1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Annoying Pop up

Discussion in 'Virus & Other Malware Removal' started by Curtisin, Aug 31, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Curtisin

    Curtisin Thread Starter

    Joined:
    Oct 9, 2011
    Messages:
    32
    Hi.

    This morning I woke up to a problem with my PC where it opens Popup windows at random, always to the same place.
    I've run Malwarebyte Anti-Malware, Super Anti Spyware and Windows Security Essentials in an attempt to get rid of it, but nothing seems to be doing the trick, so I turn to you for help.

    HijackThis log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:41:05, on 31/08/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
    C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Curtisin\AppData\Roaming\D2B9.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Downloads\Software\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/10
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Logitech Flow Scroll - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Curtisin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sapaps] C:\Users\Curtisin\AppData\Roaming\Sapaps.scr
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - (no file)
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Product - 2012/01/10 18:46:24 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: DokanMounter - Unknown owner - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: McAfee Activation Service (McAWFwk) - Unknown owner - c:\PROGRA~1\mcafee\msc\mcawfwk.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 16216 bytes



    DDS.txt:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Curtisin at 18:41:38 on 2012-08-31
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.8174.5719 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
    C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    C:\Program Files\Logitech\SetPointG\SetPointII.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\splwow64.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Curtisin\AppData\Roaming\D2B9.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Downloads\Software\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files (x86)\Free Download Manager\fdm.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ie/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Logitech Flow Scroll: {e11db59d-5008-42ff-9069-535843bc0be1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [Google Update] "C:\Users\Curtisin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Sapaps] C:\Users\Curtisin\AppData\Roaming\Sapaps.scr
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: mswsock.dll
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: DhcpNameServer = 85.91.1.19 85.91.1.18
    TCP: Interfaces\{7C789047-5949-459D-8FAB-EC0465F646C6} : DhcpNameServer = 85.91.1.19 85.91.1.18
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO-X64: Canon Easy-WebPrint EX BHO - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
    TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
    mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Curtisin\AppData\Roaming\Mozilla\Firefox\Profiles\hbtov1xr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Curtisin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 Dokan;Dokan;\??\C:\Windows\system32\drivers\dokan.sys --> C:\Windows\system32\drivers\dokan.sys [?]
    R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-10 13592]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-10 1692480]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
    R3 WRfiltv;WRfiltv;C:\Windows\system32\drivers\WRfiltv.sys --> C:\Windows\system32\drivers\WRfiltv.sys [?]
    S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/01/10 18:46:24;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-11 248304]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-10 1262400]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-22 250568]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-6-6 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-1-10 79360]
    S3 McAWFwk;McAfee Activation Service;c:\PROGRA~1\mcafee\msc\mcawfwk.exe --> c:\PROGRA~1\mcafee\msc\mcawfwk.exe [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-20 113120]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-08-31 17:38:50 116224 ----a-w- C:\Users\Curtisin\AppData\Roaming\D2B9.exe
    2012-08-31 16:35:31 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{315C662C-3633-45D3-B2B0-AE55D6AC5C07}\mpengine.dll
    2012-08-31 16:34:48 116224 ----a-w- C:\Users\Curtisin\AppData\Roaming\E407.exe
    2012-08-31 06:11:09 100352 ----a-w- C:\Users\Curtisin\AppData\Roaming\Sapaps.scr
    2012-08-31 06:08:20 105984 ----a-w- C:\ProgramData\5587smPd.exe
    2012-08-31 06:03:23 -------- d-----w- C:\Users\Curtisin\AppData\Local\{08522DCA-8801-40A9-8B8E-68DFB660B8B8}
    2012-08-30 18:02:58 -------- d-----w- C:\Users\Curtisin\AppData\Local\{7369FA60-12B9-4038-9347-606A692003DD}
    2012-08-30 06:02:33 -------- d-----w- C:\Users\Curtisin\AppData\Local\{C5A9C7D9-742C-48F5-AB79-85FE18295BAD}
    2012-08-29 17:10:42 -------- d-----w- C:\Users\Curtisin\AppData\Local\{1A4B7FED-7BCB-4948-B8F1-462E366AF071}
    2012-08-28 18:35:13 -------- d-----w- C:\Users\Curtisin\AppData\Local\{1BAB0D57-30E1-4BD7-8F29-E1BEC96F1200}
    2012-08-28 05:57:23 -------- d-----w- C:\Users\Curtisin\AppData\Local\{89165A51-23EB-4C28-9EFB-411D747FC089}
    2012-08-27 05:48:28 -------- d-----w- C:\Users\Curtisin\AppData\Local\{18F7DABE-EE86-4DE1-BE4C-A016EE74ABF0}
    2012-08-26 09:06:56 -------- d-----w- C:\Users\Curtisin\AppData\Local\{034414EC-A7B0-4363-9FB5-1DE10C039F56}
    2012-08-25 20:49:34 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-25 06:05:37 -------- d-----w- C:\Users\Curtisin\AppData\Local\{FA85D91F-98C7-40BC-A2EB-7ADC9A13814A}
    2012-08-24 06:11:52 -------- d-----w- C:\Users\Curtisin\AppData\Local\{41E96B54-ACF4-4FA8-B96E-EDFD4E45CF50}
    2012-08-23 18:11:17 -------- d-----w- C:\Users\Curtisin\AppData\Local\{D7656CD8-0D18-4BBC-BE2E-43F4D8B0123A}
    2012-08-23 06:10:52 -------- d-----w- C:\Users\Curtisin\AppData\Local\{3BE2CBE6-0496-48C4-A79A-021BC5EB4FD0}
    2012-08-22 20:28:12 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-22 20:28:11 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-22 18:04:19 -------- d-----w- C:\Users\Curtisin\AppData\Local\{F2E05F25-30B9-4909-9E54-2656F974D653}
    2012-08-22 06:03:54 -------- d-----w- C:\Users\Curtisin\AppData\Local\{E5E1E944-E7E3-4BAF-93EE-841400CECB13}
    2012-08-21 17:44:25 -------- d-----w- C:\Users\Curtisin\AppData\Local\{59FDADC4-2EF6-44C6-8149-8C87A1D6DAB1}
    2012-08-20 18:07:24 -------- d-----w- C:\Users\Curtisin\AppData\Local\{6AC9AF62-F0BE-42A9-BA9E-9A34F350A4E3}
    2012-08-20 06:07:00 -------- d-----w- C:\Users\Curtisin\AppData\Local\{661725C8-A540-4142-BC69-33BFE98B7191}
    2012-08-19 07:28:22 -------- d-----w- C:\Users\Curtisin\AppData\Local\{D774549E-F60E-4D73-9CC7-DE6A5C08FB71}
    2012-08-18 19:27:58 -------- d-----w- C:\Users\Curtisin\AppData\Local\{8F252602-B1EF-4D9E-A5AF-B777ECD7886C}
    2012-08-18 19:27:46 -------- d-----w- C:\Users\Curtisin\AppData\Local\{1FB8F6D4-026D-421F-A370-8BB7BBEA54FF}
    2012-08-18 06:39:09 -------- d-----w- C:\Users\Curtisin\AppData\Local\{AB90026C-A967-4C25-8AA9-C13E92074A98}
    2012-08-18 06:38:58 -------- d-----w- C:\Users\Curtisin\AppData\Local\{2FF0B790-CD04-48DB-BFEC-EE697D702136}
    2012-08-17 18:11:12 -------- d-----w- C:\Users\Curtisin\AppData\Local\{FAEC8BD5-C5B5-4444-B0EA-35A002A3A2DD}
    2012-08-17 18:11:01 -------- d-----w- C:\Users\Curtisin\AppData\Local\{69642B22-9896-4FD6-8FE5-C6DCE813CFF5}
    2012-08-17 06:10:34 -------- d-----w- C:\Users\Curtisin\AppData\Local\{E6EDAE84-946E-4BA4-952B-1C87ADC94E50}
    2012-08-17 06:10:23 -------- d-----w- C:\Users\Curtisin\AppData\Local\{D4BB3CAA-E7C6-4A13-BE13-6DE79D16D069}
    2012-08-16 18:03:02 -------- d-----w- C:\Users\Curtisin\AppData\Local\{12C8CA03-1450-46E0-8D4B-C6B8A9A69E9C}
    2012-08-16 18:02:40 -------- d-----w- C:\Users\Curtisin\AppData\Local\{8B7FF459-BD39-4294-83C9-90026CED46BB}
    2012-08-16 06:02:15 -------- d-----w- C:\Users\Curtisin\AppData\Local\{0EBFAB31-620C-4BA6-97F0-4DA4F5E9A150}
    2012-08-16 06:02:04 -------- d-----w- C:\Users\Curtisin\AppData\Local\{D82D6887-FDC2-44DD-9D8D-8386A937DCD7}
    2012-08-15 18:01:39 -------- d-----w- C:\Users\Curtisin\AppData\Local\{131A6F96-D02C-4887-8A7C-97758A377156}
    2012-08-15 18:01:28 -------- d-----w- C:\Users\Curtisin\AppData\Local\{B0D8ED6D-5653-4875-8778-CF340B88F688}
    2012-08-15 06:01:02 -------- d-----w- C:\Users\Curtisin\AppData\Local\{7B4385FF-2130-4D94-905A-730D46AEB357}
    2012-08-15 06:00:50 -------- d-----w- C:\Users\Curtisin\AppData\Local\{997C478D-B5DC-4D97-A60E-9A1CEF874F64}
    2012-08-14 17:48:31 -------- d-----w- C:\Users\Curtisin\AppData\Local\{865EEF4E-6185-4C6D-BC85-3A36EA23FEF0}
    2012-08-14 17:48:20 -------- d-----w- C:\Users\Curtisin\AppData\Local\{B18D2E0C-DE4C-4EC9-86C7-C6B479CAD528}
    2012-08-14 05:47:50 -------- d-----w- C:\Users\Curtisin\AppData\Local\{5EB1CFBD-7E96-4712-BE66-0036E7989D6B}
    2012-08-14 05:47:35 -------- d-----w- C:\Users\Curtisin\AppData\Local\{00E1B78B-B6E6-45A8-9187-267B10F89458}
    2012-08-13 17:16:16 -------- d-----w- C:\Users\Curtisin\AppData\Local\{DE44AF3B-8097-4261-9689-CDE5F487EF3C}
    2012-08-13 17:16:04 -------- d-----w- C:\Users\Curtisin\AppData\Local\{5CE8591A-B4A2-4ABE-85D1-843A23DD153D}
    2012-08-12 18:42:46 -------- d-----w- C:\Users\Curtisin\AppData\Local\{20F2876B-C178-4973-A7B0-C4BE4073EB0D}
    2012-08-12 18:42:35 -------- d-----w- C:\Users\Curtisin\AppData\Local\{CA119A5F-55BD-45E2-9632-CE0F1405701F}
    2012-08-12 06:42:08 -------- d-----w- C:\Users\Curtisin\AppData\Local\{0D9758AE-3AFF-4E75-9647-695FE61CD835}
    2012-08-12 06:41:56 -------- d-----w- C:\Users\Curtisin\AppData\Local\{9FB7D8F0-D42D-4032-960D-9CDCF2E954C8}
    2012-08-11 19:56:50 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB5C8C74-F744-40F6-B403-90A92B7972CD}\gapaengine.dll
    2012-08-11 19:46:24 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-08-11 19:46:23 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-08-11 18:41:40 -------- d-----w- C:\Users\Curtisin\AppData\Local\{43A94BF8-E5CF-4AB1-AB58-06D390AB70E2}
    2012-08-11 18:41:29 -------- d-----w- C:\Users\Curtisin\AppData\Local\{0B7B6C49-610D-4F62-B0E8-C20CC2C3AA19}
    2012-08-11 12:25:43 -------- d-----w- C:\ProgramData\Remedy
    2012-08-11 06:41:03 -------- d-----w- C:\Users\Curtisin\AppData\Local\{A0330B47-1203-49EC-BE02-AEE52BC3E615}
    2012-08-11 06:40:47 -------- d-----w- C:\Users\Curtisin\AppData\Local\{7A16C0D0-9E62-40FF-A42B-F0603FA0F5F1}
    2012-08-10 16:23:53 -------- d-----w- C:\Users\Curtisin\AppData\Local\{1DEB78C9-524D-4423-9912-06DD30C57199}
    2012-08-10 16:23:41 -------- d-----w- C:\Users\Curtisin\AppData\Local\{AB2C1A78-B09E-4D46-A021-57F72DAD758C}
    2012-08-09 18:10:45 -------- d-----w- C:\Users\Curtisin\AppData\Local\{3BC4381A-35BD-41E2-9B41-8585EBA8389E}
    2012-08-09 18:10:34 -------- d-----w- C:\Users\Curtisin\AppData\Local\{B18BC869-6A71-4758-A356-30A07A80A1DE}
    2012-08-09 06:10:08 -------- d-----w- C:\Users\Curtisin\AppData\Local\{FF775CAD-F9F5-40BE-ADEF-CC4AD9E796F2}
    2012-08-09 06:09:57 -------- d-----w- C:\Users\Curtisin\AppData\Local\{379933DA-6D16-4ACA-832F-FB5EA48C671C}
    2012-08-08 17:56:52 -------- d-----w- C:\Users\Curtisin\AppData\Local\{E743BB48-97F2-4D60-989D-8A0447E017C2}
    2012-08-08 17:56:38 -------- d-----w- C:\Users\Curtisin\AppData\Local\{A0588094-DE01-485C-B67E-9FF7CAC9C857}
    2012-08-08 05:56:12 -------- d-----w- C:\Users\Curtisin\AppData\Local\{C1CC9E7D-C64F-4463-A54E-74C88D21BB85}
    2012-08-08 05:56:00 -------- d-----w- C:\Users\Curtisin\AppData\Local\{5E7F5921-89DA-4CA6-B92F-4ED73D693BFB}
    2012-08-07 16:45:12 -------- d-----w- C:\Users\Curtisin\AppData\Local\{B60BA226-382D-4DCC-ABB7-33042248B459}
    2012-08-07 16:44:47 -------- d-----w- C:\Users\Curtisin\AppData\Local\{F0122BE6-F2DB-4250-99CB-53F0A45851CE}
    2012-08-06 20:14:27 -------- d-----w- C:\Users\Curtisin\AppData\Local\{488FE00D-C319-45ED-86BC-9D30FC32A5E9}
    2012-08-06 20:14:05 -------- d-----w- C:\Users\Curtisin\AppData\Local\{4919806D-5A5E-4DDF-93C8-9C4D2DB9ECAD}
    2012-08-06 08:13:39 -------- d-----w- C:\Users\Curtisin\AppData\Local\{EDACD41A-71C2-44B9-857B-55E4C5405E8C}
    2012-08-06 08:13:17 -------- d-----w- C:\Users\Curtisin\AppData\Local\{4118494B-8DA8-4CCE-80F3-A1965F211E65}
    2012-08-05 20:12:51 -------- d-----w- C:\Users\Curtisin\AppData\Local\{A512F549-C594-48C2-B227-DC3A6810BA12}
    2012-08-05 20:12:40 -------- d-----w- C:\Users\Curtisin\AppData\Local\{91B47D5A-0E23-42BE-8CAC-D4B699BED639}
    2012-08-05 08:12:13 -------- d-----w- C:\Users\Curtisin\AppData\Local\{511B1DBD-2062-40CB-A62B-6AA700F2698B}
    2012-08-05 08:11:51 -------- d-----w- C:\Users\Curtisin\AppData\Local\{FBA399DA-B137-4257-90EA-6461B6D96A5D}
    2012-08-04 20:11:33 -------- d-----w- C:\Users\Curtisin\AppData\Local\{C14FE86F-E37E-42FA-A091-61CE1A21FCC5}
    2012-08-04 20:11:20 -------- d-----w- C:\Users\Curtisin\AppData\Local\{D8EDD34A-3CF4-4F80-91AC-31D4CB113956}
    2012-08-04 06:51:21 -------- d-----w- C:\Users\Curtisin\AppData\Local\{D4846D8E-05AC-49E0-9E93-48FB0D445AAE}
    2012-08-04 06:51:09 -------- d-----w- C:\Users\Curtisin\AppData\Local\{0699E84B-6137-4E71-B9A4-53E759C5E8EE}
    2012-08-03 07:58:34 -------- d-----w- C:\Users\Curtisin\AppData\Local\{077DC386-AD87-4AF5-9752-6B322F88BCA1}
    2012-08-03 07:58:22 -------- d-----w- C:\Users\Curtisin\AppData\Local\{EDD0212D-E92E-4921-8958-A4039B0163E1}
    2012-08-02 19:36:32 -------- d-----w- C:\Users\Curtisin\AppData\Local\{99DBC03E-4527-48CA-B0D5-C18A05C6E518}
    2012-08-02 19:36:10 -------- d-----w- C:\Users\Curtisin\AppData\Local\{2068C5E5-DBE0-4013-A2A7-9381F1F0AAF7}
    2012-08-02 07:35:44 -------- d-----w- C:\Users\Curtisin\AppData\Local\{64A7B0D9-00EA-4C5C-8338-8FA37671AA4C}
    2012-08-02 07:35:32 -------- d-----w- C:\Users\Curtisin\AppData\Local\{A579E185-E446-4174-94DE-D91ED3278FA9}
    2012-08-01 19:35:07 -------- d-----w- C:\Users\Curtisin\AppData\Local\{955B3671-FE1F-4B8E-B770-5A565BAC56A6}
    2012-08-01 19:34:56 -------- d-----w- C:\Users\Curtisin\AppData\Local\{D2D4CA21-16ED-40CD-A5F9-F763C2920251}
    .
    ==================== Find3M ====================
    .
    2012-07-30 15:10:39 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
    2012-07-26 19:53:05 328704 ----a-w- C:\Windows\System32\services.exe
    2012-07-26 19:51:01 328704 ----a-w- C:\Windows\System32\services.exe.4BDE40465C4754BF
    2012-07-26 19:46:26 328704 ----a-w- C:\Windows\System32\services.exe.B09A2E41E8917600
    2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-14 07:43:26 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-06 08:26:56 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-06-06 08:26:56 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-06-06 08:26:56 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-06-06 08:26:56 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    .
    ============= FINISH: 18:42:40.85 ===============


    Attached to the post is my Attach.txt from DDS.

    I run a 64-Bit system so I haven't used the final program in the "do this before posting" thread.

    Thanks in advance.
     
  2. Curtisin

    Curtisin Thread Starter

    Joined:
    Oct 9, 2011
    Messages:
    32
    Seems I forgot to add the attach.txt, so here it is.
     

    Attached Files:

  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Hello Curtisin and welcome to TSG,

    I'm kevinf80 and I will be helping with any malware issues you may have with your system.

    • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
    • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
    • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
    • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.

    Please proceed as follows :-

    Step 1

    Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then tap enter.
    Next,
    Type exit Tap enter, re-boot your PC.

    ***Note the space between sfc and /scannow.

    Step 2

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  4. Curtisin

    Curtisin Thread Starter

    Joined:
    Oct 9, 2011
    Messages:
    32
    Hi Kevin,

    First off, thank you for helping out, it is much appreciated.

    Here is the ComboFix log that you asked for:

    ComboFix 12-08-31.08 - Curtisin 01/09/2012 7:17.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.8174.6465 [GMT 1:00]
    Running from: c:\users\Curtisin\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\Curtisin\AppData\Roaming\D2B9.exe
    c:\users\Curtisin\AppData\Roaming\E407.exe
    c:\windows\SysWow64\CmdRtr.DLL.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-31 19:18 . 2012-08-31 19:18 -------- d-----w- c:\programdata\Curse Client
    2012-08-31 16:35 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{315C662C-3633-45D3-B2B0-AE55D6AC5C07}\mpengine.dll
    2012-08-25 20:49 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-22 20:28 . 2012-08-22 20:28 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-22 20:28 . 2012-08-22 20:28 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-11 19:56 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB5C8C74-F744-40F6-B403-90A92B7972CD}\gapaengine.dll
    2012-08-11 19:46 . 2012-08-11 19:46 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-08-11 19:46 . 2012-08-11 19:46 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-11 12:25 . 2012-08-11 12:25 -------- d-----w- c:\programdata\Remedy
    2012-08-09 18:21 . 2012-08-09 18:50 -------- d-----w- c:\programdata\TrackMania
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-30 15:10 . 2012-05-18 16:42 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
    2012-07-26 19:53 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
    2012-07-26 19:51 . 2012-07-26 19:51 328704 ----a-w- c:\windows\system32\services.exe.4BDE40465C4754BF
    2012-07-26 19:46 . 2012-07-26 19:46 328704 ----a-w- c:\windows\system32\services.exe.B09A2E41E8917600
    2012-07-12 02:01 . 2012-01-18 22:15 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-03 12:46 . 2012-02-07 08:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-14 08:06 . 2012-06-14 08:06 53248 ----a-r- c:\users\Curtisin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-06-14 07:43 . 2012-06-14 07:43 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-06-12 03:08 . 2012-07-12 02:03 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-06-09 05:43 . 2012-07-11 17:50 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 08:26 . 2012-06-06 08:26 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-06-06 08:26 . 2012-06-06 08:26 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-06-06 08:26 . 2012-06-06 08:26 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-06-06 08:26 . 2012-06-06 08:26 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-06-06 06:06 . 2012-07-11 17:50 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 17:50 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 17:50 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 17:50 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 17:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 17:50 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-23 5661056]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693]
    "SPIRunE"="SPIRunE.dll" [2009-07-27 18432]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
    "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-12 75048]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-09-22 165184]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 dswlhwpc;dswlhwpc;c:\windows\system32\drivers\dswlhwpc.sys [x]
    R1 txfqoyvx;txfqoyvx;c:\windows\system32\drivers\txfqoyvx.sys [x]
    R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/01/10 18:46;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2011-08-11 248304]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250568]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-06-06 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-10 79360]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-22 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-19 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
    R3 X6va006;X6va006;c:\users\Curtisin\AppData\Local\Temp\0063A39.tmp [x]
    R3 X6va008;X6va008;c:\users\Curtisin\AppData\Local\Temp\0087FE8.tmp [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-09 272448]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
    S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-07-27 639512]
    S3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [2009-07-31 25600]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - CLKMDRV10_9EC60124
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 20:28]
    .
    2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4220429803-3547898977-4289334148-1000Core.job
    - c:\users\Curtisin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 07:49]
    .
    2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4220429803-3547898977-4289334148-1000UA.job
    - c:\users\Curtisin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 07:49]
    .
    2012-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
    .
    2012-08-31 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
    "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
    "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-27 2022976]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "LogiScrollApp"="c:\program files\Logitech\FlowScroll\KhalScroll.exe" [2012-02-08 166680]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ie/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
    TCP: DhcpNameServer = 85.91.1.19 85.91.1.18
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath - c:\users\Curtisin\AppData\Roaming\Mozilla\Firefox\Profiles\hbtov1xr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
    "ImagePath"="\??\c:\users\Curtisin\AppData\Local\Temp\0063A39.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\users\Curtisin\AppData\Local\Temp\0087FE8.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
    71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
    33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
    c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{E11DB59D-5008-42FF-9069-535843BC0BE1}"=hex:51,66,7a,6c,4c,1d,38,12,f3,b6,0e,
    e5,3a,1e,91,07,ef,7f,10,18,46,e2,4f,f5
    "{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
    25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:14,5c,8b,74,4b,87,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,d7,da,d2,f3,3d,3d,4f,8b,a1,db,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,d7,da,d2,f3,3d,3d,4f,8b,a1,db,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Dell\Stage Remote\StageRemoteService.exe
    c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-01 07:29:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-01 06:29
    .
    Pre-Run: 1,673,156,239,360 bytes free
    Post-Run: 1,673,784,033,280 bytes free
    .
    - - End Of File - - 34707BE78499E24F8153191527BD682F
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Thanks for the logs, continue as follows:

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    ClearJavaCache::
    File::
    c:\windows\system32\services.exe.4BDE40465C4754BF
    c:\windows\system32\services.exe.B09A2E41E8917600
    c:\windows\system32\drivers\dswlhwpc.sys
    c:\windows\system32\drivers\txfqoyvx.sys
    Driver::
    dswlhwpc
    txfqoyvx
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Post those two logs in reply, also give update on any remaining issues or concerns...

    Kevin
     
  6. Curtisin

    Curtisin Thread Starter

    Joined:
    Oct 9, 2011
    Messages:
    32
    Combofix Log:

    ComboFix 12-08-31.08 - Curtisin 01/09/2012 13:43:43.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.8174.5983 [GMT 1:00]
    Running from: c:\users\Curtisin\Desktop\ComboFix.exe
    Command switches used :: c:\users\Curtisin\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\drivers\dswlhwpc.sys"
    "c:\windows\system32\drivers\txfqoyvx.sys"
    "c:\windows\system32\services.exe.4BDE40465C4754BF"
    "c:\windows\system32\services.exe.B09A2E41E8917600"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\services.exe.4BDE40465C4754BF
    c:\windows\system32\services.exe.B09A2E41E8917600
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_dswlhwpc
    -------\Service_txfqoyvx
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-01 12:48 . 2012-09-01 12:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-09-01 12:48 . 2012-09-01 12:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-09-01 06:33 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D362220-6C66-4DAC-B988-75614B978418}\mpengine.dll
    2012-08-31 19:18 . 2012-08-31 19:18 -------- d-----w- c:\programdata\Curse Client
    2012-08-25 20:49 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-22 20:28 . 2012-08-22 20:28 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-22 20:28 . 2012-08-22 20:28 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-11 19:56 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB5C8C74-F744-40F6-B403-90A92B7972CD}\gapaengine.dll
    2012-08-11 19:46 . 2012-08-11 19:46 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-08-11 19:46 . 2012-08-11 19:46 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-11 12:25 . 2012-08-11 12:25 -------- d-----w- c:\programdata\Remedy
    2012-08-09 18:21 . 2012-08-09 18:50 -------- d-----w- c:\programdata\TrackMania
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-30 15:10 . 2012-05-18 16:42 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
    2012-07-26 19:53 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
    2012-07-12 02:01 . 2012-01-18 22:15 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-03 12:46 . 2012-02-07 08:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-14 08:06 . 2012-06-14 08:06 53248 ----a-r- c:\users\Curtisin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-06-14 07:43 . 2012-06-14 07:43 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-06-12 03:08 . 2012-07-12 02:03 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-06-09 05:43 . 2012-07-11 17:50 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 08:26 . 2012-06-06 08:26 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-06-06 08:26 . 2012-06-06 08:26 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-06-06 08:26 . 2012-06-06 08:26 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-06-06 08:26 . 2012-06-06 08:26 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-06-06 06:06 . 2012-07-11 17:50 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 17:50 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 17:50 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 17:50 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 17:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 17:50 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-09-01_06.25.38 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-09-01 12:48 . 2012-09-01 12:48 13354 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2012-09-01 06:24 . 2012-09-01 06:24 13354 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2010-11-21 03:09 . 2012-09-01 06:27 55728 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-09-01 06:27 38766 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-01-19 07:14 . 2012-09-01 06:27 12922 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4220429803-3547898977-4289334148-1000_UserData.bin
    + 2012-01-18 21:47 . 2012-09-01 12:41 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-01-18 21:47 . 2012-09-01 06:04 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-01-18 21:47 . 2012-09-01 12:41 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2012-01-18 21:47 . 2012-09-01 06:04 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-01 12:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-09-01 06:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-09-01 06:25 . 2012-09-01 06:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-09-01 12:49 . 2012-09-01 12:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:01 . 2012-09-01 06:24 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-09-01 12:48 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2012-01-18 23:10 . 2012-09-01 06:24 60092228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4220429803-3547898977-4289334148-1000-12288.dat
    + 2012-01-18 23:10 . 2012-09-01 12:48 60092228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4220429803-3547898977-4289334148-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-23 5661056]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693]
    "SPIRunE"="SPIRunE.dll" [2009-07-27 18432]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
    "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-12 75048]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/01/10 18:46;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2011-08-11 248304]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250568]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-06-06 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-10 79360]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-22 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-19 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
    R3 X6va006;X6va006;c:\users\Curtisin\AppData\Local\Temp\0063A39.tmp [x]
    R3 X6va008;X6va008;c:\users\Curtisin\AppData\Local\Temp\0087FE8.tmp [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-09 272448]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
    S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-04 687400]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-07-27 639512]
    S3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [2009-07-31 25600]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_9EC60124
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 20:28]
    .
    2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4220429803-3547898977-4289334148-1000Core.job
    - c:\users\Curtisin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 07:49]
    .
    2012-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4220429803-3547898977-4289334148-1000UA.job
    - c:\users\Curtisin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-21 07:49]
    .
    2012-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
    .
    2012-08-31 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
    "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
    "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-27 2022976]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "LogiScrollApp"="c:\program files\Logitech\FlowScroll\KhalScroll.exe" [2012-02-08 166680]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\combofix\CF8312.3XE" [2010-11-21 345088]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ie/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
    TCP: DhcpNameServer = 85.91.1.19 85.91.1.18
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath - c:\users\Curtisin\AppData\Roaming\Mozilla\Firefox\Profiles\hbtov1xr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
    "ImagePath"="\??\c:\users\Curtisin\AppData\Local\Temp\0063A39.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\users\Curtisin\AppData\Local\Temp\0087FE8.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Dell\Stage Remote\StageRemoteService.exe
    c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-01 13:53:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-01 12:53
    ComboFix2.txt 2012-09-01 06:29
    .
    Pre-Run: 1,673,720,156,160 bytes free
    Post-Run: 1,673,589,460,992 bytes free
    .
    - - End Of File - - D3DBCAE4EF0A4CA370F89138C0BC414F


    ESET Online Scanner Log:

    C:\Downloads\Software\FINALFANTASYVII-dm.exe a variant of Win32/Adware.Trymedia.A application
    C:\Qoobox\Quarantine\C\Users\Curtisin\AppData\Roaming\D2B9.exe.vir a variant of Win32/Kryptik.ALEB trojan
    C:\Qoobox\Quarantine\C\Users\Curtisin\AppData\Roaming\E407.exe.vir a variant of Win32/Kryptik.ALEB trojan
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Run the following:

    Please download OTM by OldTimer.

    Alternative Mirror 1
    Alternative Mirror 2

    Save it to your desktop.

    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      ipconfig /flushdns /c
      C:\Downloads\Software\FINALFANTASYVII-dm.exe
      :Commands
      [EmptyTemp]
      [ReBoot]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Post that log, tell me how your system responds and if you have any remaining issues or concerns...

    Kevin
     
  8. Curtisin

    Curtisin Thread Starter

    Joined:
    Oct 9, 2011
    Messages:
    32
    OTM Log:

    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Curtisin\Downloads\cmd.bat deleted successfully.
    C:\Users\Curtisin\Downloads\cmd.txt deleted successfully.
    C:\Downloads\Software\FINALFANTASYVII-dm.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Curtisin
    ->Temp folder emptied: 83858 bytes
    ->Temporary Internet Files folder emptied: 104308789 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 553932973 bytes
    ->Google Chrome cache emptied: 367696203 bytes
    ->Flash cache emptied: 56989 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1588 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 349404257 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 678 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 682337 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,313.00 mb


    OTM by OldTimer - Version 3.1.21.0 log created on 09012012_163516
    Files moved on Reboot...
    C:\Users\Curtisin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    Registry entries deleted on Reboot...


    The popups appear to be gone as I haven't had any problems with them since the ComboFix run.
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Okey Dokey, do the following :-

    Step 1

    Remove Combofix now that we're done with it
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.

    It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

    Step 2

    Remove ESET online scanner:

    • Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
    • Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

    Step 3

    • Download OTC by OldTimer and save it to your desktop. Alternative mirror
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7 accept UAC
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself.

    Any tools/logs remaining on the Desktop can be deleted.

    Step 4

    Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates.
    If Java or Adobe are updated please check under Start > Control Panel > Programs and Featues, ensure any old versions are removed. <--- Very Important

    Step 5

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

    Let me know if those steps complete OK, also tell me if you have any remaining issues or concerns...

    Kevin
     
  10. Curtisin

    Curtisin Thread Starter

    Joined:
    Oct 9, 2011
    Messages:
    32
    Hi Kevin,

    Thanks for all the help here.

    I've run it all from your last post and everything seems to go through with no trouble. I haven't had any annoying popups either, so I think everything should now be sorted.

    Sorry for not getting back to you sooner though, but I thought I'd posted a reply already, but apparently I closed the browser before it was sent through.
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Hiya Curtisin,

    Good to hear that your system is working as expected with no issues, it was also a pleasure to work hand in hand with you.

    Here are some tips to reduce the potential for malware infection in the future:

    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained Here

    Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates.
    If Java or Adobe as updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed.
    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    Firefox,

    Opera, and

    Chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    If no remaining issues hit the “Mark Solved” tab at the top of the thread,

    Take care,

    Kevin
     
  12. Curtisin

    Curtisin Thread Starter

    Joined:
    Oct 9, 2011
    Messages:
    32
    Hi Kevin,

    Thanks once again. I'll have a look through these though I must admit I much prefer using IE to either of the alternatives. Some of the websites that I frequent (thankfully not the one where I'm certain I got the problem from) aren't too great with Chrome or FF. I'll have a look at Opera however.

    Thanks once again, your help was really appreciated.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1067235