1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Audio ads playing in background

Discussion in 'Virus & Other Malware Removal' started by zefram, May 24, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. zefram

    zefram Thread Starter

    Joined:
    May 24, 2012
    Messages:
    6
    Hi
    I currently have the same issue as sutefaniidesu who had an entry entitled "Audio ads playing in the background" from Jan 1, 2010. I've included the sysinfo, ComboFix log and the "loaded drivers" information from my ntbtlog.txt. My issue occurs as soon as the login screen appears which is why I'm sending the ntbtlog.txt. Any help would be greatly appreciated.

    Thanks,
    zefram


    =============== Sysinfo

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, 64 bit
    Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz, Intel64 Family 6 Model 26 Stepping 5
    Processor Count: 8
    RAM: 12279 Mb
    Graphics Card: NVIDIA GeForce GTX 470, 1280 Mb
    Hard Drives: C: Total - 953767 MB, Free - 141312 MB; D: Total - 1907718 MB, Free - 924581 MB; E: Total - 953867 MB, Free - 182680 MB;
    Motherboard: ASUSTeK Computer INC., SABERTOOTH X58
    Antivirus: None


    ================ ComboFix log


    ComboFix 12-05-24.01 - w7 05/24/2012 9:01.2.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.10599 [GMT -4:00]
    Running from: c:\users\w7\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-24 13:07 . 2012-05-24 13:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-05-24 13:07 . 2012-05-24 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-06 16:39 . 2012-05-06 16:39 -------- d-----w- c:\windows\system32\appmgmt
    2012-05-06 16:02 . 2012-05-06 16:12 -------- d-----w- c:\users\w7\AppData\Roaming\Awesomium
    2012-05-05 13:55 . 2012-05-05 13:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-05-05 13:55 . 2012-05-05 13:55 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-05 13:55 . 2012-05-05 13:55 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-05-04 20:56 . 2012-05-04 20:58 -------- d-----w- c:\users\w7\AppData\Local\PAYDAY
    2012-05-03 23:24 . 2012-05-03 23:23 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-02 00:42 . 2012-05-02 00:59 -------- d-----w- c:\users\w7\AppData\Roaming\Apple Computer
    2012-05-02 00:42 . 2012-05-02 00:42 -------- d-----w- c:\users\w7\AppData\Local\Apple Computer
    2012-05-02 00:42 . 2012-05-02 00:42 -------- dc----w- c:\windows\system32\DRVSTORE
    2012-05-02 00:42 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-05-02 00:41 . 2012-05-02 00:41 -------- d-----w- c:\programdata\Apple
    2012-04-28 14:21 . 2012-04-28 14:21 -------- d-----w- c:\users\w7\AppData\Roaming\RenPy
    2012-04-24 21:39 . 2005-08-30 04:00 781312 ----a-w- c:\windows\SysWow64\RGSS102J.dll
    2012-04-24 21:39 . 2005-08-30 04:00 778752 ----a-w- c:\windows\SysWow64\RGSS102E.dll
    2012-04-24 21:39 . 2005-08-30 04:00 771584 ----a-w- c:\windows\SysWow64\RGSS100J.dll
    2012-04-24 21:36 . 2012-04-24 21:39 -------- d-----w- c:\program files (x86)\Common Files\Enterbrain
    2012-04-24 13:56 . 2012-04-24 13:56 -------- d-----w- c:\users\w7\oni
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-06 15:21 . 2012-04-16 00:49 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-06 15:21 . 2012-01-01 14:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 00:40 . 2012-04-16 20:40 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-03 23:23 . 2011-12-29 00:52 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-17 23:35 . 2012-01-23 14:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-04-17 23:35 . 2011-12-28 20:07 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-04-16 21:40 . 2011-12-28 20:07 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-03-18 03:56 . 2011-12-28 20:07 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-03-18 03:17 . 2012-03-18 03:17 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-24_12.50.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-02-05 14:18 . 2012-05-24 12:56 42384 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-05-24 12:56 49700 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-05 03:08 . 2012-05-24 12:56 13796 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1007896227-2540983366-3169110878-1000_UserData.bin
    + 2011-02-11 00:00 . 2012-05-24 13:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-11 00:00 . 2012-05-24 12:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-11 00:00 . 2012-05-24 13:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-02-11 00:00 . 2012-05-24 12:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-05-24 13:08 . 2012-05-24 13:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-05-24 12:49 . 2012-05-24 12:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 02:36 . 2012-05-24 12:42 672494 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-05-24 12:59 672494 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-05-24 12:59 125226 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-05-24 12:42 125226 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-05-24 12:48 406816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-05-24 13:07 406816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-02-05 15:10 . 2012-05-24 12:48 4990656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1007896227-2540983366-3169110878-1000-8192.dat
    + 2011-02-05 15:10 . 2012-05-24 13:07 4990656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1007896227-2540983366-3169110878-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}]
    2012-01-11 02:43 63368 ----a-w- c:\perfect world entertainment\CORE Client\plugins\CorePluginIE.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="d:\steam\steam.exe" [2012-02-20 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
    "Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer9"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
    R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Heroes In the Sky\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 129976]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 X6va001;X6va001;c:\users\w7\AppData\Local\Temp\00137EC.tmp [x]
    R3 X6va005;X6va005;c:\users\w7\AppData\Local\Temp\005C566.tmp [x]
    R3 X6va008;X6va008;c:\users\w7\AppData\Local\Temp\008C967.tmp [x]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-05 79360]
    R4 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2010-07-28 242176]
    R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
    R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
    R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 15:21]
    .
    2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007896227-2540983366-3169110878-1000Core.job
    - c:\users\w7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 00:14]
    .
    2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007896227-2540983366-3169110878-1000UA.job
    - c:\users\w7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 00:14]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
    FF - ProfilePath - c:\users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\e8wvwji8.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
    "ImagePath"="\??\c:\users\w7\AppData\Local\Temp\00137EC.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\w7\AppData\Local\Temp\005C566.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\users\w7\AppData\Local\Temp\008C967.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1007896227-2540983366-3169110878-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a7,9a,be,9b,c8,28,b7,29,c6,27,2c,e4,7d,bf,a2,24,f8,69,e7,8f,f8,
    8e,f3,51,69,25,1f,7a,c8,3d,f9,be,f9,38,bc,9b,2d,52,9b,dc,3f,60,40,0b,8e,11,\
    "rkeysecu"=hex:18,be,cf,83,e0,ce,a3,3b,5c,ad,4f,9a,4f,de,d8,e6
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-24 09:13:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-24 13:13
    ComboFix2.txt 2012-05-24 12:52
    .
    Pre-Run: 148,398,260,224 bytes free
    Post-Run: 148,058,583,040 bytes free
    .
    - - End Of File - - 25689E4D7797D23C73F900D1FDED9670




    ====== ntbtlog.txt (the loaded drivers


    Loaded driver \SystemRoot\system32\ntoskrnl.exe
    Loaded driver \SystemRoot\system32\hal.dll
    Loaded driver \SystemRoot\system32\kdcom.dll
    Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
    Loaded driver \SystemRoot\system32\PSHED.dll
    Loaded driver \SystemRoot\system32\CLFS.SYS
    Loaded driver \SystemRoot\system32\CI.dll
    Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
    Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
    Loaded driver \SystemRoot\System32\Drivers\sptd.sys
    Loaded driver \SystemRoot\System32\Drivers\WMILIB.SYS
    Loaded driver \SystemRoot\System32\Drivers\SCSIPORT.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\ACPI.sys
    Loaded driver \SystemRoot\system32\DRIVERS\msisadrv.sys
    Loaded driver \SystemRoot\system32\DRIVERS\vdrvroot.sys
    Loaded driver \SystemRoot\system32\DRIVERS\pci.sys
    Loaded driver \SystemRoot\System32\drivers\partmgr.sys
    Loaded driver \SystemRoot\system32\DRIVERS\volmgr.sys
    Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
    Loaded driver \SystemRoot\system32\DRIVERS\pciide.sys
    Loaded driver \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
    Loaded driver \SystemRoot\system32\DRIVERS\atapi.sys
    Loaded driver \SystemRoot\system32\DRIVERS\ataport.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\nvstor.sys
    Loaded driver \SystemRoot\system32\DRIVERS\storport.sys
    Loaded driver \SystemRoot\system32\DRIVERS\msahci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\amdxata.sys
    Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
    Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
    Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
    Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
    Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
    Loaded driver \SystemRoot\System32\Drivers\cng.sys
    Loaded driver \SystemRoot\System32\drivers\pcw.sys
    Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
    Loaded driver \SystemRoot\system32\drivers\ndis.sys
    Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
    Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
    Loaded driver \SystemRoot\System32\drivers\tcpip.sys
    Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
    Loaded driver \SystemRoot\system32\DRIVERS\vmstorfl.sys
    Loaded driver \SystemRoot\system32\DRIVERS\volsnap.sys
    Loaded driver \SystemRoot\System32\Drivers\spldr.sys
    Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
    Loaded driver \SystemRoot\System32\Drivers\mup.sys
    Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
    Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
    Loaded driver \SystemRoot\system32\DRIVERS\disk.sys
    Loaded driver \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    Loaded driver \SystemRoot\System32\Drivers\Null.SYS
    Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
    Loaded driver \SystemRoot\System32\drivers\vga.sys
    Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
    Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\1394ohci.sys
    Loaded driver \SystemRoot\System32\Drivers\a9x2yg1u.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
    Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
    Loaded driver \SystemRoot\system32\DRIVERS\CompositeBus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rdpbus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
    Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
    Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
    Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
    Loaded driver \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
    Loaded driver \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    Loaded driver \SystemRoot\system32\drivers\WudfPf.sys
    Loaded driver \SystemRoot\system32\ntoskrnl.exe
    Loaded driver \SystemRoot\system32\hal.dll
    Loaded driver \SystemRoot\system32\kdcom.dll
    Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
    Loaded driver \SystemRoot\system32\PSHED.dll
    Loaded driver \SystemRoot\system32\CLFS.SYS
    Loaded driver \SystemRoot\system32\CI.dll
    Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
    Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
    Loaded driver \SystemRoot\System32\Drivers\sptd.sys
    Loaded driver \SystemRoot\System32\Drivers\WMILIB.SYS
    Loaded driver \SystemRoot\System32\Drivers\SCSIPORT.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\ACPI.sys
    Loaded driver \SystemRoot\system32\DRIVERS\msisadrv.sys
    Loaded driver \SystemRoot\system32\DRIVERS\vdrvroot.sys
    Loaded driver \SystemRoot\system32\DRIVERS\pci.sys
    Loaded driver \SystemRoot\System32\drivers\partmgr.sys
    Loaded driver \SystemRoot\system32\DRIVERS\volmgr.sys
    Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
    Loaded driver \SystemRoot\system32\DRIVERS\pciide.sys
    Loaded driver \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
    Loaded driver \SystemRoot\system32\DRIVERS\atapi.sys
    Loaded driver \SystemRoot\system32\DRIVERS\ataport.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\nvstor.sys
    Loaded driver \SystemRoot\system32\DRIVERS\storport.sys
    Loaded driver \SystemRoot\system32\DRIVERS\msahci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\amdxata.sys
    Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
    Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
    Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
    Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
    Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
    Loaded driver \SystemRoot\System32\Drivers\cng.sys
    Loaded driver \SystemRoot\System32\drivers\pcw.sys
    Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
    Loaded driver \SystemRoot\system32\drivers\ndis.sys
    Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
    Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
    Loaded driver \SystemRoot\System32\drivers\tcpip.sys
    Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
    Loaded driver \SystemRoot\system32\DRIVERS\vmstorfl.sys
    Loaded driver \SystemRoot\system32\DRIVERS\volsnap.sys
    Loaded driver \SystemRoot\System32\Drivers\spldr.sys
    Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
    Loaded driver \SystemRoot\System32\Drivers\mup.sys
    Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
    Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
    Loaded driver \SystemRoot\system32\DRIVERS\disk.sys
    Loaded driver \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    Loaded driver \SystemRoot\System32\Drivers\Null.SYS
    Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
    Loaded driver \SystemRoot\System32\drivers\vga.sys
    Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
    Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\1394ohci.sys
    Loaded driver \SystemRoot\System32\Drivers\aymvbkj4.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
    Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
    Loaded driver \SystemRoot\system32\DRIVERS\CompositeBus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rdpbus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mcdbus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
    Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
    Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
    Loaded driver \SystemRoot\system32\DRIVERS\cdfs.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
    Loaded driver \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
    Loaded driver \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    Loaded driver \SystemRoot\system32\drivers\WudfPf.sys
    Loaded driver \SystemRoot\system32\ntoskrnl.exe
    Loaded driver \SystemRoot\system32\hal.dll
    Loaded driver \SystemRoot\system32\kdcom.dll
    Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
    Loaded driver \SystemRoot\system32\PSHED.dll
    Loaded driver \SystemRoot\system32\CLFS.SYS
    Loaded driver \SystemRoot\system32\CI.dll
    Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
    Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
    Loaded driver \SystemRoot\System32\Drivers\sptd.sys
    Loaded driver \SystemRoot\System32\Drivers\WMILIB.SYS
    Loaded driver \SystemRoot\System32\Drivers\SCSIPORT.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\ACPI.sys
    Loaded driver \SystemRoot\system32\DRIVERS\msisadrv.sys
    Loaded driver \SystemRoot\system32\DRIVERS\vdrvroot.sys
    Loaded driver \SystemRoot\system32\DRIVERS\pci.sys
    Loaded driver \SystemRoot\System32\drivers\partmgr.sys
    Loaded driver \SystemRoot\system32\DRIVERS\volmgr.sys
    Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
    Loaded driver \SystemRoot\system32\DRIVERS\pciide.sys
    Loaded driver \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
    Loaded driver \SystemRoot\system32\DRIVERS\atapi.sys
    Loaded driver \SystemRoot\system32\DRIVERS\ataport.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\nvstor.sys
    Loaded driver \SystemRoot\system32\DRIVERS\storport.sys
    Loaded driver \SystemRoot\system32\DRIVERS\msahci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\amdxata.sys
    Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
    Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
    Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
    Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
    Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
    Loaded driver \SystemRoot\System32\Drivers\cng.sys
    Loaded driver \SystemRoot\System32\drivers\pcw.sys
    Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
    Loaded driver \SystemRoot\system32\drivers\ndis.sys
    Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
    Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
    Loaded driver \SystemRoot\System32\drivers\tcpip.sys
    Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
    Loaded driver \SystemRoot\system32\DRIVERS\vmstorfl.sys
    Loaded driver \SystemRoot\system32\DRIVERS\volsnap.sys
    Loaded driver \SystemRoot\System32\Drivers\spldr.sys
    Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
    Loaded driver \SystemRoot\System32\Drivers\mup.sys
    Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
    Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
    Loaded driver \SystemRoot\system32\DRIVERS\disk.sys
    Loaded driver \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    Loaded driver \SystemRoot\System32\Drivers\Null.SYS
    Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
    Loaded driver \SystemRoot\System32\drivers\vga.sys
    Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
    Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
    Loaded driver \SystemRoot\system32\drivers\rdprefmp.sys
    Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
    Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
    Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
    Loaded driver \SystemRoot\system32\drivers\afd.sys
    Loaded driver \SystemRoot\system32\drivers\ws2ifsl.sys
    Loaded driver \SystemRoot\system32\DRIVERS\wfplwf.sys
    Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
    Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
    Loaded driver \SystemRoot\system32\DRIVERS\serial.sys
    Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
    Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
    Loaded driver \SystemRoot\System32\drivers\discache.sys
    Loaded driver \SystemRoot\system32\drivers\csc.sys
    Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
    Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
    Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
    Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
    Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
    Loaded driver \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\Rt64win7.sys
    Loaded driver \SystemRoot\system32\DRIVERS\1394ohci.sys
    Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys
    Loaded driver \SystemRoot\System32\Drivers\arqg1tey.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
    Loaded driver \SystemRoot\system32\DRIVERS\CompositeBus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\AgileVpn.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
    Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
    Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
    Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rdpbus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mcdbus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
    Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
    Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
    Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    Loaded driver \SystemRoot\system32\drivers\nvhda64v.sys
    Loaded driver \SystemRoot\system32\drivers\ksthunk.sys
    Loaded driver \SystemRoot\system32\drivers\HdAudio.sys
    Loaded driver \SystemRoot\system32\DRIVERS\cdfs.sys
    Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
    Loaded driver \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
    Loaded driver \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    Loaded driver \SystemRoot\system32\drivers\luafv.sys
    Loaded driver \SystemRoot\system32\drivers\WudfPf.sys
    Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
    Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
    Loaded driver \SystemRoot\system32\drivers\HTTP.sys
    Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
    Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    Loaded driver \SystemRoot\system32\drivers\npf.sys
    Loaded driver \SystemRoot\system32\drivers\peauth.sys
    Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
    Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
    Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
    Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Hi,

    Please do the following:

    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
     
  3. zefram

    zefram Thread Starter

    Joined:
    May 24, 2012
    Messages:
    6
    Hi Catbyte
    Posted below are the results from the FRST64 run.

    Thanks


    =============================== FRST.txt

    Scan result of Farbar Recovery Scan Tool Version: 25-05-2012
    Ran by SYSTEM at 26-05-2012 18:39:56
    Running from G:\
    Microsoft Windows XP (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [nwiz] nwiz.exe /installquiet [x]
    HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [116328 2010-01-11] (NVIDIA Corporation)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [14803560 2010-01-11] (NVIDIA Corporation)
    HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40048 2007-05-10] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QT Lite\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
    HKU\Administrator\...\Run: [Alcohol.bin Autorun] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.bin /startup [x]
    HKU\Administrator\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe" [136136 2007-09-06] (DT Soft Ltd.)
    HKU\Administrator\...\Policies\system: [NoDispAppearancePage] 0
    HKU\Administrator\...\Policies\system: [NoColorChoice] 0
    HKU\Administrator\...\Policies\system: [NoSizeChoice] 0
    HKU\Administrator\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\Administrator\...\Policies\system: [NoDispScrSavPage] 0
    HKU\Administrator\...\Policies\system: [NoDispCPL] 0
    HKU\Administrator\...\Policies\system: [NoVisualStyleChoice] 0
    HKU\Administrator\...\Policies\system: [NoDispSettingsPage] 0
    HKU\Default User\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [20992 2007-02-18] (Microsoft Corporation)
    HKU\LocalService\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [20992 2007-02-18] (Microsoft Corporation)
    HKU\NetworkService\...\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE [20992 2007-02-18] (Microsoft Corporation)
    HKLM-x32\...\Winlogon: [Userinit] userinit [x]
    HKLM-x32\...\Winlogon: [Shell] Explorer.exe rundll32.exe jxvy.dio cymucrx [x ] ()
    HKLM\...\Winlogon: [UIHost] %SystemRoot%\system32\logonui.exe [x ] ()
    Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
    Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
    Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
    Winlogon\Notify\dimsntfy: dimsntfy.dll (Microsoft Corporation)
    Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
    Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
    Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
    Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
    Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
    Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.237.161.12

    ==================== Services (Whitelisted) ======

    2 AeLookupSvc; C:\Windows\SysWow64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
    3 ALG; C:\Windows\SysWow64\alg.exe [45056 2007-02-18] (Microsoft Corporation)
    2 AudioSrv; C:\Windows\SysWow64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
    3 Browser; C:\Windows\SysWow64\browser.dll [78336 2007-03-14] (Microsoft Corporation)
    4 CiSvc; C:\Windows\System32\cisvc.exe [8704 2007-02-18] (Microsoft Corporation)
    4 CiSvc; C:\Windows\SysWow64\cisvc.exe [6656 2007-02-18] (Microsoft Corporation)
    3 ClipSrv; C:\Windows\System32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
    3 ClipSrv; C:\Windows\SysWow64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)
    3 dmadmin; C:\Windows\System32\dmadmin.exe /com [399872 2008-08-27] (Microsoft Corporation)
    2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
    2 Dnscache; C:\Windows\SysWow64\dnsrslvr.dll [45568 2008-02-18] (Microsoft Corporation)
    3 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
    2 Eventlog; C:\Windows\System32\services.exe [227840 2009-03-19] (Microsoft Corporation)
    3 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
    3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
    3 HTTPFilter; C:\Windows\SysWow64\w3ssl.dll [15360 2007-02-18] (Microsoft Corporation)
    3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2007-02-18] (Microsoft Corporation)
    3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
    3 LmHosts; C:\Windows\SysWow64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
    3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65824 2006-10-26] (Microsoft Corporation)
    4 mnmsrvc; C:\WINDOWS\SysWow64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
    4 NetDDE; C:\Windows\System32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
    4 NetDDE; C:\Windows\SysWow64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
    4 NetDDEdsdm; C:\Windows\System32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
    4 NetDDEdsdm; C:\Windows\SysWow64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
    2 Netman; C:\Windows\SysWow64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
    2 Nla; C:\Windows\System32\mswsock.dll [493056 2008-06-20] (Microsoft Corporation)
    2 Nla; C:\Windows\SysWow64\mswsock.dll [234496 2008-06-20] (Microsoft Corporation)
    4 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2008-10-20] ()
    3 npggsvc; C:\WINDOWS\SysWow64\GameMon.des -service [4085304 2010-10-12] (INCA Internet Co., Ltd.)
    3 NtLmSsp; C:\Windows\System32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
    3 NtmsSvc; C:\Windows\System32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
    2 NVSvc; C:\Windows\System32\nvsvc64.exe [181352 2010-01-11] (NVIDIA Corporation)
    2 PlugPlay; C:\Windows\System32\services.exe [227840 2009-03-19] (Microsoft Corporation)
    3 PolicyAgent; C:\Windows\System32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
    3 RasAuto; C:\Windows\SysWow64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
    3 RasMan; C:\Windows\SysWow64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
    4 RemoteRegistry; C:\Windows\SysWow64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
    3 RpcLocator; C:\Windows\SysWow64\locator.exe [71680 2007-02-18] (Microsoft Corporation)
    3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
    3 SCardSvr; C:\Windows\SysWow64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
    3 Schedule; C:\Windows\SysWow64\schedsvc.dll [202240 2008-05-08] (Microsoft Corporation)
    4 seclogon; C:\Windows\SysWow64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
    3 SharedAccess; C:\Windows\SysWow64\ipnathlp.dll [343552 2007-02-18] (Microsoft Corporation)
    4 SSDPSRV; C:\Windows\SysWow64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
    4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
    2 stisvc; C:\Windows\SysWow64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
    4 SysmonLog; C:\Windows\System32\smlogsvc.exe [133120 2007-12-14] (Microsoft Corporation)
    4 SysmonLog; C:\Windows\SysWow64\smlogsvc.exe [96256 2007-12-14] (Microsoft Corporation)
    3 TrkWks; C:\Windows\SysWow64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
    3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
    3 UPS; C:\Windows\SysWow64\ups.exe [16896 2007-02-18] (Microsoft Corporation)
    2 W32Time; C:\WINDOWS\SysWow64\w32time.dll [227840 2008-06-24] (Microsoft Corporation)
    3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [27136 2009-06-10] (Microsoft Corporation)
    3 Wmi; C:\Windows\System32\advapi32.dll [1065472 2009-03-19] (Microsoft Corporation)
    3 Wmi; C:\Windows\SysWow64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)
    3 WMPNetworkSvc; "C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe" [913408 2006-10-18] (Microsoft Corporation)
    4 wuauserv; C:\WINDOWS\system32\wuauserv.dll [22552 2008-10-16] (Microsoft Corporation)
    3 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2009-06-10] (Microsoft Corporation)
    3 WZCSVC; C:\Windows\SysWow64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
    3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
    3 xmlprov; C:\Windows\SysWow64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
    2 Akamai; c:\program files (x86)\common files\akamai\netsession_win_dbc0250.dll [x]
    3 clr_optimization_v2.0.50727_32; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [x]
    3 clr_optimization_v2.0.50727_64; c:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [x]
    3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [x]
    3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [x]
    4 JavaQuickStarterService; "C:\Program Files (x86)\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
    4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]
    3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
    3 WinHttpAutoProxySvc; winhttp.dll [x]

    ========================== Drivers (Whitelisted) =============

    4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
    3 aec; C:\Windows\System32\Drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
    3 Arp1394; C:\Windows\System32\Drivers\Arp1394.sys [111104 2007-02-16] (Microsoft Corporation)
    3 Atmarpc; C:\Windows\System32\Drivers\Atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
    3 audstub; C:\Windows\System32\Drivers\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
    2 CdaC15BA; C:\Windows\System32\Drivers\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    2 CdaD10BA; C:\Windows\System32\Drivers\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    4 dmboot; C:\Windows\System32\Drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
    0 dmio; C:\Windows\System32\Drivers\dmio.sys [246784 2009-01-08] (Microsoft Corporation)
    0 dmload; C:\Windows\System32\Drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
    1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
    0 Ftdisk; C:\Windows\System32\Drivers\Ftdisk.sys [240128 2007-09-01] (Microsoft Corporation)
    3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
    1 imapi; C:\Windows\System32\Drivers\imapi.sys [72704 2009-06-10] (Microsoft Corporation)
    3 Ip6Fw; C:\Windows\System32\Drivers\Ip6Fw.sys [57856 2007-02-18] (Microsoft Corporation)
    1 IPSec; C:\Windows\System32\Drivers\IPSec.sys [156672 2007-11-22] (Microsoft Corporation)
    3 kmixer; C:\Windows\System32\Drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
    1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
    3 NIC1394; C:\Windows\System32\Drivers\NIC1394.sys [92160 2005-03-24] (Microsoft Corporation)
    2 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
    3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [12477312 2010-01-11] (NVIDIA Corporation)
    3 pbfilter; \??\C:\pbfilter.sys [16472 2009-09-27] ()
    3 PSched; C:\Windows\System32\Drivers\PSched.sys [106496 2007-02-18] (Microsoft Corporation)
    3 Ptilink; C:\Windows\System32\Drivers\Ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
    3 Raspti; C:\Windows\System32\Drivers\Raspti.sys [31232 2007-02-18] (Microsoft Corporation)
    1 redbook; C:\Windows\System32\Drivers\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
    3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [157184 2009-06-10] (Realtek Semiconductor Corporation )
    3 splitter; C:\Windows\System32\Drivers\splitter.sys [10240 2007-02-16] (Microsoft Corporation)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [860656 2010-09-09] (Duplex Secure Ltd.)
    3 swmidi; C:\Windows\System32\Drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
    3 sysaudio; C:\Windows\System32\Drivers\sysaudio.sys [147456 2007-02-16] (Microsoft Corporation)
    3 Update; C:\Windows\System32\Drivers\Update.sys [152576 2007-05-29] (Microsoft Corporation)
    3 wdmaud; C:\Windows\System32\Drivers\wdmaud.sys [187904 2007-02-16] (Microsoft Corporation)
    4 Abiosdsk; [x]
    4 adpu160m; [x]
    4 adpu320; [x]
    4 aic78u2; [x]
    4 aic78xx; [x]
    4 AliIde; [x]
    4 AmdIde; [x]
    4 arc; [x]
    4 Atdisk; [x]
    4 CmdIde; [x]
    4 dpti2o; [x]
    3 dump_wmimmc; \??\C:\IJJI\English\GenesisAD\GameGuard\dump_wmimmc.sys [x]
    4 iirsp; [x]
    4 mraid35x; [x]
    3 NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys [x]
    4 RDSessMgr; [x]
    4 Simbad; [x]
    4 symc8xx; [x]
    4 symmpi; [x]
    4 sym_hi; [x]
    4 sym_u3; [x]
    4 TosIde; [x]
    4 ultra; [x]
    4 ViaIde; [x]
    3 WmiApSrv; [x]
    4 wscsvc; [x]
    3 X6va003; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\003285.tmp [x]

    ========================== NetSvcs (Whitelisted) ===========
    NETSVCx32: Browser
    NETSVCx32: CryptSvc
    NETSVCx32: DMServer
    NETSVCx32: EventSystem
    NETSVCx32: HidServ
    NETSVCx32: Iprip
    NETSVCx32: LanmanWorkstation
    NETSVCx32: Netman
    NETSVCx32: Seclogon
    NETSVCx32: TrkWks
    NETSVCx32: WZCSVC
    NETSVCx32: xmlprov
    NETSVCx32: WmdmPmSN

    ============ One Month Created Files and Folders ==============

    2012-05-26 18:39 - 2012-05-26 18:39 - 0000000 ____D C:\FRST


    ============ 3 Months Modified Files and Folders =============



    ========================= Known DLLs (Whitelisted) ============

    [2007-02-18 04:00] - [2007-02-18 04:00] - 0131584 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll
    [2007-02-18 04:00] - [2007-02-18 04:00] - 0076288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olecli32.dll
    [2007-02-18 04:00] - [2007-02-18 04:00] - 0056832 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll
    [2007-02-18 04:00] - [2007-02-18 04:00] - 0038912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olecnv32.dll
    [2007-02-18 04:00] - [2007-02-18 04:00] - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll
    [2007-02-18 04:00] - [2007-02-18 04:00] - 0024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\olesvr32.dll
    [2008-11-22 11:06] - [2008-11-22 11:06] - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    C:\Windows\SysWOW64\wow64.dll IS MISSING <==== ATTENTION!
    [2007-02-18 04:00] - [2007-02-18 04:00] - 0018944 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    C:\Windows\SysWOW64\wow64cpu.dll IS MISSING <==== ATTENTION!
    [2008-02-06 07:11] - [2008-02-06 07:11] - 0287232 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    C:\Windows\SysWOW64\wow64win.dll IS MISSING <==== ATTENTION!

    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe
    [2008-04-23 19:12] - [2008-04-23 19:12] - 0944128 ____A (Microsoft Corporation) 41433583EA482B238DE2951DE59DEB4C

    C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
    C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
    C:\Windows\explorer.exe
    [2007-02-05 20:03] - [2007-02-05 20:03] - 1364480 ____A (Microsoft Corporation) B02B95ED58DFB67502B3908573FAC6D7

    C:\Windows\SysWOW64\explorer.exe
    [2007-02-05 20:03] - [2007-02-05 20:03] - 1053184 ____A (Microsoft Corporation) A7350345C820527B581DA9337EB9601F

    C:\Windows\System32\svchost.exe
    [2007-02-18 04:00] - [2007-02-18 04:00] - 0025600 ____A (Microsoft Corporation) 46300880A5062A41C16DF5E3E836A6C9

    C:\Windows\SysWOW64\svchost.exe
    [2007-02-18 04:00] - [2007-02-18 04:00] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682

    C:\Windows\System32\User32.dll
    [2007-03-01 20:56] - [2007-03-01 20:56] - 1086464 ____A (Microsoft Corporation) 35BC0334F3D679209C34CB6E4293C29C

    C:\Windows\SysWOW64\User32.dll
    [2007-03-01 20:56] - [2007-03-01 20:56] - 0602624 ____A (Microsoft Corporation) F8DA18588869B9480F99AD2E0CC7EFC2

    C:\Windows\System32\userinit.exe
    [2007-02-18 04:00] - [2007-02-18 04:00] - 0039424 ____A (Microsoft Corporation) 438393CC0B5122B5D988BD7BA05FE3C9

    C:\Windows\SysWOW64\userinit.exe
    [2007-02-18 04:00] - [2007-02-18 04:00] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5

    C:\Windows\System32\Drivers\volsnap.sys
    [2009-02-23 18:07] - [2009-02-23 18:07] - 0326144 ____A (Microsoft Corporation) 511F64AC3D17D9E6E59E0D20B3EC7B9D


    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 7%
    Total physical RAM: 12279.11 MB
    Available physical RAM: 11325.64 MB
    Total Pagefile: 12277.26 MB
    Available Pagefile: 11307.74 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: (NewW64Xp) (Fixed) (Total:931.51 GB) (Free:178.34 GB) NTFS
    2 Drive e: (Steam2Gb) (Fixed) (Total:1863.01 GB) (Free:427.99 GB) NTFS
    3 Drive f: () (Fixed) (Total:931.41 GB) (Free:129.37 GB) NTFS
    4 Drive g: (BARTPE) (Removable) (Total:7.21 GB) (Free:3.48 GB) NTFS
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 1863 GB 7168 KB
    Disk 2 Online 931 GB 0 B
    Disk 3 Online 7385 MB 3072 KB

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 Y System Rese NTFS Partition 100 MB Healthy

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 F NTFS Partition 931 GB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 0 Extended 1863 GB 8032 KB
    Partition 1 Logical 1863 GB 8064 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E Steam2Gb NTFS Partition 1863 GB Healthy

    ======================================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 31 KB

    ======================================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NewW64Xp NTFS Partition 931 GB Healthy

    ======================================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7381 MB 31 KB
    Partition 0 Primary 31 KB 7381 MB

    ======================================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G BARTPE NTFS Removable 7381 MB Healthy

    ======================================================================================================
    ======================= End Of Log ==========================
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Hi

    Please do the following:


    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    Code:
    start
    HKLM-x32\...\Winlogon: [Shell] Explorer.exe rundll32.exe jxvy.dio cymucrx [x ] ()
    end
    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options then select Command Prompt

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    • While you are still booted into System Recovery Options run FRST.

      Type the following in the edit box after "Search:" so it looks like this:

      Search: wow64.dll;wow64cpu.dll;wow64win.dll;wininit.exe;

      Click Search button and post the log it makes to your reply.



    Now restart, let it boot normally and tell me how it went.
     
  5. zefram

    zefram Thread Starter

    Joined:
    May 24, 2012
    Messages:
    6
    Hi CatByte,
    I've posted the logs you requested below.
    I'm hesitantly going to say that you have succeeded as I've been on the PC for about an twenty minutes now and I haven't heard any background audio. I'm going to ghost this disk for a backup in case it happens again.
    I really appreciate your help in this.

    Z


    ================== fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 25-05-2012
    Ran by SYSTEM at 2012-05-27 11:29:07 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored.

    ==== End of Fixlog ====




    ===================== Search.txt

    Farbar Recovery Scan Tool Version: 25-05-2012
    Ran by SYSTEM at 2012-05-27 11:30:21
    Running from G:\

    ================== Search: "wow64.dll;wow64cpu.dll;wow64win.dll;wininit.exe;" ===================

    C:\WINDOWS\system32\wow64.dll
    [2008-11-22 11:06] - [2008-11-22 11:06] - 0249856 ____A (Microsoft Corporation) 1A9DCA95E0A772619811C760637D5553

    C:\WINDOWS\system32\wow64cpu.dll
    [2007-02-18 04:00] - [2007-02-18 04:00] - 0018944 ____A (Microsoft Corporation) B4D2C5BDB07E76E9C69128B00BC00711

    C:\WINDOWS\system32\wow64win.dll
    [2008-02-06 07:11] - [2008-02-06 07:11] - 0287232 ____A (Microsoft Corporation) C5433AA27B28F6E2CE78F0433E0AD10C

    ====== End Of Search ======
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Hi,

    We still have some work to do, so stay with me

    please do the following:

    Refer to the ComboFix User's Guide

    1. Download ComboFix from one of these locations:

      Link 1
      Link 2

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    3. Double click on ComboFix.exe & follow the prompts.
    4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    5. When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      ---------------------------------------------------------------------------------------------
    6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  7. zefram

    zefram Thread Starter

    Joined:
    May 24, 2012
    Messages:
    6
    Hi CatByte,
    Sorry if I jumped the gun. I ran the ComboFix and have posted the log below.

    Z



    ==================== ComboFix.txt

    ComboFix 12-05-27.02 - w7 05/27/2012 18:37:28.3.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.10684 [GMT -4:00]
    Running from: c:\users\w7\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-27 22:44 . 2012-05-27 22:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-05-27 22:44 . 2012-05-27 22:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-25 05:17 . 2009-12-14 16:33 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
    2012-05-25 05:17 . 2012-05-25 05:17 -------- d-----w- c:\program files (x86)\Intel
    2012-05-25 05:17 . 2012-05-25 05:17 -------- d-----w- C:\Intel
    2012-05-25 05:13 . 2012-05-25 05:13 -------- d-----w- c:\program files (x86)\Realtek
    2012-05-25 05:06 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-05-25 04:49 . 2009-07-06 14:48 13368 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
    2012-05-25 04:49 . 2009-09-30 15:33 24576 ----a-w- c:\windows\SysWow64\AsIO.dll
    2012-05-25 04:49 . 2009-08-04 14:28 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
    2012-05-25 04:48 . 2012-05-25 04:49 -------- d-----w- c:\program files (x86)\ASUS
    2012-05-25 04:48 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-05-25 04:48 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-05-25 04:48 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-05-25 04:48 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-05-25 04:48 . 2002-07-25 20:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2012-05-24 16:45 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-05-24 16:45 . 2012-05-27 22:33 -------- d-----w- c:\programdata\AVAST Software
    2012-05-24 16:45 . 2012-05-24 16:45 -------- d-----w- c:\program files\AVAST Software
    2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-05-06 16:39 . 2012-05-06 16:39 -------- d-----w- c:\windows\system32\appmgmt
    2012-05-06 16:02 . 2012-05-06 16:12 -------- d-----w- c:\users\w7\AppData\Roaming\Awesomium
    2012-05-05 13:55 . 2012-05-05 13:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-05-05 13:55 . 2012-05-05 13:55 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-05 13:55 . 2012-05-05 13:55 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-05-04 20:56 . 2012-05-04 20:58 -------- d-----w- c:\users\w7\AppData\Local\PAYDAY
    2012-05-03 23:24 . 2012-05-03 23:23 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-02 00:42 . 2012-05-02 00:59 -------- d-----w- c:\users\w7\AppData\Roaming\Apple Computer
    2012-05-02 00:42 . 2012-05-02 00:42 -------- d-----w- c:\users\w7\AppData\Local\Apple Computer
    2012-05-02 00:42 . 2012-05-02 00:42 -------- dc----w- c:\windows\system32\DRVSTORE
    2012-05-02 00:42 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-05-02 00:41 . 2012-05-02 00:41 -------- d-----w- c:\programdata\Apple
    2012-04-28 14:21 . 2012-04-28 14:21 -------- d-----w- c:\users\w7\AppData\Roaming\RenPy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-25 04:54 . 2012-05-25 04:53 1266605 ----a-w- c:\windows\SABERTOOTH-X58-ASUS-1304.zip
    2012-05-15 10:48 . 2011-12-31 03:49 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2011-12-31 03:49 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2011-12-31 03:49 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2011-12-31 03:49 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-05-15 10:48 . 2011-12-31 03:49 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-05-15 10:48 . 2011-12-31 03:49 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-05-15 10:48 . 2011-02-05 14:18 2741568 ----a-w- c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2011-02-05 14:18 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 10:48 . 2011-02-05 14:18 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-05-15 09:29 . 2010-10-16 17:13 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2010-10-16 21:13 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2010-10-16 17:13 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2010-10-16 17:13 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-05-15 09:28 . 2010-10-16 17:13 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-05-06 15:21 . 2012-04-16 00:49 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-06 15:21 . 2012-01-01 14:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 00:40 . 2012-04-16 20:40 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-03 23:23 . 2011-12-29 00:52 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-17 23:35 . 2012-01-23 14:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-04-17 23:35 . 2011-12-28 20:07 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-04-16 21:40 . 2011-12-28 20:07 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-03-18 03:56 . 2011-12-28 20:07 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-03-18 03:17 . 2012-03-18 03:17 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-24_12.50.21 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2012-05-27 22:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-05-19 00:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-05-19 00:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-27 22:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-27 22:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-05-19 00:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-05 14:18 . 2012-05-27 22:35 45356 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-05-27 22:35 55390 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-05 03:08 . 2012-05-27 22:35 14674 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1007896227-2540983366-3169110878-1000_UserData.bin
    + 2012-05-25 05:14 . 2009-12-15 22:26 99016 c:\windows\system32\RTEEL64A.dll
    + 2012-05-25 05:14 . 2009-12-15 22:26 76488 c:\windows\system32\RTEEG64A.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 68640 c:\windows\system32\RCoInst64.dll
    + 2012-05-25 05:05 . 2012-04-18 17:08 31040 c:\windows\system32\nvhdap64.dll
    + 2009-07-14 05:30 . 2012-05-25 05:17 86016 c:\windows\system32\DriverStore\infpub.dat
    - 2009-07-14 05:30 . 2012-05-02 00:59 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2012-05-25 05:05 . 2012-04-18 17:08 31040 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvhdap64.dll
    + 2012-05-25 05:05 . 2012-04-18 17:08 72512 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvapo64v.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 68928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\OpenCL64.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 61248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\OpenCL.dll
    + 2012-05-25 05:14 . 2009-12-15 22:26 99016 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RTEEL64A.dll
    + 2012-05-25 05:14 . 2009-12-15 22:26 76488 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RTEEG64A.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 68640 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RCoInst64.dll
    + 2012-05-25 05:13 . 2009-11-17 22:14 98208 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\AERTSr64.exe
    - 2011-02-05 02:59 . 2012-05-21 23:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-05 02:59 . 2012-05-25 22:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-05 02:59 . 2012-05-21 23:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-02-05 02:59 . 2012-05-25 22:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-05-21 23:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-25 22:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2012-05-25 04:45 73256 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2011-02-11 00:00 . 2012-05-24 12:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-11 00:00 . 2012-05-27 22:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-05-24 15:41 . 2009-07-14 01:41 53248 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    - 2011-02-11 00:00 . 2012-05-24 12:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-11 00:00 . 2012-05-27 22:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-05-25 05:05 . 2012-05-15 10:48 4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdetx.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdet.dll
    - 2012-05-24 12:49 . 2012-05-24 12:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-05-27 22:46 . 2012-05-27 22:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-05-25 05:14 . 2010-01-29 19:00 137760 c:\windows\SysWOW64\RTCOM\RTLCPAPI.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 141856 c:\windows\SysWOW64\RTCOM\RtkCfg.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 818496 c:\windows\SysWOW64\nvumdshim.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 202048 c:\windows\SysWOW64\nvinit.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 301376 c:\windows\SysWOW64\nvdecodemft.dll
    + 2012-05-25 05:14 . 2009-11-24 13:55 155888 c:\windows\system32\SRSWOW64.dll
    + 2012-05-25 05:14 . 2009-11-24 13:55 518896 c:\windows\system32\SRSTSX64.dll
    + 2012-05-25 05:14 . 2009-11-24 13:55 211184 c:\windows\system32\SRSTSH64.dll
    + 2012-05-25 05:14 . 2009-11-24 13:55 198896 c:\windows\system32\SRSHP64.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 332320 c:\windows\system32\RtlCPAPI64.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 149536 c:\windows\system32\RtkCfg64.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 477216 c:\windows\system32\RtkApi64.dll
    + 2012-05-25 05:14 . 2009-12-15 22:26 372936 c:\windows\system32\RTEEP64A.dll
    + 2012-05-25 05:14 . 2009-12-15 22:26 201928 c:\windows\system32\RTEED64A.dll
    + 2012-05-25 05:14 . 2009-12-11 13:55 307920 c:\windows\system32\RP3DHT64.dll
    + 2012-05-25 05:14 . 2009-12-11 13:55 307920 c:\windows\system32\RP3DAA64.dll
    - 2009-07-14 02:36 . 2012-05-24 12:42 672494 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-05-27 22:41 672494 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-05-27 22:41 125226 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-05-24 12:42 125226 c:\windows\system32\perfc009.dat
    + 2012-05-25 05:05 . 2012-05-15 10:48 949056 c:\windows\system32\nvumdshimx.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 246592 c:\windows\system32\nvinitx.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 364352 c:\windows\system32\nvdecodemft.dll
    + 2012-05-25 05:14 . 2009-11-18 22:42 325904 c:\windows\system32\MaxxAudioAPO20.dll
    + 2012-05-25 05:13 . 2010-01-25 23:12 321440 c:\windows\system32\FMAPO64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:41 474896 c:\windows\system32\DTSVoiceClarityDLL64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 315152 c:\windows\system32\DTSNeoPCDLL64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 268560 c:\windows\system32\DTSLimiterDLL64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 123664 c:\windows\system32\DTSLFXAPO64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 123152 c:\windows\system32\DTSGFXAPO64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 265488 c:\windows\system32\DTSGainCompensatorDLL64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 504592 c:\windows\system32\DTSBassEnhancementDLL64.dll
    - 2009-07-14 05:30 . 2012-05-02 00:59 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2012-05-25 05:17 143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2012-05-02 00:41 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2009-07-14 05:30 . 2012-05-25 05:17 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2012-05-25 05:05 . 2012-05-15 12:55 398656 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_9040728c38bb13af\nvstusb64.sys
    + 2012-05-25 05:05 . 2012-04-18 17:08 188736 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvhda64v.sys
    + 2012-05-25 05:05 . 2012-04-18 17:08 156480 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvhda64.sys
    + 2012-05-25 05:05 . 2012-05-15 10:48 949056 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvumdshimx.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 818496 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvumdshim.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 313664 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvml.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 246592 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvinitx.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 202048 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvinit.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 202560 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvidia-smi.exe
    + 2012-05-25 05:05 . 2012-05-15 10:48 333120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvEncodeAPI64.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 282432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvEncodeAPI.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 249856 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdxgiwrapx.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 220480 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdxgiwrap.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 301376 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdecodemft32.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 364352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdecodemft.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 316928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\Nvd3d9wrapx.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 285504 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\Nvd3d9wrap.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 232768 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\dbInstaller.exe
    + 2012-05-25 05:14 . 2010-01-29 19:00 475680 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\vncutil64.exe
    + 2012-05-25 05:14 . 2009-11-24 13:55 155888 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\SRSWOW64.dll
    + 2012-05-25 05:14 . 2009-11-24 13:55 518896 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\SRSTSX64.dll
    + 2012-05-25 05:14 . 2009-11-24 13:55 211184 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\SRSTSH64.dll
    + 2012-05-25 05:14 . 2009-11-24 13:55 198896 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\SRSHP64.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 332320 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RtlCPAPI64.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 137760 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RTLCPAPI.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 149536 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RtkCfg64.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 141856 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RtkCfg.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 190496 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RtkAudioService64.exe
    + 2012-05-25 05:14 . 2010-01-29 19:00 477216 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RtkApi64.dll
    + 2012-05-25 05:14 . 2009-12-15 22:26 372936 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RTEEP64A.dll
    + 2012-05-25 05:14 . 2009-12-15 22:26 201928 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RTEED64A.dll
    + 2012-05-25 05:14 . 2009-12-11 13:55 307920 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RP3DHT64.dll
    + 2012-05-25 05:14 . 2009-12-11 13:55 307920 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RP3DAA64.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 877600 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RAVBg64.exe
    + 2012-05-25 05:14 . 2009-11-18 22:42 325904 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\MaxxAudioAPO20.dll
    + 2012-05-25 05:13 . 2010-01-25 23:12 321440 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\FMAPO64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:41 474896 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\DTSVoiceClarityDLL64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 315152 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\DTSNeoPCDLL64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 268560 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\DTSLimiterDLL64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 123664 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\DTSLFXAPO64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 123152 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\DTSGFXAPO64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 265488 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\DTSGainCompensatorDLL64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 504592 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\DTSBassEnhancementDLL64.dll
    + 2012-05-25 05:13 . 2009-11-17 22:12 108960 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\AERTAR64.dll
    + 2012-05-25 05:13 . 2010-01-26 15:38 168288 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\AERTAC64.dll
    + 2012-05-25 05:05 . 2012-04-18 17:08 188736 c:\windows\system32\drivers\nvhda64v.sys
    + 2012-05-25 05:13 . 2009-11-17 22:12 108960 c:\windows\system32\AERTAR64.dll
    + 2012-05-25 05:13 . 2010-01-26 15:38 168288 c:\windows\system32\AERTAC64.dll
    + 2009-07-14 05:01 . 2012-05-27 22:45 406816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-05-24 12:48 406816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-05-25 05:14 . 2010-01-29 19:00 1083936 c:\windows\SysWOW64\RTCOM\RTCOMDLL.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 2524992 c:\windows\SysWOW64\nvcuvid.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 2445120 c:\windows\SysWOW64\nvcuvenc.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 5982528 c:\windows\SysWOW64\nvcuda.dll
    + 2012-05-25 05:14 . 2009-11-18 22:42 2719504 c:\windows\system32\WavesGUILib.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 1814560 c:\windows\system32\RtPgEx64.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 1631264 c:\windows\system32\RtkAPO64.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 1206304 c:\windows\system32\RTCOM64.dll
    + 2012-05-25 05:05 . 2012-04-18 17:08 1451840 c:\windows\system32\nvhdagenco6420103.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 2681664 c:\windows\system32\nvcuvid.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 2881856 c:\windows\system32\nvcuvenc.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 8139072 c:\windows\system32\nvcuda.dll
    + 2012-05-25 05:14 . 2009-11-18 22:42 2197264 c:\windows\system32\MaxxAudioEQ.dll
    + 2012-05-25 05:13 . 2010-01-05 17:41 1325328 c:\windows\system32\DTSS2SpeakerDLL64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 1178384 c:\windows\system32\DTSS2HeadphoneDLL64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 1110800 c:\windows\system32\DTSBoostDLL64.dll
    + 2012-05-25 05:05 . 2012-05-15 12:55 1468224 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_9040728c38bb13af\nvgenco64.dll
    + 2012-05-25 05:05 . 2012-04-18 17:08 1451840 c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_9f01b2372a747820\nvgenco64.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 8105280 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvwgf2um.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 1468224 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvgenco64.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 1066872 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdrsdb.bin
    + 2012-05-25 05:05 . 2012-05-15 10:48 1738048 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvdispco64.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 2524992 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuvid32.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 2681664 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuvid.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 2881856 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuvenc64.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 2445120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuvenc.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 5982528 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuda32.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 8139072 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcuda.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 2741568 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvapi64.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 2368832 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvapi.dll
    + 2012-05-25 05:14 . 2009-11-18 22:42 2719504 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\WavesGUILib.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 1833504 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\SkyTel.exe
    + 2012-05-25 05:14 . 2010-01-29 19:00 1814560 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RtPgEx64.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 1678880 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RtlUpd64.exe
    + 2012-05-25 05:14 . 2010-01-29 18:48 2260256 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RTKVHD64.sys
    + 2012-05-25 05:14 . 2010-01-29 19:00 1631264 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RtkAPO64.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 1083936 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RTCOMDLL.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 1206304 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RTCOM64.dll
    + 2012-05-25 05:14 . 2009-11-18 22:42 2197264 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\MaxxAudioEQ.dll
    + 2012-05-25 05:13 . 2010-01-05 17:41 1325328 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\DTSS2SpeakerDLL64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 1178384 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\DTSS2HeadphoneDLL64.dll
    + 2012-05-25 05:13 . 2010-01-05 17:40 1110800 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\DTSBoostDLL64.dll
    + 2012-05-25 05:14 . 2010-01-29 18:48 2260256 c:\windows\system32\drivers\RTKVHD64.sys
    + 2011-02-05 15:10 . 2012-05-27 22:45 9506936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1007896227-2540983366-3169110878-1000-8192.dat
    + 2012-01-07 19:34 . 2012-05-25 01:13 3757678 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1007896227-2540983366-3169110878-1000-12288.dat
    - 2012-01-07 19:34 . 2012-05-21 04:28 3757678 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1007896227-2540983366-3169110878-1000-12288.dat
    + 2012-05-25 05:13 . 2010-01-22 20:02 1247776 c:\windows\RtlExUpd.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 19607872 c:\windows\SysWOW64\nvoglv32.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 17551680 c:\windows\SysWOW64\nvcompiler.dll
    - 2009-07-14 02:34 . 2012-05-14 02:24 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2012-05-25 22:36 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2012-05-25 05:05 . 2012-05-15 10:48 25743168 c:\windows\system32\nvoglv64.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 18044224 c:\windows\system32\nvd3dumx.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 25248064 c:\windows\system32\nvcompiler.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 10194752 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvwgf2umx.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 25743168 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvoglv64.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 19607872 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvoglv32.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 14298944 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvlddmkm.sys
    + 2012-05-25 05:05 . 2012-05-15 10:48 18044224 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvd3dumx.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 15322432 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvd3dum.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 30945512 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\NvCplSetupEng.exe
    + 2012-05-25 05:05 . 2012-05-15 10:48 17551680 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcompiler32.dll
    + 2012-05-25 05:05 . 2012-05-15 10:48 25248064 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_a2030f0be10bcb45\nvcompiler.dll
    + 2012-05-25 05:14 . 2010-01-29 19:00 10038304 c:\windows\system32\DriverStore\FileRepository\hdxrt.inf_amd64_neutral_75b9bbe828a34741\RAVCpl64.exe
    + 2012-05-25 05:05 . 2012-05-15 10:48 14298944 c:\windows\system32\drivers\nvlddmkm.sys
    + 2012-02-13 16:57 . 2012-02-13 16:57 30412800 c:\windows\Installer\57d22.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}]
    2012-01-11 02:43 63368 ----a-w- c:\perfect world entertainment\CORE Client\plugins\CorePluginIE.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="d:\steam\steam.exe" [2012-02-20 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
    "Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
    R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Heroes In the Sky\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 129976]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 X6va001;X6va001;c:\users\w7\AppData\Local\Temp\00137EC.tmp [x]
    R3 X6va005;X6va005;c:\users\w7\AppData\Local\Temp\005C566.tmp [x]
    R3 X6va008;X6va008;c:\users\w7\AppData\Local\Temp\008C967.tmp [x]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-05 79360]
    R4 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2010-07-28 242176]
    R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
    R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 15:21]
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007896227-2540983366-3169110878-1000Core.job
    - c:\users\w7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 00:14]
    .
    2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007896227-2540983366-3169110878-1000UA.job
    - c:\users\w7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 00:14]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
    FF - ProfilePath - c:\users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\e8wvwji8.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
    "ImagePath"="\??\c:\users\w7\AppData\Local\Temp\00137EC.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\w7\AppData\Local\Temp\005C566.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\users\w7\AppData\Local\Temp\008C967.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1007896227-2540983366-3169110878-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a7,9a,be,9b,c8,28,b7,29,c6,27,2c,e4,7d,bf,a2,24,f8,69,e7,8f,f8,
    8e,f3,51,69,25,1f,7a,c8,3d,f9,be,f9,38,bc,9b,2d,52,9b,dc,3f,60,40,0b,8e,11,\
    "rkeysecu"=hex:18,be,cf,83,e0,ce,a3,3b,5c,ad,4f,9a,4f,de,d8,e6
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-27 18:48:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-27 22:48
    ComboFix2.txt 2012-05-24 13:13
    ComboFix3.txt 2012-05-24 12:52
    .
    Pre-Run: 140,523,970,560 bytes free
    Post-Run: 140,074,864,640 bytes free
    .
    - - End Of File - - FCFE68597B5C6B5B221D10F81E239C73
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Hi,

    Please do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    DDS::
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local
    
    ClearJavaCache::
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix may request an update; please allow it.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    NEXT


    Please download Malwarebytes' Anti-Malware
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT


    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
     
  9. zefram

    zefram Thread Starter

    Joined:
    May 24, 2012
    Messages:
    6
    Hi CatByte,
    Here are the logs you requested.

    Z



    =================================== ComboFix.txt

    ComboFix 12-05-27.03 - w7 05/27/2012 22:16:12.4.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.9765 [GMT -4:00]
    Running from: c:\users\w7\Desktop\ComboFix.exe
    Command switches used :: c:\users\w7\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-28 02:21 . 2012-05-28 02:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-05-28 02:21 . 2012-05-28 02:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-28 01:49 . 2012-05-28 01:49 -------- d-----w- c:\users\w7\AppData\Local\CrashRpt
    2012-05-25 05:17 . 2009-12-14 16:33 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
    2012-05-25 05:17 . 2012-05-25 05:17 -------- d-----w- c:\program files (x86)\Intel
    2012-05-25 05:17 . 2012-05-25 05:17 -------- d-----w- C:\Intel
    2012-05-25 05:13 . 2012-05-25 05:13 -------- d-----w- c:\program files (x86)\Realtek
    2012-05-25 05:06 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-05-25 04:49 . 2009-07-06 14:48 13368 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
    2012-05-25 04:49 . 2009-09-30 15:33 24576 ----a-w- c:\windows\SysWow64\AsIO.dll
    2012-05-25 04:49 . 2009-08-04 14:28 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
    2012-05-25 04:48 . 2012-05-25 04:49 -------- d-----w- c:\program files (x86)\ASUS
    2012-05-25 04:48 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-05-25 04:48 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-05-25 04:48 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-05-25 04:48 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-05-25 04:48 . 2002-07-25 20:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2012-05-24 16:45 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-05-24 16:45 . 2012-05-27 22:33 -------- d-----w- c:\programdata\AVAST Software
    2012-05-24 16:45 . 2012-05-24 16:45 -------- d-----w- c:\program files\AVAST Software
    2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-05-06 16:39 . 2012-05-06 16:39 -------- d-----w- c:\windows\system32\appmgmt
    2012-05-06 16:02 . 2012-05-06 16:12 -------- d-----w- c:\users\w7\AppData\Roaming\Awesomium
    2012-05-05 13:55 . 2012-05-05 13:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-05-05 13:55 . 2012-05-05 13:55 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-05 13:55 . 2012-05-05 13:55 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-05-04 20:56 . 2012-05-04 20:58 -------- d-----w- c:\users\w7\AppData\Local\PAYDAY
    2012-05-03 23:24 . 2012-05-03 23:23 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-02 00:42 . 2012-05-02 00:59 -------- d-----w- c:\users\w7\AppData\Roaming\Apple Computer
    2012-05-02 00:42 . 2012-05-02 00:42 -------- d-----w- c:\users\w7\AppData\Local\Apple Computer
    2012-05-02 00:42 . 2012-05-02 00:42 -------- dc----w- c:\windows\system32\DRVSTORE
    2012-05-02 00:42 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-05-02 00:41 . 2012-05-02 00:41 -------- d-----w- c:\programdata\Apple
    2012-04-28 14:21 . 2012-04-28 14:21 -------- d-----w- c:\users\w7\AppData\Roaming\RenPy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-28 01:49 . 2012-01-23 14:56 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-05-28 01:49 . 2011-12-28 20:07 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-05-28 01:49 . 2011-12-28 20:07 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-05-28 01:49 . 2011-12-28 20:07 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-05-25 04:54 . 2012-05-25 04:53 1266605 ----a-w- c:\windows\SABERTOOTH-X58-ASUS-1304.zip
    2012-05-15 10:48 . 2011-12-31 03:49 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2011-12-31 03:49 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2011-12-31 03:49 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2011-12-31 03:49 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-05-15 10:48 . 2011-12-31 03:49 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-05-15 10:48 . 2011-12-31 03:49 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-05-15 10:48 . 2011-02-05 14:18 2741568 ----a-w- c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2011-02-05 14:18 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 10:48 . 2011-02-05 14:18 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-05-15 09:29 . 2010-10-16 17:13 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2010-10-16 21:13 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2010-10-16 17:13 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2010-10-16 17:13 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-05-15 09:28 . 2010-10-16 17:13 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-05-06 15:21 . 2012-04-16 00:49 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-06 15:21 . 2012-01-01 14:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 00:40 . 2012-04-16 20:40 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-03 23:23 . 2011-12-29 00:52 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-18 03:17 . 2012-03-18 03:17 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-05-27_22.46.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-02-05 14:18 . 2012-05-27 22:47 45498 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2012-05-27 22:35 55390 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-05-27 22:47 55390 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-05 03:08 . 2012-05-27 22:47 14706 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1007896227-2540983366-3169110878-1000_UserData.bin
    - 2011-02-11 00:00 . 2012-05-27 22:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-11 00:00 . 2012-05-28 02:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-11 00:00 . 2012-05-27 22:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-11 00:00 . 2012-05-28 02:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-05-28 02:22 . 2012-05-28 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-05-27 22:46 . 2012-05-27 22:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-05-28 02:22 . 2012-05-28 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36 . 2012-05-27 22:50 672494 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-05-27 22:41 672494 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-05-27 22:50 125226 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-05-27 22:41 125226 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2012-05-27 22:45 406816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-05-28 02:21 406816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-02-05 15:10 . 2012-05-28 02:21 11007434 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1007896227-2540983366-3169110878-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{13FA2453-9287-4F18-8554-976D7C02F4EE}]
    2012-01-11 02:43 63368 ----a-w- c:\perfect world entertainment\CORE Client\plugins\CorePluginIE.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="d:\steam\steam.exe" [2012-02-20 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
    "Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2008-10-06 147456]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
    R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Heroes In the Sky\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 129976]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 X6va001;X6va001;c:\users\w7\AppData\Local\Temp\00137EC.tmp [x]
    R3 X6va005;X6va005;c:\users\w7\AppData\Local\Temp\005C566.tmp [x]
    R3 X6va008;X6va008;c:\users\w7\AppData\Local\Temp\008C967.tmp [x]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-05 79360]
    R4 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2010-07-28 242176]
    R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
    R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 15:21]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007896227-2540983366-3169110878-1000Core.job
    - c:\users\w7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 00:14]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1007896227-2540983366-3169110878-1000UA.job
    - c:\users\w7\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 00:14]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = %SystemRoot%\system32\blank.htm
    mLocal Page = %SystemRoot%\system32\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
    FF - ProfilePath - c:\users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\e8wvwji8.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
    "ImagePath"="\??\c:\users\w7\AppData\Local\Temp\00137EC.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\w7\AppData\Local\Temp\005C566.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\users\w7\AppData\Local\Temp\008C967.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1007896227-2540983366-3169110878-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a7,9a,be,9b,c8,28,b7,29,c6,27,2c,e4,7d,bf,a2,24,f8,69,e7,8f,f8,
    8e,f3,51,69,25,1f,7a,c8,3d,f9,be,f9,38,bc,9b,2d,52,9b,dc,3f,60,40,0b,8e,11,\
    "rkeysecu"=hex:18,be,cf,83,e0,ce,a3,3b,5c,ad,4f,9a,4f,de,d8,e6
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\SysWOW64\PnkBstrB.exe
    c:\program files (x86)\Common Files\Steam\SteamService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-27 22:25:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-28 02:25
    ComboFix2.txt 2012-05-27 22:48
    ComboFix3.txt 2012-05-24 13:13
    ComboFix4.txt 2012-05-24 12:52
    .
    Pre-Run: 140,131,561,472 bytes free
    Post-Run: 140,080,340,992 bytes free
    .
    - - End Of File - - 9BABCAA819E2293E941E2F6A23FF7B6F



    ============================== AntiMalware log

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.27.06

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    w7 :: W7-PC [administrator]

    Protection: Enabled

    5/27/2012 10:31:18 PM
    mbam-log-2012-05-27 (22-31-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 225513
    Time elapsed: 1 minute(s), 54 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 28
    C:\Users\w7\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

    Files Detected: 101
    C:\Users\w7\Downloads\DownloadSetup(1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\w7\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\w7\Downloads\WhiteSmokeWriterGeo5002_en.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\icon128.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon128.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\w7\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

    (end)


    ============================== ESETSCAN.txt

    C:\NetbookData-11-2010\ChelseasPhone\SETool2 lite 1.08.zip a variant of Win32/Packed.Themida application deleted - quarantined
    C:\NetbookData-11-2010\ChelseasPhone\setool2lt.exe a variant of Win32/Packed.Themida application cleaned by deleting - quarantined
    C:\Program Files (x86)\1ClickDownload\uninst.exe Win32/Adware.1ClickDownload application deleted - quarantined
    C:\Users\w7\Desktop\MERGE\CyberWin7Data\AppData\Local\Temp\jar_cache3782431553584571868.tmp a variant of Java/TrojanDownloader.OpenStream.NBM trojan deleted - quarantined
    C:\Users\w7\Desktop\MERGE\CyberWin7Data\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5a187610-68df5bc5 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
    C:\Users\w7\Desktop\MERGE\CyberWin7Data\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7a64aa11-21c3802b a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
    C:\Users\w7\Desktop\MERGE\CyberWin7Data\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\12879fc2-2ed84eb1 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
    C:\Users\w7\Desktop\MERGE\CyberWin7Data\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\73af3104-39e02c40 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
    C:\Users\w7\Desktop\MERGE\CyberWin7Data\Downloads\WhiteSmokeWriterGeo5002_en.exe a variant of Win32/TrojanDownloader.FraudLoad.NAH trojan cleaned by deleting - quarantined
    C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\Desktop\Hirens.BootCD.13.0.zip Win32/PSWTool.KonBoot.A application deleted - quarantined
    C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\Desktop\softonic-us-silent-2.exe Win32/Toolbar.Zugo application deleted - quarantined
    C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\Desktop\BootTools\Hiren's.BootCD.13.0.iso Win32/PSWTool.KonBoot.A application deleted - quarantined
    C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\DailyBibleGuide.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
    C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\MusicnotesSuite.exe Win32/OpenCandy application deleted - quarantined
    C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\registrybooster(2).exe Win32/RegistryBooster application deleted - quarantined
    C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined
    C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\SoftonicDownloader_for_photofiltre.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\SoftonicDownloader_for_winrar.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    C:\Users\w7\Desktop\MERGE\ZYPC-ZY_user\My Documents\Downloads\YouTubeDownloaderSetup263.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
    C:\Users\w7\Downloads\bb5.zip probably a variant of Win32/Agent.DSPQFA trojan deleted - quarantined
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Please do the following:

    Visit ADOBE and download the latest version of Acrobat Reader (version X)
    Having the latest updates ensures there are no security vulnerabilities in your system.


    NEXT

    Please go to Start > Control Panel > Programs and Features > remove all the Java Programs you see, now download the latest Java from the following link and install it:

    Java version 7 update 4
    http://java.com/en/download/index.jsp

    NEXT


    Please advise how the computer is running now and if there are any outstanding issues
     
  11. zefram

    zefram Thread Starter

    Joined:
    May 24, 2012
    Messages:
    6
    Hi CatByte,
    Just wanted to take some time to see how the system is working. Seems to be in perfect shape. Thank you very much! I sent in a donation to show my gratitude.

    Z
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,929
    Thank-you,

    Just some housekeeping to do now, please do the following:


    You can delete the FRST logs and program from your desktop.


    NEXT


    Follow these steps to uninstall Combofix

    • Make sure your security programs are totally disabled.
    • Click START then RUN
    • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

    [​IMG]


    If there are any logs/tools remaining on your desktop > right click and delete them.


    NEXT


    Below I have included a number of recommendations for how to protect your computer against malware infections.

    • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
      Strong passwords: How to create and use them
      Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

    • Keep Windows updated by regularly checking their website at :
      http://windowsupdate.microsoft.com/
      This will ensure your computer has always the latest security updates available installed on your computer.

    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    • Download TFC to your desktop
      • Close any open windows.
      • Double click the TFC icon to run the program
      • TFC will close all open programs itself in order to run,
      • Click the Start button to begin the process.
      • Allow TFC to run uninterrupted.
      • The program should not take long to finish it's job
      • Once its finished it should automatically reboot your machine,
      • if it doesn't, manually reboot to ensure a complete clean
      It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      • Green to go
      • Yellow for caution
      • Red to stop
      WOT has an addon available for both Firefox and IE

    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
      PC Safety and Security--What Do I Need?.


    Thank you for your patience, and performing all of the procedures requested.

    Please respond one last time so we can consider the thread resolved and close it, thank-you.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1054461