-08-17 04:46 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-08-17 04:46 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-08-17 04:46 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-08-17 04:46 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-08-17 04:46 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-08-17 04:46 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-08-17 04:46 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-08-17 04:45 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-17 03:10 . 2012-08-17 03:10 -------- d-----w- c:\program files (x86)\IVT Corporation
2012-08-16 13:10 . 2012-08-16 13:10 -------- d-----w- c:\program files (x86)\Xenocode
2012-08-15 05:16 . 2012-08-15 05:16 62104 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-08-15 05:16 . 2012-08-15 05:16 48792 ----a-w- c:\windows\system32\vnetinst.dll
2012-08-15 05:16 . 2012-08-15 05:16 45720 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-08-15 05:16 . 2012-08-15 05:16 24216 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-08-15 05:16 . 2012-08-15 05:16 20120 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-08-15 03:47 . 2012-08-15 03:47 -------- d-----w- c:\program files (x86)\Resource Hacker
2012-08-15 03:33 . 2012-08-15 03:33 353280 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-08-09 09:42 . 2009-10-27 09:31 3982240 ----a-w- c:\windows\SysWow64\Flash10d.ocx
2012-08-09 09:42 . 2012-08-09 09:42 -------- d-----w- c:\program files (x86)\StreamTransport
2012-08-07 10:50 . 2012-08-17 04:10 -------- d-----w- c:\program files (x86)\Ico's Immo Cleaner
2012-08-02 10:52 . 2012-08-02 10:58 -------- d-----w- c:\users\Alvin\AppData\Roaming\gpdf2swf
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 10:40 . 2011-06-23 13:13 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-08-17 10:51 . 2012-03-30 06:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-17 10:51 . 2011-10-07 04:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-01 07:10 . 2012-08-01 07:10 37680 ----a-w- c:\windows\system32\drivers\vmusb.sys
2012-07-06 02:29 . 2012-07-06 02:29 85104 ----a-w- c:\windows\system32\drivers\vmci.sys
2012-07-03 03:46 . 2011-10-03 07:44 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-16 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-01 80840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2009-8-6 439648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2011-12-21 31968]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 27016]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_lte.sys [2011-08-09 18456]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 19936]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 13280]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-02 1255736]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R4 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-06-28 340136]
R4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2011-12-21 25056]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-24 279616]
S2 AcronisAgent;Acronis Remote Agent Service;c:\program files (x86)\Common Files\Acronis\Agent\agent.exe [2010-10-22 1906576]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-06-24 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-06-28 428200]
S2 DMS;Acronis Disk Management Service;c:\program files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [2010-10-22 4632864]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-05-18 641464]
S3 NETwLv64; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys [2011-07-01 7533568]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-07-29 01:13]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552032687-610599073-128105408-1000Core.job
- c:\users\Alvin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 09:39]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2552032687-610599073-128105408-1000UA.job
- c:\users\Alvin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 09:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-08-10 1216808]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = proxy.singnet.com.sg:8080;127.0.0.1;192.168.1.1;10.0.0.1;<local>
uInternet Settings,ProxyServer = 118.139.163.241:8888
IE: Add to &Teleport - e:\program files\Teleport Pro\teleport.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Alvin\AppData\Roaming\Mozilla\Firefox\Profiles\ow6rg82d.FFnew\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2552032687-610599073-128105408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* 3*0*-* N*o*v*-* 0*6*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2552032687-610599073-128105408-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63D457F8-F1BD-0C84-D4E5-15C794F7DF8F}*]
"paklfoohaoedmokmbpkipppmoiijmaob"=hex:6a,61,67,6f,62,64,63,62,68,65,64,61,61,
6d,65,61,67,6e,70,6e,00,f4
"oaamlgmfpkhdnnbcpmlekdkddigjbp"=hex:6a,61,67,6f,68,64,61,6b,63,63,69,69,68,68,
63,6c,6f,66,6d,62,00,f4
.
[HKEY_USERS\S-1-5-21-2552032687-610599073-128105408-1000\Software\SecuROM\License information*]
"datasecu"=hex:d9,a3,9e,88,29,8d,4c,d6,7d,11,bc,3e,69,24,4d,f9,e8,0b,9c,a7,1e,
1d,01,ee,e4,da,94,06,d6,0a,95,16,08,08,79,81,cc,2a,91,01,3f,26,29,b9,5b,fa,\
"rkeysecu"=hex:ff,17,63,77,43,f1,26,80,72,c6,be,ae,44,80,40,56
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2012-09-01 20:47:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-01 10:47
.
Pre-Run: 32,635,707,392 bytes free
Post-Run: 35,490,619,392 bytes free
.
- - End Of File - - 4E5055EB425BD2AD862E624064077387

Hi again,

I managed to restore the security centre, win defender and win firewall via importing of reg entries.

You should be very careful running registry scripts. One small mistake could turn your machine into a doorstop! I suggest you backup the registry before making any other changes there. Some instructions on that below.

would you recommend microsoft security essentials in addition?

I would recommend MSE as a primary free antivirus program (it's what I'm currently using), but Avira is okay also. The free version of Avira will give you nag screens every month. The paid version of Avira is just fine.

I do NOT however recommend running more than one antivirus program at a time as that can cause many problems.

==========

Here are the instructions to backup your registry:


Backup Your Registry with ERUNT

• Please use the following link and scroll down to ERUNT and download it.
  http://aumha.org/freeware/freeware.php
• For version with the Installer:
  Use the setup program to install ERUNT on your computer
• For the zipped version:
  Unzip all the files into a folder of your choice.

Open Erunt.exe (use the shortcut on your desktop if you used the installer). Follow the prompts leaving the values at default.

===============================================

Your logs are looking pretty good!

Let's run a couple of scans to check other areas of the machine:

I see you have Malwarebytes already installed, so please update it, run a quick scan and post the results in your next reply.

==========

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under scan settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

***Note: The ESET scan may take a few hours depending on the size of your drive and connectivity speeds.

==========

Please post both logs in your next reply!

bloopie

Hello again,

Are you still with me?

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, I will be forced to close this topic!

bloopie

sorry! i did not noticed the email notification of the eset scan. i will get onto it!
thanks.