Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fbdownloader malware/spyware/redirect


  • This topic is locked This topic is locked
14 replies to this topic

#1 tre5

tre5

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 07 February 2013 - 10:19 PM

I am at a loss. I have spent the last 12 hours trying everything I know to get rid of the FBdownloader - Combofix, AdwCleaner, aswMBR, Hijack This JRT, Malwarebytes, OTL, tdsskiller, and RogueKiller - ALL



BC AdBot (Login to Remove)

 


#2 tre5

tre5
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 07 February 2013 - 10:22 PM

ALL TO NO AVIAL!

 

Every time I restart, the homepage is hijacked and fbdownloader search is installed in the place of Google search.  I am completely stymied and at the end of my rope.  if anyone knows how to get rid of this POS malware, I would be greatly appreciative



#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 08 February 2013 - 09:28 AM

Hi tre5,

My name is etavares and I'll be helping you with this issue.

To start, please follow the instructions in this thread:
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

...And post the requested logs in a reply to this thread. Please copy/paste the contents of the logs to make it easier for me to research.

Thanks,
-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 tre5

tre5
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 09 February 2013 - 09:16 AM

Hello etavares,

Thanks for your willingness to help.

I have run DDS.  Here are both the DDS and Attach files:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.7.2
Run by TREK at 8:02:03 on 2013-02-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3767.2192 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Internet Content Filter\safeeyes.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [SCheck] "C:\Users\TREK\AppData\Roaming\SCheck\SCheck.exe" check
uRun: [SSync] "C:\Users\TREK\AppData\Roaming\SSync\SSync.exe"
uRun: [DataMgr] "C:\Users\TREK\AppData\Roaming\DataMgr\DataMgr.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [ICF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00107-0002-0007-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/SpeedOptimizer/FiOS/vzTCPConfig.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E97FDA13-47B0-4B1B-8947-D9DCBF240CAC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E97FDA13-47B0-4B1B-8947-D9DCBF240CAC}\037324430373433353239333 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E97FDA13-47B0-4B1B-8947-D9DCBF240CAC}\130364850353035363339333 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E97FDA13-47B0-4B1B-8947-D9DCBF240CAC}\2383054423 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E97FDA13-47B0-4B1B-8947-D9DCBF240CAC}\8656E646279636B637D27657563747 : DHCPNameServer = 192.168.33.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u21-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2010-12-4 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-2-7 262656]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-12-12 752672]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-12-12 335784]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2013-2-7 132864]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-2-7 21136]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-15 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-4 370288]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-3 465216]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-4 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-4 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-11-10 44808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2013-2-7 133912]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-16 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-11 820568]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-4 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-4 682344]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-12-12 218320]
R2 mfeicfcore;McAfee Internet Content Filter Core Service;C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe [2012-12-12 2765528]
R2 mfeicfupdate;McAfee Internet Content Filter Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2012-12-12 2315888]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-12-12 177144]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
R2 seUpdateSvc;Safe Eyes Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2012-12-12 2315888]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-9-29 12728]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-4 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-16 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-11-16 292864]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-16 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-16 151040]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-11-16 233984]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-16 320040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-4 24176]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-12-12 300392]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-12-12 513456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-10-11 20336]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-4 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-11-16 6952960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-10-11 33184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-16 225280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-3 57856]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-10-11 21328]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-09 13:42:08 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6177F7EE-9FA7-45B5-B604-30F1C6A71152}\mpengine.dll
2013-02-08 00:59:25 132864 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2013-02-08 00:59:17 262656 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2013-02-08 00:59:17 21136 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-02-07 19:51:04 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-02-07 19:38:40 -------- d-----w- C:\Program Files\HitmanPro
2013-02-07 19:36:48 -------- d-----w- C:\ProgramData\HitmanPro
2013-02-07 19:36:02 -------- d-----w- C:\Users\TREK\AppData\Local\Coupon Companion Plugin
2013-02-07 18:26:09 -------- d-----w- C:\$RECYCLE.BIN
2013-02-07 00:33:04 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-06 14:05:38 -------- d-----w- C:\Users\TREK\AppData\Local\Nero
2013-02-06 00:34:59 -------- d-----w- C:\Users\TREK\AppData\Roaming\DataMgr
2013-02-06 00:34:57 -------- d-----w- C:\Users\TREK\AppData\Roaming\SSync
2013-02-06 00:34:56 -------- d-----w- C:\Users\TREK\AppData\Roaming\gnupg
2013-02-06 00:34:55 -------- d-----w- C:\Users\TREK\AppData\Roaming\SCheck
2013-02-06 00:34:53 -------- d-----w- C:\Users\TREK\AppData\Roaming\Common
2013-01-30 02:36:54 -------- d-----w- C:\Users\TREK\AppData\Local\{D6BD7B19-788F-48B8-BFCB-14053ED9F0AD}
.
==================== Find3M  ====================
.
2013-02-09 13:42:28 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 13:42:28 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 07:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-28 23:05:00 2409136 ----a-w- C:\Windows\SysWow64\seinst.dll
2012-11-28 23:05:00 2341168 ----a-w- C:\Windows\sediag.exe
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH:  8:02:50.70 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/4/2010 12:33:06 PM
System Uptime: 2/9/2013 6:44:51 AM (2 hours ago)
.
Motherboard: Gateway          |  | NV79           
Processor: Intel® Core™ i5 CPU       M 430  @ 2.27GHz | CPU | 2267/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 250.498 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
==== System Restore Points ===================
.
RP309: 1/22/2013 8:00:33 AM - Windows Update
RP310: 1/25/2013 9:19:21 AM - Windows Update
RP311: 1/29/2013 7:41:01 AM - Windows Update
RP312: 2/5/2013 7:39:12 AM - Windows Update
RP313: 2/6/2013 8:38:18 PM - Removed IObit Apps Toolbar v6.7.
RP314: 2/7/2013 9:32:26 AM - Removed Google Talk Plugin
RP315: 2/9/2013 7:41:21 AM - Windows Update
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5)
Advanced SystemCare 6
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.12 (Unicode)
Audacity 2.0.2
avast! Internet Security
Backup Manager Basic
Bonjour
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
D3DX10
Destinations
DeviceDiscovery
DocMgr
DocProc
EPSON Printer Software
ESET Online Scanner v3
Fax
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
GIMP 2.6.11
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
HitFilm Standard
HitmanPro 3.7
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
iCloud
Identity Card
ImagXpress
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Turbo Boost Technology Monitor
Intel® Matrix Storage Manager
Internet TV for Windows Media Center
IObit Malware Fighter
iTunes
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 21
Java™ 6 Update 30
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Menu Templates - Starter Kit
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Movie Templates - Starter Kit
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
Network64
OCR Software by I.R.I.S. 13.0
Octoshape add-in for Adobe Flash Player
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Safari
Safe Eyes
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
swMSM
Synaptics Pointing Device Driver
TELL ME MORE
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Toolbox
TOPO! 4
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Video Web Camera
VoiceOver Kit
WebReg
WildTangent Games App (Gateway Games)
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
2/7/2013 8:58:17 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/7/2013 8:57:16 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
2/7/2013 8:57:03 PM, Error: volmgr [46]  - Crash dump initialization failed!
2/7/2013 12:23:45 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
2/7/2013 11:41:36 AM, Error: Service Control Manager [7034]  - The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
2/7/2013 11:41:36 AM, Error: Service Control Manager [7034]  - The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
2/6/2013 6:31:56 PM, Error: Service Control Manager [7034]  - The Advanced SystemCare Service 6 service terminated unexpectedly.  It has done this 1 time(s).
2/6/2013 5:09:40 PM, Error: Service Control Manager [7034]  - The McAfee Internet Content Filter Core Service service terminated unexpectedly.  It has done this 1 time(s).
2/3/2013 9:27:43 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
2/3/2013 7:26:17 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR13.
.
==== End Of File ===========================
 

 

Thanks Again for your help.

Ken



#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 10 February 2013 - 06:33 AM

Hello, tre5.

I do see signs of malware in your log. We'll switch to a different tool for removal.


Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case IOBit Advanced SystemCare 6). Here at BC, we do not recommend using registry cleaners. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578


Step 1


You have two anti-malware programs running...IOBit Malware FIghter and Malwarebytes' Anti-Malware. You should uninstall one of those, or at least turn it off so it's not running all the time. Having more than one means they will fight for access to files which may result in false positives and a slower system. Please uninstall IOBit Malware Fighter via Add/Remove Programs.



Step 2

First, we need to create a scan with this new tool so I can create a custom script for removal.

We need to create an OTL report,
  • Please download OTL from this link.
  • (If that link doesn't work, try this alternate link
  • Save it to your desktop.
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.
-etavares

Edited by etavares, 10 February 2013 - 06:34 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 tre5

tre5
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 11 February 2013 - 10:51 PM



 

Hello etavares,



 

Thanks again for your help.



 

I have removed Iobit Malware program.



 

I already had OTL in a folder on my desktop, so I used that one. I hope it
will not be a problem...



 

I did not find two logs. Here is the one that OTL created:



 

OTL logfile created on: 2/11/2013 5:55:01 PM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TREK\Desktop\Clean

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type =
NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format:
M/d/yyyy



3.68 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 39.04%
Memory free

7.36 Gb Paging File | 4.42 Gb Available in Paging File | 60.13% Paging File
free

Paging file location(s): ?:\pagefile.sys [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program
Files (x86)

Drive C: | 453.66 Gb Total Space | 249.53 Gb Free Space | 55.00% Space Free |
Partition Type: NTFS

Drive D: | 7.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free |
Partition Type: UDF



Computer Name: VALLEYCREEK | User Name: TREK | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name
Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - [2013/02/09 09:15:23 | 000,699,248 | ---- | M] (Adobe Systems
Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe

PRC - [2013/01/15 18:47:12 | 000,491,840 | ---- | M] (IObit) -- C:\Program
Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe

PRC - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program
Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems
Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation)
-- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation)
-- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation)
-- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/11/28 17:03:46 | 003,267,072 | ---- | M] (InternetSafety.com, Inc.)
-- C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe

PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) --
C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) --
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012/10/30 17:50:56 | 000,133,912 | ---- | M] (AVAST Software) --
C:\Program Files\Alwil Software\Avast5\afwServ.exe

PRC - [2012/10/14 07:07:20 | 000,602,112 | ---- | M] (OldTimer Tools) --
C:\Users\TREK\Desktop\Clean\OTL.exe

PRC - [2012/08/09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program
Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program
Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program
Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2009/10/13 13:25:54 | 000,186,904 | ---- | M] (Intel Corporation) --
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) --
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/09/30 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) --
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/09/30 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) --
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/09/24 17:42:34 | 000,244,480 | ---- | M] (NewTech Infosystems,
Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway
MyBackup\BackupManagerTray.exe

PRC - [2009/09/24 17:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems,
Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway
MyBackup\IScheduleSvc.exe

PRC - [2009/09/17 00:50:14 | 001,157,640 | ---- | M] (Dritek System Inc.) --
C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) --
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

PRC - [2009/07/28 13:29:40 | 001,507,448 | ---- | M] (Suyin) -- C:\Program
Files (x86)\VideoWebCamera\VideoWebCamera.exe

PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program
Files\Gateway\Gateway Updater\UpdaterService.exe





========== Modules (No Company Name) ==========



MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files
(x86)\IObit\Advanced SystemCare 6\madexcept_.bpl

MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files
(x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl

MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files
(x86)\IObit\Advanced SystemCare 6\madbasic_.bpl

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files
(x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files
(x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/07/08 13:46:08 | 000,040,960 | ---- | M] () -- C:\Program Files
(x86)\VideoWebCamera\Utility.dll

MOD - [2009/07/06 14:44:34 | 000,626,688 | ---- | M] () -- C:\Program Files
(x86)\VideoWebCamera\Image.dll

MOD - [2009/02/02 19:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files
(x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll





========== Services (SafeList) ==========



SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST
Software) [Auto | Running] -- C:\Program Files\Alwil
Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2012/10/30 17:50:56 | 000,133,912 | ---- | M] (AVAST
Software) [Auto | Running] -- C:\Program Files\Alwil
Software\Avast5\afwServ.exe -- (avast! Firewall)

SRV:64bit: - [2012/07/17 14:52:28 | 000,177,144 | ---- | M] (McAfee,
Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/07/17 14:49:24 | 000,218,320 | ---- | M] () [Auto |
Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe --
(mfefire)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft
Corporation) [Disabled | Stopped] -- C:\Program Files\Windows
Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/10/29 13:10:02 | 000,844,320 | ---- | M] (Acer
Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power
Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2009/09/29 17:25:48 | 000,126,392 | ---- | M] (Intel®
Corporation) [On_Demand | Stopped] -- C:\Program
Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft
Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll --
(WinDefend)

SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto
| Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe --
(Updater Service)

SRV - [2013/02/09 09:15:24 | 000,251,248 | ---- | M] (Adobe Systems
Incorporated) [On_Demand | Stopped] --
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe --
(AdobeFlashPlayerUpdateSvc)

SRV - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running]
-- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe --
(AdvancedSystemCareService6)

SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems
Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation)
[Auto | Running] -- C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation)
[Auto | Running] -- C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/11/28 17:05:00 | 002,765,528 | ---- | M] (McAfee, Inc.) [Auto |
Running] -- C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe --
(mfeicfcore)

SRV - [2012/11/28 17:05:00 | 002,315,888 | ---- | M] (InternetSafety.com, Inc.)
[Auto | Running] -- C:\Program Files (x86)\Internet Content
Filter\UpdateService.exe -- (seUpdateSvc)

SRV - [2012/11/28 17:05:00 | 002,315,888 | ---- | M] (InternetSafety.com, Inc.)
[Auto | Running] -- C:\Program Files (x86)\Internet Content
Filter\UpdateService.exe -- (mfeicfupdate)

SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.)
[Auto | Running] -- C:\Program Files (x86)\HP\Digital
Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.)
[On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent
Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running]
-- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe --
(Nero BackItUp Scheduler 4.0)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
[Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
-- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto
| Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage
Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009/09/30 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto
| Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine
Components\UNS\UNS.exe -- (UNS)

SRV - [2009/09/30 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto
| Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine
Components\LMS\LMS.exe -- (LMS)

SRV - [2009/09/24 17:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems,
Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway
MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto
| Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe --
(Greg_Service)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
[Disabled | Stopped] --
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe --
(clr_optimization_v2.0.50727_32)

SRV - [2009/04/28 21:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.)
[Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION)
[Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE --
(EPSON_PM_RPCV4_01)





========== Driver Services (SafeList) ==========



DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M]
(Malwarebytes Corporation) [File_System | On_Demand | Running] --
C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/11/03 18:31:12 | 000,057,856 | ---- | M] (Microsoft
Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/11/03 18:31:12 | 000,019,456 | ---- | M] (Microsoft
Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST
Software) [Kernel | System | Running] --
C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST
Software) [File_System | System | Running] --
C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST
Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys
-- (aswSP)

DRV:64bit: - [2012/10/30 17:51:55 | 000,262,656 | ---- | M] (AVAST
Software) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)

DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST
Software) [File_System | Auto | Running] --
C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/10/30 17:51:55 | 000,021,136 | ---- | M] (AVAST
Software) [Kernel | System | Running] --
C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2012/10/30 17:51:53 | 000,132,864 | ---- | M] (AVAST
Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys
-- (aswFW)

DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST
Software) [File_System | Auto | Running] --
C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST
Software) [Kernel | System | Running] --
C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple,
Inc.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR
Software Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/17 14:52:38 | 000,335,784 | ---- | M] (McAfee,
Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys --
(mfewfpk)

DRV:64bit: - [2012/07/17 14:50:36 | 000,752,672 | ---- | M] (McAfee,
Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys --
(mfehidk)

DRV:64bit: - [2012/07/17 14:49:36 | 000,513,456 | ---- | M] (McAfee,
Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2012/07/17 14:48:54 | 000,300,392 | ---- | M] (McAfee,
Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/07/17 14:48:34 | 000,169,320 | ---- | M] (McAfee,
Inc.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft
Corporation) [Recognizer | Boot | Unknown] --
C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/10 21:28:18 | 012,311,904 | ---- | M] (Intel
Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced
Micro Devices) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced
Micro Devices) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard
Company) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft
Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys
-- (fssfltr)

DRV:64bit: - [2010/09/07 09:24:46 | 000,012,368 | ---- | M] (ALWIL
Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys
-- (aswNdis)

DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft
Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2010/07/07 18:18:58 | 000,051,600 | ---- | M] (Microsoft
Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys
-- (dc3d)

DRV:64bit: - [2009/10/22 23:27:12 | 000,307,760 | ---- | M] (Synaptics
Incorporated) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel
Corporation) [Kernel | Boot | Running] --
C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/10/12 05:00:52 | 000,151,040 | ---- | M] (Intel
Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys
-- (Impcd)

DRV:64bit: - [2009/10/05 01:49:34 | 006,952,960 | ---- | M] (Intel
Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)

DRV:64bit: - [2009/10/04 19:34:00 | 001,542,656 | ---- | M] (Atheros
Communications, Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/09/29 17:25:50 | 000,012,728 | ---- | M] () [Kernel |
Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2009/09/25 17:42:58 | 000,233,984 | ---- | M] (Intel®
Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel
Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/09/01 19:58:08 | 000,225,280 | ---- | M] (Realtek
Semiconductor Corp.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/08/05 14:43:58 | 000,320,040 | ---- | M] (Broadcom
Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD
Technologies Inc.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI
Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise
Technology) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft
Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft
Corporation) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 18:01:09 | 000,679,936 | ---- | M] (Microsoft
Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys
-- (xnacc)

DRV:64bit: - [2009/06/24 04:23:24 | 000,205,472 | ---- | M] (Realtek
Semiconductor Corp.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom
Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom
Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom
Corporation) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge
Computer Works, Inc.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech
Infosystems, Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech
Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys
-- (UBHelper)

DRV:64bit: - [2009/04/28 21:21:08 | 000,010,240 | ---- | M] (Conexant
Systems, Inc.) [Kernel | Auto | Running] --
C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)

DRV:64bit: - [2009/02/12 08:24:56 | 001,485,824 | ---- | M] (Conexant
Systems, Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2009/02/12 08:20:56 | 000,292,864 | ---- | M] (Conexant
Systems, Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2009/02/12 08:19:34 | 000,740,864 | ---- | M] (Conexant
Systems, Inc.) [Kernel | On_Demand | Running] --
C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2006/06/17 16:27:24 | 000,017,024 | ---- | M] (Conexant)
[Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys --
(mdmxsdk)

DRV - [2009/09/01 19:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor
Corp.) [Kernel | On_Demand | Stopped] --
C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
[File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys
-- (WIMMount)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}:
"URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}:
"URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}:
"URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7





IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0



IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0



IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =



IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =



IE - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\SOFTWARE\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237

IE -
HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\SOFTWARE\Microsoft\Internet
Explorer\Main,Search Bar = Preserve

IE -
HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\SOFTWARE\Microsoft\Internet
Explorer\Main,Start Page = http://www.foxnews.com/

IE -
HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\SOFTWARE\Microsoft\Internet
Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\SOFTWARE\Microsoft\Internet
Explorer\Search,SearchAssistant = http://www.google.com/ie

IE -
HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\..\SearchScopes,DefaultScope
= {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE -
HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyEnable" = 0

IE -
HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyOverride" = *.local





========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:
disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:
c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft
Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program
Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program
Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2:
C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files
(x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2:
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not
found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program
Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft
Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109:
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft
Corporation)

FF -
HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647:
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
(RealNetworks, Inc.)

FF -
HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647:
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google
Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google
Inc.)

FF -
HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0:
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files
(x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



FF -
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com:
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
[2012/11/29 20:03:26 | 000,000,000 | ---D | M]

FF -
HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com:
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
[2012/11/29 20:03:26 | 000,000,000 | ---D | M]



[2011/03/28 20:13:21 | 000,000,000 | ---D | M] (No name found) --
C:\Users\TREK\AppData\Roaming\Mozilla\Extensions

[2011/03/28 20:13:21 | 000,000,000 | ---D | M] (No name found) --
C:\Users\TREK\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com



========== Chrome ==========



CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - homepage: http://search.fbdownloader.com/?channel=sfus205

CHR - Extension: No name found = C:\Users\TREK\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\

CHR - Extension: No name found = C:\Users\TREK\AppData\Local\Google\Chrome\User
Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

CHR - Extension: No name found = C:\Users\TREK\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

CHR - Extension: No name found = C:\Users\TREK\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\



O1 HOSTS File: ([2013/02/07 12:26:07 | 000,000,027 | ---- | M]) -
C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (avast! WebRep) -
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil
Software\Avast5\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value
found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program
Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program
Files (x86)\WOT\WOT.dll ()

O2 - BHO: (Java™ Plug-In 2 SSV Helper) -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files
(x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
- C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} -
C:\Program Files (x86)\WOT\WOT.dll ()

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F}
- No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WOT) -
{71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) -
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WOT) -
{71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()

O3 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\..\Toolbar\WebBrowser:
(no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\..\Toolbar\WebBrowser:
(no name) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - No CLSID value found.

O3 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\..\Toolbar\WebBrowser:
(WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files
(x86)\WOT\WOT.dll ()

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program
Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe
(Intel Corporation)

O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel
Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe
(Intel Corporation)

O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft
IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe
(Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program
Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple
Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe
(AVAST Software)

O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech
Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [ICF] C:\Program Files (x86)\Internet Content
Filter\SafeEyes.exe (InternetSafety.com, Inc.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.)

O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files
(x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)

O4 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001..\Run: [Advanced
SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(IObit)

O4 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001..\Run: [ccleaner]
C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)

O4 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001..\Run: [DataMgr]
C:\Users\TREK\AppData\Roaming\DataMgr\DataMgr.exe (HTTO Group, Ltd.)

O4 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001..\Run:
[MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet
Services\ubd.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001..\Run: [SCheck]
C:\Users\TREK\AppData\Roaming\SCheck\SCheck.exe ()

O4 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001..\Run: [SSync]
C:\Users\TREK\AppData\Roaming\SSync\SSync.exe ()

O4 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001..\Run: [TomTomHOME.exe]
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives
= 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin
= 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel
present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel
present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel
present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel
present

O7 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\Software\Policies\Microsoft\Internet
Explorer\Control Panel present

O7 -
HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] -
C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files
(x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\..Trusted Domains:
clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\..Trusted Domains:
freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\..Trusted Domains:
soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\..Trusted Domains:
sony.com ([]* in Trusted sites)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://javadl-esd.oracle.com/update/1.6.0/jinstall-6u21-windows-i586.cab
(Reg Error: Key error.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
(Microsoft Office Template and Media Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
(Reg Error: Key error.)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
(Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
(Java Plug-in 10.7.2)

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
(Reg Error: Key error.)

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
(Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
(Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
(Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
(Java Plug-in 1.7.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
(Java Plug-in 1.7.0_07)

O16 - DPF: vzTCPConfig http://my.verizon.com/micro/SpeedOptimizer/FiOS/vzTCPConfig.CAB
(Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 -
HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E97FDA13-47B0-4B1B-8947-D9DCBF240CAC}:
DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Handler\wot - No CLSID value found

O18 - Protocol\Handler\gopher - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
- C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft
Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} -
C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program
Files (x86)\WOT\WOT.dll ()

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe
(Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit -
(C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe
(Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe
(Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -
C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -
C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value
found.

O32 - HKLM CDRom: AutoRun - 1

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)







CREATERESTOREPOINT

Restore point Set: OTL Restore Point



========== Files/Folders - Created Within 30 Days
==========




[2013/02/07 18:59:25 | 000,132,864 | ---- | C] (AVAST Software) --
C:\Windows\SysNative\drivers\aswFW.sys

[2013/02/07 18:59:17 | 000,262,656 | ---- | C] (AVAST Software) --
C:\Windows\SysNative\drivers\aswNdis2.sys

[2013/02/07 18:59:17 | 000,021,136 | ---- | C] (AVAST Software) --
C:\Windows\SysNative\drivers\aswKbd.sys

[2013/02/07 18:58:21 | 000,000,000 | ---D | C] --
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security

[2013/02/07 18:27:13 | 000,000,000 | ---D | C] --
C:\Users\TREK\Desktop\RK_Quarantine

[2013/02/07 18:26:04 | 000,000,000 | ---D | C] --
C:\Users\TREK\Documents\tdsskiller

[2013/02/07 13:51:04 | 000,012,872 | ---- | C] (SurfRight B.V.) --
C:\Windows\SysNative\bootdelete.exe

[2013/02/07 13:38:40 | 000,000,000 | ---D | C] --
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

[2013/02/07 13:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2013/02/07 13:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/02/07 13:36:02 | 000,000,000 | ---D | C] --
C:\Users\TREK\AppData\Local\Coupon Companion Plugin

[2013/02/07 12:26:09 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013/02/06 18:33:04 | 000,000,000 | ---D | C] --
C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

[2013/02/06 08:05:38 | 000,000,000 | ---D | C] --
C:\Users\TREK\AppData\Local\Nero

[2013/02/05 18:34:59 | 000,000,000 | ---D | C] --
C:\Users\TREK\AppData\Roaming\DataMgr

[2013/02/05 18:34:57 | 000,000,000 | ---D | C] --
C:\Users\TREK\AppData\Roaming\SSync

[2013/02/05 18:34:56 | 000,000,000 | ---D | C] --
C:\Users\TREK\AppData\Roaming\gnupg

[2013/02/05 18:34:55 | 000,000,000 | ---D | C] --
C:\Users\TREK\AppData\Roaming\SCheck

[2013/02/05 18:34:53 | 000,000,000 | ---D | C] --
C:\Users\TREK\AppData\Roaming\Common

[2013/01/29 20:36:54 | 000,000,000 | ---D | C] --
C:\Users\TREK\AppData\Local\{D6BD7B19-788F-48B8-BFCB-14053ED9F0AD}

[2013/01/20 20:20:26 | 000,000,000 | ---D | C] -- C:\Users\TREK\Desktop\2010-10-19
stuff by me

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



========== Files - Modified Within 30 Days ==========



[2013/02/11 17:53:04 | 000,000,956 | ---- | M] () -- C:\Users\TREK\Desktop\OTL
- Shortcut.lnk

[2013/02/11 17:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe
Flash Player Updater.job

[2013/02/11 17:31:00 | 000,000,894 | ---- | M] () --
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/11 11:31:00 | 000,000,890 | ---- | M] () --
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/02/07 21:05:24 | 000,009,920 | -H-- | M] () --
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/07 21:05:24 | 000,009,920 | -H-- | M] () --
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/07 20:57:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/07 20:56:56 | 2962,309,120 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/07 18:59:16 | 000,000,000 | ---- | M] () --
C:\Windows\SysWow64\config.nt

[2013/02/07 18:58:21 | 000,001,976 | ---- | M] () --
C:\Users\Public\Desktop\avast! Internet Security.lnk

[2013/02/07 13:51:04 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2013/02/07 12:26:07 | 000,000,027 | ---- | M] () --
C:\Windows\SysNative\drivers\etc\hosts

[2013/02/07 11:40:19 | 005,031,093 | R--- | M] (Swearware) --
C:\Users\TREK\Desktop\ComboFix.exe

[2013/02/06 12:31:09 | 000,000,156 | ---- | M] () --
C:\Users\TREK\AppData\Roaming\default.rss

[2013/02/03 18:17:03 | 000,726,444 | ---- | M] () --
C:\Windows\SysNative\PerfStringBackup.INI

[2013/02/03 18:17:03 | 000,624,412 | ---- | M] () --
C:\Windows\SysNative\perfh009.dat

[2013/02/03 18:17:03 | 000,106,756 | ---- | M] () --
C:\Windows\SysNative\perfc009.dat

[2013/01/30 01:25:17 | 000,357,217 | ---- | M] () --
C:\Users\TREK\Documents\Meg Senior 021.JPG

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]



========== Files Created - No Company Name ==========



[2013/02/11 17:53:04 | 000,000,956 | ---- | C] () -- C:\Users\TREK\Desktop\OTL
- Shortcut.lnk

[2013/02/07 18:58:21 | 000,001,976 | ---- | C] () --
C:\Users\Public\Desktop\avast! Internet Security.lnk

[2013/02/05 22:16:38 | 000,000,156 | ---- | C] () --
C:\Users\TREK\AppData\Roaming\default.rss

[2013/02/04 12:27:57 | 000,357,217 | ---- | C] () --
C:\Users\TREK\Documents\Meg Senior 021.JPG

[2013/01/24 20:49:02 | 207,003,362 | ---- | C] () -- C:\Users\TREK\Desktop\stuff
by me 035.AVI

[2013/01/01 18:11:53 | 000,000,839 | ---- | C] () --
C:\Users\TREK\.recently-used.xbel

[2012/11/29 19:58:30 | 000,207,526 | ---- | C] () -- C:\Windows\hpwins28.dat

[2012/11/29 19:58:30 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat

[2012/10/14 10:54:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/10/14 10:54:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/10/14 10:54:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/10/14 10:54:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/10/14 10:54:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/07/19 02:45:50 | 000,000,000 | ---- | C] () --
C:\Users\TREK\AppData\Roaming\wklnhst.dat

[2012/06/18 12:17:27 | 000,017,408 | ---- | C] () -- C:\Users\TREK\AppData\Local\WebpageIcons.db

[2012/05/12 20:59:44 | 000,207,526 | ---- | C] () --
C:\Windows\hpwins28.dat.temp

[2012/01/19 11:00:31 | 000,107,280 | ---- | C] () --
C:\Windows\SysWow64\zlib1.dll

[2012/01/10 21:27:26 | 000,867,020 | ---- | C] () --
C:\Windows\SysWow64\igkrng575.bin

[2012/01/10 21:27:26 | 000,128,204 | ---- | C] () --
C:\Windows\SysWow64\igcompkrng575.bin

[2012/01/10 21:27:26 | 000,105,608 | ---- | C] () --
C:\Windows\SysWow64\igfcg575m.bin

[2012/01/10 20:29:54 | 013,904,384 | ---- | C] () --
C:\Windows\SysWow64\ig4icd32.dll

[2011/12/26 22:40:34 | 000,012,288 | ---- | C] () --
C:\Users\TREK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/07 21:44:43 | 000,000,000 | ---- | C] () --
C:\Users\TREK\AppData\Local\{F50F4704-FA1E-49F0-9EAB-637FDDCCE9F6}

[2011/06/17 16:22:55 | 000,000,418 | ---- | C] () --
C:\Windows\hpwmdl28.dat.temp

[2011/06/05 16:02:31 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/04/15 07:50:57 | 000,000,007 | --S- | C] () -- C:\Users\TREK\AppData\Roaming\date

[2011/04/15 07:50:57 | 000,000,002 | --S- | C] () --
C:\Users\TREK\AppData\Roaming\evf6



========== ZeroAccess Check ==========



[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini



[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
/64



[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]



[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
/64



[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]



[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
/64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 |
014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment



[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 |
012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment



[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
/64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 |
000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free



[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02
| 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free



[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
/64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 |
000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both



[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]



========== LOP Check ==========



[2012/12/13 09:49:19 | 000,000,000 | ---D | M] --
C:\Users\Administrator\AppData\Roaming\IObit

[2012/09/22 17:24:17 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\.minecraft

[2010/12/11 20:04:03 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\air

[2012/11/03 19:09:59 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\Audacity

[2011/08/02 19:01:56 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\Catalina Marketing Corp

[2013/02/05 18:34:53 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\Common

[2013/02/05 18:34:59 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\DataMgr

[2012/10/13 16:12:57 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\Dropbox

[2013/02/05 18:34:56 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\gnupg

[2013/01/01 18:11:53 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\gtk-2.0

[2012/11/03 18:22:00 | 000,000,000 | ---D | M] -- C:\Users\TREK\AppData\Roaming\IObit

[2011/12/14 10:51:16 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\Sammsoft

[2013/02/05 18:34:55 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\SCheck

[2011/08/27 11:11:30 | 000,000,000 | ---D | M] -- C:\Users\TREK\AppData\Roaming\SmartDraw

[2013/02/05 18:34:57 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\SSync

[2012/07/19 02:46:21 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\Template

[2011/03/28 20:13:20 | 000,000,000 | ---D | M] -- C:\Users\TREK\AppData\Roaming\TomTom

[2012/02/04 17:52:32 | 000,000,000 | ---D | M] --
C:\Users\TREK\AppData\Roaming\Windows Live Writer



========== Purity Check ==========







========== Custom Scans ==========



< %SYSTEMDRIVE%\*.* >

[2012/10/13 15:04:38 | 000,001,746 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2012/10/13 15:06:36 | 000,001,806 | ---- | M] () -- C:\AdwCleaner[R2].txt

[2013/02/07 14:29:57 | 000,001,447 | ---- | M] () -- C:\AdwCleaner[R3].txt

[2012/10/13 15:07:47 | 000,001,729 | ---- | M] () -- C:\AdwCleaner[S1].txt

[2013/02/07 13:24:58 | 000,001,815 | ---- | M] () -- C:\AdwCleaner[S2].txt

[2013/02/07 14:30:25 | 000,001,521 | ---- | M] () -- C:\AdwCleaner[S3].txt

[2013/02/07 14:35:28 | 000,001,272 | ---- | M] () -- C:\AdwCleaner[S4].txt

[2009/11/16 13:14:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2013/02/07 12:40:53 | 000,024,530 | ---- | M] () -- C:\ComboFix.txt

[2012/01/19 11:00:56 | 000,019,233 | ---- | M] () -- C:\crash.dmp

[2012/01/19 11:00:56 | 000,006,515 | ---- | M] () -- C:\crash.log

[2013/02/07 20:56:56 | 2962,309,120 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/07 20:57:03 | 3949,748,224 | -HS- | M] () -- C:\pagefile.sys

[2009/11/16 13:24:28 | 000,003,274 | ---- | M] () -- C:\RHDSetup.log

[2013/02/07 18:25:26 | 000,000,354 | ---- | M] () --
C:\TDSSKiller.2.8.10.0_07.02.2013_18.25.19_log.txt

[2012/10/12 20:44:24 | 000,141,014 | ---- | M] () --
C:\TDSSKiller.2.8.10.0_12.10.2012_21.43.47_log.txt

[2012/10/13 08:32:26 | 000,141,014 | ---- | M] () --
C:\TDSSKiller.2.8.10.0_13.10.2012_09.31.47_log.txt

[2012/10/13 13:32:57 | 000,141,028 | ---- | M] () --
C:\TDSSKiller.2.8.10.0_13.10.2012_14.31.38_log.txt

[2013/02/07 18:26:58 | 000,143,900 | ---- | M] () --
C:\TDSSKiller.2.8.15.0_07.02.2013_18.26.16_log.txt

[2010/12/06 14:04:03 | 000,000,011 | ---- | M] () -- C:\trace.ini



< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

>




< %systemroot%\*. /mp /s >



< %systemroot%\system32\*.sys /90 >



< %systemroot%\system32\*.dll /lockedfiles >



< %systemroot%\Tasks\*.job /lockedfiles >



< %systemroot%\system32\drivers\*.sys /lockedfiles
>




< %systemroot%\system32\*.exe /lockedfiles >



< %systemroot%\System32\config\*.sav >



< %PROGRAMFILES%\* >

[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files
(x86)\desktop.ini



< %USERPROFILE%\..|smtmp;true;true;true /FP >



<
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
>




< hklm\software\clients\startmenuinternet|command /rs
>


HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google
Chrome\InstallInfo\\ShowIconsCommand:
"C:\Users\TREK\AppData\Local\Google\Chrome\Application\chrome.exe"
--show-icons

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google
Chrome\InstallInfo\\HideIconsCommand:
"C:\Users\TREK\AppData\Local\Google\Chrome\Application\chrome.exe"
--hide-icons

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google
Chrome\InstallInfo\\ReinstallCommand:
"C:\Users\TREK\AppData\Local\Google\Chrome\Application\chrome.exe"
--make-default-browser

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google
Chrome\shell\open\command\\:
"C:\Users\TREK\AppData\Local\Google\Chrome\Application\chrome.exe"

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand:
"C:\Windows\System32\ie4uinit.exe" -show [2011/07/01 21:19:32 |
000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand:
"C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/01 21:19:32 |
000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand:
"C:\Windows\System32\ie4uinit.exe" -hide [2011/07/01 21:19:32 |
000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\:
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff
[2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\:
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/11/13
20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand:
"C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/03/22
14:21:58 | 002,388,336 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand:
"C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/03/22
14:21:58 | 002,388,336 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand:
"C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/03/22
14:21:58 | 002,388,336 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\:
"C:\Program Files (x86)\Safari\Safari.exe" [2012/03/22 14:21:58 |
002,388,336 | ---- | M] (Apple Inc.)



< hklm\software\clients\startmenuinternet|command /64 /rs
>


64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google
Chrome\InstallInfo\\ShowIconsCommand:
"C:\USERS\TREK\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE"
--SHOW-ICONS

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google
Chrome\InstallInfo\\HideIconsCommand:
"C:\USERS\TREK\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE"
--HIDE-ICONS

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google
Chrome\InstallInfo\\ReinstallCommand:
"C:\USERS\TREK\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE"
--MAKE-DEFAULT-BROWSER

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google
Chrome\shell\open\command\\: "C:\USERS\TREK\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE"

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand:
"C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/01 21:19:31 |
000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand:
"C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/01 21:19:31 |
000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand:
"C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/01 21:19:31 |
000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\:
"C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF
[2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\:
"C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/11/13
20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand:
"C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/03/22
14:21:58 | 002,388,336 | ---- | M] (Apple Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand:
"C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/03/22
14:21:58 | 002,388,336 | ---- | M] (Apple Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand:
"C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/03/22
14:21:58 | 002,388,336 | ---- | M] (Apple Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\:
"C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/03/22 14:21:58 |
002,388,336 | ---- | M] (Apple Inc.)



 

< End of report >



 

If there is anything else that you recommend, please don't hesitate to do
so.



 

Appreciatively,



 

Ken



 

 



 



#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 12 February 2013 - 07:49 AM

Hello, tre5.

Please turn off word wrap before copying and pasting...it messes up the formatting. In notepad, select Format from the menu and you should see Word Wrap with a checkmark next to it. Click it to remove the checkmark, then copy/paste the contents of the log in Step 1.


Step 1

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :files
    C:\Users\TREK\AppData\Roaming\DataMgr
    C:\Users\TREK\AppData\Roaming\SCheck
    C:\Users\TREK\AppData\Roaming\SSync\SSync.exe
    C:\Users\TREK\AppData\Roaming\gnupg
    :OTL
    CHR - homepage: http://search.fbdownloader.com/?channel=sfus205
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001\..\Toolbar\WebBrowser: (no name) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - No CLSID value found.
    O4 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001..\Run: [DataMgr] C:\Users\TREK\AppData\Roaming\DataMgr\DataMgr.exe (HTTO Group, Ltd.)
    O4 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001..\Run: [SCheck] C:\Users\TREK\AppData\Roaming\SCheck\SCheck.exe ()
    O4 - HKU\S-1-5-21-2091210963-1717829459-2921948657-1001..\Run: [SSync] C:\Users\TREK\AppData\Roaming\SSync\SSync.exe ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://javadl-esd.oracle.com/update/1.6.0/jinstall-6u21-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Reg Error: Key error.)
    O16 - DPF: vzTCPConfig http://my.verizon.com/micro/SpeedOptimizer/FiOS/vzTCPConfig.CAB (Reg Error: Key error.)
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot
  • when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the runscanbutton.png button.
  • A report will open, copy and paste it in a reply here.
Step 1


Please attach c:\combofix.txt to your reply.

etavares

Edited by etavares, 12 February 2013 - 07:50 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 tre5

tre5
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 15 February 2013 - 10:23 PM

hello etavares,

 

okay, I ran the OTL script and pasted the custom scan/fixes into the box.  Got the txt and copied it into this forum. 

I then ran OTL again and pasted that txt into this file.

Lastly, I ran combofix.  However, as you know, combofix shut down the computer and at that point, I lost the OTL txt's that I had pasted previously.  I can re-run OTL and re-insert the custom scan/fix and then re-run OTL again, but when I restarted IE, fbdownloader had been removed!

 

So, in an attempt to at least give you somne of what you need, here is the combofix.txt

 

ComboFix 13-02-15.01 - TREK 02/15/2013  20:29:53.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3767.1859 [GMT -6:00]
Running from: c:\users\TREK\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-16 to 2013-02-16  )))))))))))))))))))))))))))))))
.
.
2013-02-16 02:42 . 2013-02-16 02:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-16 02:42 . 2013-02-16 02:42 -------- d-----w- c:\users\Meg\AppData\Local\temp
2013-02-16 02:42 . 2013-02-16 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-16 02:42 . 2013-02-16 02:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-02-16 01:57 . 2013-02-16 01:57 -------- d-----w- C:\_OTL
2013-02-15 23:45 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1102BD3A-F44B-4B08-BA16-7CFDA10C9895}\mpengine.dll
2013-02-14 03:08 . 2013-02-14 03:08 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 03:08 . 2013-02-14 03:08 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:56 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 02:56 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 02:56 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 02:56 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 02:56 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-14 02:55 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-14 02:55 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-14 02:55 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-14 02:55 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-14 02:55 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-14 02:55 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 02:55 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 04:29 . 2013-02-12 04:29 -------- d-----r- c:\users\TREK\Podcasts
2013-02-12 04:27 . 2013-02-12 04:27 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2013-02-12 04:27 . 2013-02-12 04:27 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2013-02-12 04:27 . 2013-02-12 04:27 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2013-02-12 04:27 . 2013-02-12 04:27 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2013-02-12 04:26 . 2013-02-12 04:28 -------- d-----w- c:\program files\Zune
2013-02-08 00:59 . 2012-10-30 23:51 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-02-08 00:59 . 2012-10-30 23:51 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-02-08 00:59 . 2012-10-30 23:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-02-07 19:51 . 2013-02-07 19:51 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-02-07 19:38 . 2013-02-07 19:38 -------- d-----w- c:\program files\HitmanPro
2013-02-07 19:36 . 2013-02-07 19:51 -------- d-----w- c:\programdata\HitmanPro
2013-02-07 19:36 . 2013-02-08 01:40 -------- d-----w- c:\users\TREK\AppData\Local\Coupon Companion Plugin
2013-02-07 00:33 . 2013-02-07 00:33 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-06 14:05 . 2013-02-06 14:05 -------- d-----w- c:\users\TREK\AppData\Local\Nero
2013-02-06 00:34 . 2013-02-16 01:57 -------- d-----w- c:\users\TREK\AppData\Roaming\SSync
2013-02-06 00:34 . 2013-02-06 00:34 -------- d-----w- c:\users\TREK\AppData\Roaming\Common
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 10:30 . 2010-12-04 20:40 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-09 15:15 . 2012-07-23 10:12 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 15:15 . 2012-07-23 10:12 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 07:28 . 2010-12-04 19:01 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 02:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 11:18 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 11:18 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 11:18 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 11:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 22:49 . 2012-10-04 19:40 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 14:55 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 14:55 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 14:55 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 14:55 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 14:55 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 14:55 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 14:55 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 14:55 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 14:55 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 14:55 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 14:55 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 14:55 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 14:55 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 14:55 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 14:55 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 14:55 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 14:55 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 14:55 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 14:55 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 14:55 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 14:55 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 14:55 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 14:55 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 14:55 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 14:55 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 14:55 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 14:55 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 14:55 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 14:55 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 14:55 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 14:55 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 14:55 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-09 14:54 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 14:54 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 14:54 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 14:54 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 14:54 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 14:54 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 14:54 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 14:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-10-24 5435744]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-16 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-17 1157640]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-09-24 244480]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-07-28 1507448]
"ICF"="c:\program files (x86)\Internet Content Filter\SafeEyes.exe" [2012-11-28 3267072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-10-05 6952960]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-04 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-04 57856]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-29 126392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-16 465216]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2012-10-30 133912]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfeicfcore;McAfee Internet Content Filter Core Service;c:\program files (x86)\Internet Content Filter\mfeicfcore.exe [2012-11-28 2765528]
S2 mfeicfupdate;McAfee Internet Content Filter Update Service;c:\program files (x86)\Internet Content Filter\UpdateService.exe [2012-11-28 2315888]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 seUpdateSvc;Safe Eyes Update Service;c:\program files (x86)\Internet Content Filter\UpdateService.exe [2012-11-28 2315888]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-29 12728]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-12 292864]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-08 51600]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-25 233984]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-05 320040]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 15:15]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-08 17:31]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-08 17:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-10-29 822816]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.foxnews.com/
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{430DDB4F-38CC-4E91-AF33-4157334EC937}"=hex:51,66,7a,6c,4c,1d,38,12,21,d8,1e,
   47,fe,76,ff,0b,d0,25,02,17,36,10,8d,23
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}"=hex:51,66,7a,6c,4c,1d,38,12,28,66,44,
   75,7f,7b,a7,04,d5,fe,72,b2,e9,7c,fb,19
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}"=hex:51,66,7a,6c,4c,1d,38,12,24,e7,33,
   cd,4a,31,0a,0b,c2,c1,e6,30,23,b9,ba,a3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:00,21,81,df,70,50,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,ab,fd,b8,56,d7,b0,40,ba,e1,7d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,ab,fd,b8,56,d7,b0,40,ba,e1,7d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2013-02-15  21:01:11 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-16 03:01
ComboFix2.txt  2013-02-07 18:40
ComboFix3.txt  2012-10-14 17:35
.
Pre-Run: 268,795,576,320 bytes free
Post-Run: 269,211,402,240 bytes free
.
- - End Of File - - 25C4EAEA5B0D5C0700BB37119F7F985D
 

 

If you need me to run something else, please let me know.  Otherwise, I will be indebted to you for your help. 

Please advise...

I will talk with you soon,

Ken

 



#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 16 February 2013 - 07:00 AM

Hello, tre5.

Great, we are making progress.


Step 1



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  • etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 tre5

tre5
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 16 February 2013 - 05:50 PM

etavares,

 

Once again, thank you for your help.

 

As you requested, I copied, saved and moved CFScript over Combofix.  However, I don't think I did it properly as there was no indication that the file transfered.  At any rate, here is the combofix report:

 

ComboFix 13-02-15.01 - TREK 02/16/2013  12:29:05.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3767.1981 [GMT -6:00]
Running from: c:\users\TREK\Desktop\ComboFix.exe
Command switches used :: c:\users\TREK\Desktop\Clean\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-16 to 2013-02-16  )))))))))))))))))))))))))))))))
.
.
2013-02-16 18:40 . 2013-02-16 18:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-16 18:40 . 2013-02-16 18:40 -------- d-----w- c:\users\Meg\AppData\Local\temp
2013-02-16 18:40 . 2013-02-16 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-16 18:40 . 2013-02-16 18:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-02-16 01:57 . 2013-02-16 01:57 -------- d-----w- C:\_OTL
2013-02-15 23:45 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1102BD3A-F44B-4B08-BA16-7CFDA10C9895}\mpengine.dll
2013-02-14 03:08 . 2013-02-14 03:08 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 03:08 . 2013-02-14 03:08 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:56 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 02:56 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 02:56 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 02:56 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 02:56 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-14 02:55 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-14 02:55 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-14 02:55 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-14 02:55 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-14 02:55 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-14 02:55 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 02:55 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 04:29 . 2013-02-12 04:29 -------- d-----r- c:\users\TREK\Podcasts
2013-02-12 04:27 . 2013-02-12 04:27 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2013-02-12 04:27 . 2013-02-12 04:27 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2013-02-12 04:27 . 2013-02-12 04:27 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2013-02-12 04:27 . 2013-02-12 04:27 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2013-02-12 04:26 . 2013-02-12 04:28 -------- d-----w- c:\program files\Zune
2013-02-08 00:59 . 2012-10-30 23:51 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-02-08 00:59 . 2012-10-30 23:51 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-02-08 00:59 . 2012-10-30 23:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-02-07 19:51 . 2013-02-07 19:51 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-02-07 19:38 . 2013-02-07 19:38 -------- d-----w- c:\program files\HitmanPro
2013-02-07 19:36 . 2013-02-07 19:51 -------- d-----w- c:\programdata\HitmanPro
2013-02-07 19:36 . 2013-02-08 01:40 -------- d-----w- c:\users\TREK\AppData\Local\Coupon Companion Plugin
2013-02-07 00:33 . 2013-02-07 00:33 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-06 14:05 . 2013-02-06 14:05 -------- d-----w- c:\users\TREK\AppData\Local\Nero
2013-02-06 00:34 . 2013-02-16 01:57 -------- d-----w- c:\users\TREK\AppData\Roaming\SSync
2013-02-06 00:34 . 2013-02-06 00:34 -------- d-----w- c:\users\TREK\AppData\Roaming\Common
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 10:30 . 2010-12-04 20:40 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-09 15:15 . 2012-07-23 10:12 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 15:15 . 2012-07-23 10:12 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 07:28 . 2010-12-04 19:01 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 02:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 11:18 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 11:18 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 11:18 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 11:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 22:49 . 2012-10-04 19:40 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 14:55 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 14:55 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 14:55 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 14:55 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 14:55 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 14:55 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 14:55 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 14:55 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 14:55 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 14:55 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 14:55 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 14:55 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 14:55 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 14:55 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 14:55 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 14:55 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 14:55 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 14:55 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 14:55 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 14:55 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 14:55 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 14:55 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 14:55 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 14:55 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 14:55 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 14:55 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 14:55 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 14:55 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 14:55 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 14:55 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 14:55 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 14:55 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-09 14:54 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 14:54 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 14:54 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 14:54 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 14:54 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 14:54 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 14:54 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 14:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 14:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-10-24 5435744]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-16 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-17 1157640]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-09-24 244480]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-07-28 1507448]
"ICF"="c:\program files (x86)\Internet Content Filter\SafeEyes.exe" [2012-11-28 3267072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-10-05 6952960]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-04 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-04 57856]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-29 126392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-16 465216]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2012-10-30 133912]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfeicfcore;McAfee Internet Content Filter Core Service;c:\program files (x86)\Internet Content Filter\mfeicfcore.exe [2012-11-28 2765528]
S2 mfeicfupdate;McAfee Internet Content Filter Update Service;c:\program files (x86)\Internet Content Filter\UpdateService.exe [2012-11-28 2315888]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 seUpdateSvc;Safe Eyes Update Service;c:\program files (x86)\Internet Content Filter\UpdateService.exe [2012-11-28 2315888]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-29 12728]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-12 292864]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-08 51600]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-25 233984]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-05 320040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 15:15]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-08 17:31]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-08 17:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-10-29 822816]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.foxnews.com/
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-02-16  12:57:57
ComboFix-quarantined-files.txt  2013-02-16 18:57
ComboFix2.txt  2013-02-16 03:01
ComboFix3.txt  2013-02-07 18:40
ComboFix4.txt  2012-10-14 17:35
.
Pre-Run: 268,878,393,344 bytes free
Post-Run: 268,426,113,024 bytes free
.
- - End Of File - - BF7E69108AD995CD9DD2648DC1383F88
 

 

You also wanted me to run ESET.  I'm glad you did, it found a virus.  Here it is:

 

C:\Users\TREK\Downloads\SoftonicDownloader_for_mplayer.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
 

 

Thanks again for your expertise and willingness to help,

Ken



#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 17 February 2013 - 07:02 AM

Hello, tre5.


Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 13 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 7 Update 7
    Java™ 6 Update 21
    Java™ 6 Update 30
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the java file you downloaded to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.




  • Step 2

    Let's take on final look at your system before I call it clean.

    Please run DDS. At the options screen, ensure dds.txt and attach.txt are checked. Then, expand the options for attach.txt and put a checkmark next to "Force scan all domains."

    Click Start.

    Please post the two resulting logs in your reply.

    etavares[/list][/list]

Edited by etavares, 17 February 2013 - 07:03 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 tre5

tre5
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 17 February 2013 - 04:24 PM

etavares,

 

Thank you for all you have done.  You are a great help.

 

Here are the two DDS logs you requested:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by TREK at 15:14:25 on 2013-02-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3767.2277 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [ICF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E97FDA13-47B0-4B1B-8947-D9DCBF240CAC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E97FDA13-47B0-4B1B-8947-D9DCBF240CAC}\037324430373433353239333 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E97FDA13-47B0-4B1B-8947-D9DCBF240CAC}\130364850353035363339333 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E97FDA13-47B0-4B1B-8947-D9DCBF240CAC}\2383054423 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E97FDA13-47B0-4B1B-8947-D9DCBF240CAC}\8656E646279636B637D27657563747 : DHCPNameServer = 192.168.33.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27361210n955l0424z165a44i2y237
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2010-12-4 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-2-7 262656]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-12-12 752672]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-12-12 335784]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2013-2-7 132864]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-2-7 21136]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-15 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-4 370288]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-3 465216]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-4 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-4 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-11-10 44808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2013-2-7 133912]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-16 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-12-12 218320]
R2 mfeicfcore;McAfee Internet Content Filter Core Service;C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe [2012-12-12 2765528]
R2 mfeicfupdate;McAfee Internet Content Filter Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2012-12-12 2315888]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-12-12 177144]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
R2 seUpdateSvc;Safe Eyes Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2012-12-12 2315888]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-9-29 12728]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-4 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-16 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-11-16 292864]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-16 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-16 151040]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-11-16 233984]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-16 320040]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-12-12 300392]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-12-12 513456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-4 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-4 682344]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-4 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-4 24176]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-11-16 6952960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-16 225280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-3 57856]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-17 21:13:09 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-02-17 21:13:08 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-02-17 21:12:54 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-16 22:21:07 -------- d-----w- C:\Users\TREK\AppData\Local\{DF944066-7892-4548-B3CB-473CD3B443DA}
2013-02-16 19:13:27 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-16 01:57:32 -------- d-----w- C:\_OTL
2013-02-15 23:45:17 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1102BD3A-F44B-4B08-BA16-7CFDA10C9895}\mpengine.dll
2013-02-14 03:08:59 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 03:08:59 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:56:22 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-14 02:56:18 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-14 02:56:16 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-14 02:56:06 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-14 02:56:01 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-14 02:55:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-14 02:55:59 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-14 02:55:59 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-14 02:55:59 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-14 02:55:57 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-14 02:55:44 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-14 02:55:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-12 04:29:39 -------- d-----r- C:\Users\TREK\Podcasts
2013-02-12 04:27:59 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT
2013-02-12 04:27:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE
2013-02-12 04:27:57 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR
2013-02-12 04:27:56 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES
2013-02-08 00:59:25 132864 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2013-02-08 00:59:17 262656 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2013-02-08 00:59:17 21136 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-02-07 19:51:04 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-02-07 19:38:40 -------- d-----w- C:\Program Files\HitmanPro
2013-02-07 19:36:48 -------- d-----w- C:\ProgramData\HitmanPro
2013-02-07 19:36:02 -------- d-----w- C:\Users\TREK\AppData\Local\Coupon Companion Plugin
2013-02-07 00:33:04 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-06 14:05:38 -------- d-----w- C:\Users\TREK\AppData\Local\Nero
2013-02-06 00:34:57 -------- d-----w- C:\Users\TREK\AppData\Roaming\SSync
2013-02-06 00:34:53 -------- d-----w- C:\Users\TREK\AppData\Roaming\Common
2013-01-30 02:36:54 -------- d-----w- C:\Users\TREK\AppData\Local\{D6BD7B19-788F-48B8-BFCB-14053ED9F0AD}
.
==================== Find3M  ====================
.
2013-02-14 03:04:20 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-14 03:04:20 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-14 03:04:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-14 03:04:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-14 03:04:20 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-14 03:04:20 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-14 03:04:20 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-14 03:04:20 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-14 03:04:20 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-14 03:04:20 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-14 03:04:20 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-14 03:04:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-09 15:15:24 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 15:15:24 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 07:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-16 00:49:06 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-28 23:05:00 2409136 ----a-w- C:\Windows\SysWow64\seinst.dll
2012-11-28 23:05:00 2341168 ----a-w- C:\Windows\sediag.exe
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
.
============= FINISH: 15:15:52.51 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/4/2010 12:33:06 PM
System Uptime: 2/17/2013 3:09:03 PM (0 hours ago)
.
Motherboard: Gateway          |  | NV79           
Processor: Intel® Core™ i5 CPU       M 430  @ 2.27GHz | CPU | 2267/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 250.338 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
==== System Restore Points ===================
.
RP313: 2/6/2013 8:38:18 PM - Removed IObit Apps Toolbar v6.7.
RP314: 2/7/2013 9:32:26 AM - Removed Google Talk Plugin
RP315: 2/9/2013 7:41:21 AM - Windows Update
RP316: 2/11/2013 5:56:56 PM - OTL Restore Point - 2/11/2013 5:56:55 PM
RP318: 2/11/2013 10:26:14 PM - Installed Zune 4.8
RP319: 2/13/2013 9:02:59 PM - Windows Modules Installer
RP320: 2/14/2013 4:28:02 AM - Windows Update
RP321: 2/16/2013 12:27:03 PM - ComboFix created restore point
RP322: 2/17/2013 3:04:22 PM - Removed Java™ 6 Update 30
RP323: 2/17/2013 3:06:05 PM - Removed Java™ 6 Update 21
RP324: 2/17/2013 3:07:01 PM - Removed Java 7 Update 7
RP325: 2/17/2013 3:11:35 PM - Installed Java 7 Update 13 (64-bit)
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5)
Advanced SystemCare 6
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.12 (Unicode)
Audacity 2.0.2
avast! Internet Security
Backup Manager Basic
Bonjour
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
D3DX10
Destinations
DeviceDiscovery
DocMgr
DocProc
EPSON Printer Software
ESET Online Scanner v3
Fax
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
GIMP 2.6.11
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
HitFilm Standard
HitmanPro 3.7
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
iCloud
Identity Card
ImagXpress
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Turbo Boost Technology Monitor
Intel® Matrix Storage Manager
Internet TV for Windows Media Center
iTunes
Java 7 Update 13 (64-bit)
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Menu Templates - Starter Kit
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Movie Templates - Starter Kit
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
Network64
OCR Software by I.R.I.S. 13.0
Octoshape add-in for Adobe Flash Player
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Safari
Safe Eyes
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
swMSM
Synaptics Pointing Device Driver
TELL ME MORE
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Toolbox
TOPO! 4
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Video Web Camera
VoiceOver Kit
WebReg
WildTangent Games App (Gateway Games)
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
WOT for Internet Explorer
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
2/17/2013 3:11:00 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/17/2013 3:09:21 PM, Error: volmgr [46]  - Crash dump initialization failed!
2/17/2013 2:23:58 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
2/16/2013 12:41:10 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
2/16/2013 12:26:37 PM, Error: Service Control Manager [7034]  - The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
2/16/2013 12:26:37 PM, Error: Service Control Manager [7034]  - The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
2/15/2013 8:45:30 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/15/2013 8:45:30 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
2/15/2013 8:38:29 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/15/2013 8:14:04 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
2/14/2013 9:23:32 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
2/14/2013 9:23:32 AM, Error: Service Control Manager [7000]  - The avast! Antivirus service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/14/2013 8:54:15 AM, Error: Service Control Manager [7022]  - The Windows Modules Installer service hung on starting.
2/13/2013 9:21:42 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the NTI IScheduleSvc service to connect.
2/13/2013 9:21:42 PM, Error: Service Control Manager [7000]  - The NTI IScheduleSvc service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/12/2013 1:19:54 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
2/11/2013 4:33:44 PM, Error: Service Control Manager [7034]  - The McAfee Internet Content Filter Core Service service terminated unexpectedly.  It has done this 1 time(s).
2/10/2013 12:51:55 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
 

 

Please let me know what else you think needs to be done.

 

It has been a pleasure working with you.

Ken



#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 18 February 2013 - 06:34 AM

Hello, tre5.

Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1



Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:
CF_Uninstall-1.jpg
Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • If that link doesn't work, try this one.
  • Double click OTC_Icon.jpgicon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


    Optional Items

    Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


    System Still Slow?
    You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
    If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

    Protect yourself from malicious sites

    The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.




    Keep Windows Up to Date
    It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



    Update your AntiVirus Software

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


    Make sure your applications have all of their updates

    It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.






    Update all these programs regularly
    Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

    Follow this list and your potential for being infected again will reduce dramatically.

    Good luck!

    etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 10 March 2013 - 07:24 AM

Since this topic appears resolved, this thread is now closed. If the original poster needs it reopened, please PM me.

Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 10 March 2013 - 07:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users