1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Run dll message at start up

Discussion in 'Virus & Other Malware Removal' started by mountainlion, Dec 25, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. mountainlion

    mountainlion Thread Starter

    Joined:
    Jan 9, 2007
    Messages:
    151
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
  3. mountainlion

    mountainlion Thread Starter

    Joined:
    Jan 9, 2007
    Messages:
    151
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by SURFTHEWEB at 9:45:26 on 2012-12-26
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8069.6322 [GMT 0:00]
    .
    AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
    SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Lavasoft Ad-Aware *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    C:\Windows\SysWOW64\nlssrv32.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dataplex\nveloSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Dataplex\CacheFilter\NveloApp.exe
    C:\Windows\System32\TiltWheelMouse.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~2\AD-AWA~1\AdAware.exe
    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    StartupFolder: C:\Users\SURFTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\runctf.lnk - C:\Windows\System32\rundll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ISCTSY~1.LNK - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{747EC4D5-378D-4AD1-84D1-02AE94062AEB} : DHCPNameServer = 192.168.0.1
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [nveloApp] C:\Program Files\Dataplex\CacheFilter\nveloApp.exe
    x64-Run: [MouseDriver] TiltWheelMouse.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-11-12 20:22; {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}; C:\Users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvelodiskfltr;NVCache Policy Driver;C:\Windows\System32\drivers\nvelodiskfltr.sys [2012-8-29 231024]
    R0 nveloportfltr;NVELO Port Filter Driver;C:\Windows\System32\drivers\nveloportfltr.sys [2012-8-29 24176]
    R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-11-6 256632]
    R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-7-8 57976]
    R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-7-12 1239952]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-3-12 190120]
    R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-5-14 138752]
    R2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;C:\Windows\SysWOW64\nlssrv32.exe [2011-9-22 66560]
    R2 nveloSvc;NVELO Dataplex Service;system32\Dataplex\nveloSvc.exe --> system32\Dataplex\nveloSvc.exe [?]
    R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
    R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
    R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-9-1 8786848]
    R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-9-1 565152]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
    R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-9-1 13728]
    R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-5-14 26048]
    R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-5-14 26048]
    R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-5-14 44992]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-3 789824]
    R3 RRNetCapMP;RRNetCapMP;C:\Windows\System32\drivers\rrnetcap.sys [2012-7-19 37480]
    R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-11-6 119416]
    R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2011-12-19 84600]
    R3 t_mouse.sys;iBall Advanced Mouse;C:\Windows\System32\drivers\t_mouse.sys [2009-4-16 25088]
    R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2012-9-4 122640]
    R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-9-1 68512]
    R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-9-1 15736]
    R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-8-28 34752]
    S0 nvelofsfltr;nvelofsfltr;C:\Windows\System32\drivers\nvelofsfltr.sys [2012-5-11 110704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
    S3 RRNetCap;RRNetCap Service;C:\Windows\System32\drivers\rrnetcap.sys [2012-7-19 37480]
    S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-11-6 119416]
    S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-7-8 60536]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-8-30 18216]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-29 1255736]
    .
    =============== File Associations ===============
    .
    .chm: <filetype is not registered>
    .
    =============== Created Last 30 ================
    .
    2012-12-23 10:09:00 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
    2012-12-22 13:04:46 -------- d-----w- C:\Windows\SysWow64\NV
    2012-12-22 13:04:46 -------- d-----w- C:\Windows\System32\NV
    2012-12-22 11:31:55 -------- d-----w- C:\Windows\pss
    2012-12-21 06:44:16 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 06:44:16 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 06:44:16 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 06:44:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-12 15:22:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-12 15:22:06 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-12-12 15:22:05 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-12-12 15:22:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-12-12 15:22:00 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-12-09 21:51:46 -------- d-----w- C:\Users\SURFTHEWEB\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
    2012-12-09 21:30:08 -------- d-----w- C:\Program Files (x86)\Zinio Reader 4
    2012-11-30 22:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    .
    ==================== Find3M ====================
    .
    2012-12-26 09:42:30 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
    2012-12-12 15:21:17 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 15:21:17 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-04 20:34:03 100 ----a-w- C:\Windows\SysWow64\prsgrc.dll
    2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-12-01 05:49:26 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-11-21 15:45:51 72 ----a-w- C:\Windows\SysWow64\ssprs.dll
    2012-11-21 15:45:51 1024 ----a-w- C:\Windows\SysWow64\wau1wuz.dll
    2012-11-21 15:45:51 1024 ----a-w- C:\Windows\SysWow64\grcauth2.dll
    2012-11-21 15:45:51 1024 ----a-w- C:\Windows\SysWow64\grcauth1.dll
    2012-11-21 15:45:51 1024 ----a-w- C:\Windows\SysWow64\clauth2.dll
    2012-11-21 15:45:51 1024 ----a-w- C:\Windows\SysWow64\clauth1.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-25 03:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 03:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    .
    ============= FINISH: 9:45:37.32 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 28/08/2012 22:12:00
    System Uptime: 26/12/2012 09:42:24 (0 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH Z77
    Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 854.386 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: IUSB3\ROOT_HUB30\4&A3F7854&0
    Manufacturer:
    Name:
    PNP Device ID: IUSB3\ROOT_HUB30\4&A3F7854&0
    Service:
    .
    Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Description: Virtual Keyboard Driver
    Device ID: ROOT\HIDCLASS\0001
    Manufacturer: Wacom
    Name: Virtual Keyboard Driver
    PNP Device ID: ROOT\HIDCLASS\0001
    Service: WacomVKHid
    .
    ==== System Restore Points ===================
    .
    RP63: 21/12/2012 06:44:13 - Windows Update
    RP64: 22/12/2012 13:03:46 - Device Driver Package Install: NVIDIA Display adapters
    .
    ==== Installed Programs ======================
    .
    Ad-Aware Antivirus
    Ad-Aware Browsing Protection
    Adobe AIR
    Adobe Community Help
    Adobe Creative Suite 5.5 Master Collection
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Apple Application Support
    Apple Software Update
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Audials
    Camtasia Studio 6
    CINEMA 4D 11.514
    CPUID CPU-Z 1.61.3
    Dataplex
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Network Connections 17.1.55.0
    Intel(R) Smart Connect Technology 2.1 x64
    Java 7 Update 9
    Java Auto Updater
    JustCloud
    Microsoft .NET Framework 4 Client Profile
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Microsoft_VC90_MFCLOC_x86
    Microsoft_VC90_MFCLOC_x86_x64
    Mozilla Firefox 15.0 (x86 en-GB)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    NVIDIA 3D Vision Controller Driver 310.70
    NVIDIA 3D Vision Driver 310.70
    NVIDIA Control Panel 310.70
    NVIDIA Graphics Driver 310.70
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    PDF Settings CS5
    Privacy Eraser Pro
    QuickTime
    RealFlow 2012
    RealFlow Plug-in for Cinema4D
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Topaz Adjust 4
    Topaz Adjust 4 (64-bit)
    Topaz Clean 3
    Topaz Clean 3 (64-bit)
    Topaz DeNoise 5
    Topaz DeNoise 5 (64-bit)
    Topaz Detail 2
    Topaz Detail 2 (64-bit)
    Topaz Fusion Express 2
    Topaz Fusion Express 2 (64-bit)
    Topaz InFocus
    Topaz InFocus (64-bit)
    Topaz Lens Effects
    Topaz Lens Effects (64-bit)
    Topaz ReMask 3
    Topaz ReMask 3 (64-bit)
    Total Recorder 8.3 Professional Edition
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Vertus Fluid Mask 3 3.0.10
    Wacom Tablet
    WebTablet FB Plugin 32 bit
    WebTablet FB Plugin 64 bit
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    WinRAR archiver
    Xilisoft Video Converter Ultimate
    Zinio Reader 4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    26/12/2012 09:42:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvelofsfltr
    23/12/2012 09:17:18, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    23/12/2012 09:16:52, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    23/12/2012 09:16:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    23/12/2012 09:16:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    23/12/2012 09:16:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    23/12/2012 09:16:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    23/12/2012 09:16:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache nvelofsfltr spldr Wanarpv6
    23/12/2012 09:16:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    22/12/2012 11:12:02, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    22/12/2012 11:12:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    22/12/2012 11:12:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    22/12/2012 11:11:53, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy nvelofsfltr Psched rdbss SbFw spldr tdx Wanarpv6 WfpLwf
    22/12/2012 11:11:52, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    22/12/2012 11:11:52, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    22/12/2012 11:11:52, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    22/12/2012 11:11:52, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    22/12/2012 11:11:52, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    22/12/2012 11:11:52, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    22/12/2012 11:11:52, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    22/12/2012 11:11:52, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    22/12/2012 11:11:52, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    22/12/2012 11:11:52, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    .
    ==== End Of File ===========================
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  5. mountainlion

    mountainlion Thread Starter

    Joined:
    Jan 9, 2007
    Messages:
    151
    ComboFix 12-12-25.02 - SURFTHEWEB 26/12/2012 12:40:26.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8069.6102 [GMT 0:00]
    Running from: c:\users\SURFTHEWEB\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
    FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
    SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\dsgsdgdsgdsgw.pad
    c:\users\SURFTHEWEB\2f9915e513e648da322f0fcdb04d4705.jpg
    c:\users\SURFTHEWEB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
    c:\windows\SysWow64\prsgrc.dll
    c:\windows\SysWow64\ssprs.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-26 to 2012-12-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-26 12:42 . 2012-12-26 12:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-12-26 12:42 . 2012-12-26 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-23 10:09 . 2012-12-26 09:42 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
    2012-12-22 13:05 . 2012-12-22 13:05 -------- d-----w- c:\program files (x86)\AGEIA Technologies
    2012-12-22 13:04 . 2012-12-22 13:04 -------- d-----w- c:\windows\SysWow64\NV
    2012-12-22 13:04 . 2012-12-22 13:04 -------- d-----w- c:\windows\system32\NV
    2012-12-22 11:08 . 2012-12-22 11:08 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
    2012-12-21 06:44 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 06:44 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 06:44 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-21 06:44 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-12 15:22 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-12-12 15:22 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-12-12 15:22 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2012-12-12 15:22 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll
    2012-12-12 15:22 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
    2012-12-12 15:22 . 2012-10-04 17:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2012-12-09 21:51 . 2012-12-09 21:51 -------- d-----w- c:\users\SURFTHEWEB\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
    2012-12-09 21:30 . 2012-12-09 21:30 -------- d-----w- c:\program files (x86)\Zinio Reader 4
    2012-12-09 21:29 . 2012-12-21 17:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2012-11-30 22:43 . 2012-11-30 22:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-26 09:42 . 2012-08-28 21:30 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
    2012-12-12 22:29 . 2012-08-29 05:19 67413224 ----a-w- c:\windows\system32\MRT.exe
    2012-12-12 15:21 . 2012-08-28 21:38 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 15:21 . 2012-08-28 21:38 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-03 15:47 . 2012-10-10 21:23 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-12-03 15:47 . 2012-10-10 21:23 2816824 ----a-w- c:\windows\system32\nvapi64.dll
    2012-12-03 15:47 . 2012-10-10 21:23 983936 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-12-03 15:47 . 2012-10-10 21:23 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-12-03 15:47 . 2012-10-10 21:23 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-12-03 15:47 . 2012-10-10 21:22 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-12-03 15:47 . 2012-10-10 21:22 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-12-03 15:47 . 2012-08-28 21:26 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-12-01 05:49 . 2012-11-18 12:00 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-12-01 05:49 . 2012-08-28 21:26 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-12-01 05:49 . 2012-08-28 21:26 63336 ----a-w- c:\windows\system32\nvshext.dll
    2012-12-01 05:49 . 2012-08-28 21:26 118120 ----a-w- c:\windows\system32\nvmctray.dll
    2012-12-01 05:49 . 2012-08-28 21:26 890216 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-12-01 05:48 . 2012-08-28 21:26 6223208 ----a-w- c:\windows\system32\nvcpl.dll
    2012-12-01 05:48 . 2012-08-28 21:26 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2012-10-16 08:38 . 2012-11-28 06:16 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 06:16 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 06:16 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-09 18:17 . 2012-11-15 06:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-15 06:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-15 06:17 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-15 06:17 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-10-04 16:40 . 2012-12-12 15:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-10-03 17:56 . 2012-11-15 06:17 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 17:44 . 2012-11-15 06:17 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2012-10-03 17:44 . 2012-11-15 06:17 303104 ----a-w- c:\windows\system32\nlasvc.dll
    2012-10-03 17:44 . 2012-11-15 06:17 246272 ----a-w- c:\windows\system32\netcorehc.dll
    2012-10-03 17:44 . 2012-11-15 06:17 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-10-03 17:44 . 2012-11-15 06:17 216576 ----a-w- c:\windows\system32\ncsi.dll
    2012-10-03 17:42 . 2012-11-15 06:17 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-10-03 16:42 . 2012-11-15 06:17 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
    2012-10-03 16:42 . 2012-11-15 06:17 18944 ----a-w- c:\windows\SysWow64\netevent.dll
    2012-10-03 16:42 . 2012-11-15 06:17 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2012-10-03 16:07 . 2012-11-15 06:17 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-12 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe [2012-5-14 80384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ chkvdisk\0autocheck autochk *\0lsdelete
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
    @="Ad-Aware Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    R0 nvelofsfltr;nvelofsfltr;c:\windows\system32\DRIVERS\nvelofsfltr.sys [2012-05-11 110704]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
    R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-07-19 37480]
    R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
    R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]
    S0 nvelodiskfltr;NVCache Policy Driver;c:\windows\system32\DRIVERS\nvelodiskfltr.sys [2012-05-11 231024]
    S0 nveloportfltr;NVELO Port Filter Driver;c:\windows\system32\DRIVERS\nveloportfltr.sys [2012-05-11 24176]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
    S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-03-12 190120]
    S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-05-14 138752]
    S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
    S2 nveloSvc;NVELO Dataplex Service;c:\windows\system32\Dataplex\nveloSvc.exe [2012-05-11 33392]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
    S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-08-02 8786848]
    S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-08-02 565152]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
    S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-06-21 13728]
    S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-05-14 26048]
    S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-05-14 26048]
    S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-05-14 44992]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
    S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-07-19 37480]
    S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
    S3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys [2009-04-16 25088]
    S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2012-08-13 122640]
    S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-06-21 68512]
    S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-05-22 15736]
    S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2012-12-26 34752]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-22 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
    - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 17:32]
    .
    2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 15:21]
    .
    2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 19:38]
    .
    2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 19:38]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-25 6548112]
    "nveloApp"="c:\program files\Dataplex\CacheFilter\nveloApp.exe" [2012-05-11 117360]
    "MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-03 444856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: mediafire.com\www
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\
    FF - ExtSQL: 2012-11-12 20:22; {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}; c:\users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{8D93BD99-EECF-4812-B3BA-B8A2E7FEEA11} - c:\programdata\{63B3AF69-722B-4FA9-965F-94DEB1E78796}\simplify3_setup_ext.exe
    AddRemove-{DC8F0C18-E6B0-4722-A4AB-D134473091C2} - c:\programdata\{E25B3CC7-9347-4C9D-9339-1E15F9DA7A07}\dejpeg4_setup_ext.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-26 12:43:34
    ComboFix-quarantined-files.txt 2012-12-26 12:43
    .
    Pre-Run: 917,109,272,576 bytes free
    Post-Run: 917,685,391,360 bytes free
    .
    - - End Of File - - 0198CC0DEE292598AE7A1852CCF2EAD9
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, continue as follows:

    download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Post those two logs, let me know if you have any remaining issues or concerns...

    Kevin..
     
  7. mountainlion

    mountainlion Thread Starter

    Joined:
    Jan 9, 2007
    Messages:
    151
    this is the file from adwcleaner below.
    # AdwCleaner v2.103 - Logfile created 12/26/2012 at 20:33:34
    # Updated 25/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : SURFTHEWEB - SURFTHEWEB-PC
    # Boot Mode : Normal
    # Running from : C:\Users\SURFTHEWEB\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0 (en-GB)

    File : C:\Users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\SURFTHEWEB\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1080 octets] - [26/12/2012 20:33:34]

    ########## EOF - C:\AdwCleaner[S1].txt - [1140 octets] ##########

    I ran eset scan but no threat was found,i was quite sure myself i didnt have anymore viruses aas i got rid of it as mentioned in my original first post.
    Anyway i was looking at some other posts and it was stated that TFC is an excellent program to have and run weekly so i downloaded it and ran it and when my pc rebooted i didnt get the run dll error msg anymore though i now get this one below.
    http://i1357.photobucket.com/albums/q758/Cold-Cut/asusscreen_zpsfb1d78fa.png
    Its not that important and i have no viruses but it would be nice if i could get rid of it thank you.
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Run Combofix one more time as follows:

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
     
  9. mountainlion

    mountainlion Thread Starter

    Joined:
    Jan 9, 2007
    Messages:
    151
    ok Kevin here it is below

    ComboFix 12-12-25.02 - SURFTHEWEB 26/12/2012 22:19:29.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8069.6435 [GMT 0:00]
    Running from: c:\users\SURFTHEWEB\Downloads\ComboFix.exe
    Command switches used :: c:\users\SURFTHEWEB\Desktop\CFScript.txt
    AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
    FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
    SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-26 to 2012-12-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-26 22:20 . 2012-12-26 22:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-12-26 22:20 . 2012-12-26 22:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-26 21:02 . 2012-12-26 21:05 4648880 ----a-w- c:\windows\PE_Rom.dll
    2012-12-26 21:02 . 2012-12-26 21:02 -------- d-----w- c:\programdata\ASUS OC Profiles
    2012-12-26 21:02 . 2012-12-26 21:02 -------- d-----w- c:\programdata\ASUS PowerControl Profiles
    2012-12-26 21:01 . 2012-12-26 21:01 -------- d-----w- c:\program files\ASUS
    2012-12-26 20:59 . 2012-08-25 14:01 32400 ----a-r- c:\windows\system32\drivers\ndisrd.sys
    2012-12-26 20:58 . 2012-03-22 16:10 14848 ----a-w- c:\windows\SysWow64\drivers\AiCharger.sys
    2012-12-26 20:58 . 2008-12-02 20:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
    2012-12-26 20:57 . 2012-12-26 20:57 -------- d-----w- c:\programdata\ASUS
    2012-12-26 20:57 . 2012-12-26 21:00 -------- d-----w- c:\program files (x86)\ASUS
    2012-12-26 20:57 . 2012-08-25 14:01 28672 ----a-r- c:\windows\SysWow64\AsIO.dll
    2012-12-26 20:57 . 2012-08-25 14:01 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
    2012-12-26 20:56 . 2012-12-26 20:56 -------- d-----w- c:\windows\SysWow64\drivers\MFDLL
    2012-12-26 20:56 . 2012-08-25 14:01 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
    2012-12-26 15:18 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-12-26 15:18 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-12-26 15:18 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-12-26 15:18 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-12-26 15:18 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
    2012-12-26 15:18 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-12-26 15:18 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-12-26 15:18 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-12-26 15:18 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-12-26 14:40 . 2012-05-20 23:24 41984 ----a-w- c:\windows\system32\drivers\USB3Ver.dll
    2012-12-26 12:52 . 2012-12-26 12:52 -------- d-----w- c:\users\SURFTHEWEB\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2012-12-26 12:52 . 2012-12-26 12:52 -------- d-----w- c:\users\SURFTHEWEB\AppData\Roaming\Adobe Mini Bridge CS5.1
    2012-12-23 10:09 . 2012-12-26 21:15 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
    2012-12-22 13:05 . 2012-12-22 13:05 -------- d-----w- c:\program files (x86)\AGEIA Technologies
    2012-12-22 13:04 . 2012-12-26 15:22 -------- d-----w- c:\windows\SysWow64\NV
    2012-12-22 13:04 . 2012-12-26 15:22 -------- d-----w- c:\windows\system32\NV
    2012-12-22 11:08 . 2012-12-22 11:08 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
    2012-12-21 06:44 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 06:44 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 06:44 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-21 06:44 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-19 08:42 . 2012-12-19 08:42 6144 ----a-w- c:\windows\system32\drivers\t_mouse.sys
    2012-12-12 15:22 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-12-12 15:22 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-12-12 15:22 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2012-12-12 15:22 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll
    2012-12-12 15:22 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
    2012-12-12 15:22 . 2012-10-04 17:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2012-12-09 21:51 . 2012-12-09 21:51 -------- d-----w- c:\users\SURFTHEWEB\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
    2012-12-09 21:30 . 2012-12-09 21:30 -------- d-----w- c:\program files (x86)\Zinio Reader 4
    2012-12-09 21:29 . 2012-12-21 17:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2012-11-30 22:43 . 2012-11-30 22:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-26 21:15 . 2012-08-28 21:30 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
    2012-12-12 22:29 . 2012-08-29 05:19 67413224 ----a-w- c:\windows\system32\MRT.exe
    2012-12-12 15:21 . 2012-08-28 21:38 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 15:21 . 2012-08-28 21:38 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-03 15:47 . 2012-10-10 21:23 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-12-03 15:47 . 2012-10-10 21:23 2816824 ----a-w- c:\windows\system32\nvapi64.dll
    2012-12-03 15:47 . 2012-10-10 21:23 983936 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-12-03 15:47 . 2012-10-10 21:23 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-12-03 15:47 . 2012-10-10 21:23 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-12-03 15:47 . 2012-10-10 21:22 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-12-03 15:47 . 2012-10-10 21:22 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-12-03 15:47 . 2012-08-28 21:26 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-12-01 05:49 . 2012-11-18 12:00 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-12-01 05:49 . 2012-08-28 21:26 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-12-01 05:49 . 2012-08-28 21:26 63336 ----a-w- c:\windows\system32\nvshext.dll
    2012-12-01 05:49 . 2012-08-28 21:26 118120 ----a-w- c:\windows\system32\nvmctray.dll
    2012-12-01 05:49 . 2012-08-28 21:26 890216 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-12-01 05:48 . 2012-08-28 21:26 6223208 ----a-w- c:\windows\system32\nvcpl.dll
    2012-12-01 05:48 . 2012-08-28 21:26 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2012-10-16 08:38 . 2012-11-28 06:16 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-28 06:16 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-28 06:16 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-10 02:22 . 2012-10-10 02:22 80384 ----a-w- c:\windows\system32\igdde64.dll
    2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 21818368 ----a-w- c:\windows\SysWow64\igdfcl32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 216064 ----a-w- c:\windows\system32\iglhcp64.dll
    2012-10-10 02:22 . 2012-10-10 02:22 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 5903392 ----a-w- c:\windows\system32\GfxUI.exe
    2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 3776512 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 27438080 ----a-w- c:\windows\system32\igdfcl64.dll
    2012-10-10 02:22 . 2012-10-10 02:22 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 501760 ----a-w- c:\windows\system32\igfxcmrt64.dll
    2012-10-10 02:22 . 2012-10-10 02:22 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 410624 ----a-w- c:\windows\system32\igfxTMM.dll
    2012-10-10 02:22 . 2012-10-10 02:22 27664896 ----a-w- c:\windows\system32\igdrcl64.dll
    2012-10-10 02:22 . 2012-10-10 02:22 12836864 ----a-w- c:\windows\system32\igd10umd64.dll
    2012-10-10 02:22 . 2012-03-19 21:17 110592 ----a-w- c:\windows\system32\hccutils.dll
    2012-10-10 02:22 . 2012-10-10 02:22 598780 ----a-w- c:\windows\system32\igvpkrng700.bin
    2012-10-10 02:22 . 2012-10-10 02:22 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 12604416 ----a-w- c:\windows\system32\igdumd64.dll
    2012-10-10 02:22 . 2012-10-10 02:22 56832 ----a-w- c:\windows\system32\Intel_OpenCL_ICD64.dll
    2012-10-10 02:22 . 2012-10-10 02:22 441888 ----a-w- c:\windows\system32\igfxpers.exe
    2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 3582976 ----a-w- c:\windows\system32\igdbcl64.dll
    2012-10-10 02:22 . 2012-10-10 02:22 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
    2012-10-10 02:22 . 2012-03-19 21:09 56832 ----a-w- c:\windows\system32\OpenCL.dll
    2012-10-10 02:22 . 2012-10-10 02:22 9007616 ----a-w- c:\windows\system32\igfxress.dll
    2012-10-10 02:22 . 2012-10-10 02:22 5343584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
    2012-10-10 02:22 . 2012-10-10 02:22 448512 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 441856 ----a-w- c:\windows\system32\igfxdev.dll
    2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 399392 ----a-w- c:\windows\system32\hkcmd.exe
    2012-10-10 02:22 . 2012-10-10 02:22 241664 ----a-w- c:\windows\system32\IntelOpenCL64.dll
    2012-10-10 02:22 . 2012-10-10 02:22 195584 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
    2012-10-10 02:22 . 2012-10-10 02:22 116224 ----a-w- c:\windows\system32\igfxCoIn_v2867.dll
    2012-10-10 02:22 . 2012-03-19 21:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
    2012-10-10 02:22 . 2012-10-10 02:22 604160 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 4571136 ----a-w- c:\windows\system32\igfxcmjit64.dll
    2012-10-10 02:22 . 2012-10-10 02:22 439808 ----a-w- c:\windows\system32\igfxresn.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 2899968 ----a-w- c:\windows\SysWow64\igdbcl32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
    2012-10-10 02:22 . 2012-10-10 02:22 185376 ----a-w- c:\windows\system32\difx64.exe
    2012-10-10 02:22 . 2012-10-10 02:22 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
    2012-10-10 02:22 . 2012-10-10 02:22 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 171040 ----a-w- c:\windows\system32\igfxtray.exe
    2012-10-10 02:22 . 2012-10-10 02:22 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 56320 ----a-w- c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 509984 ----a-w- c:\windows\system32\igfxsrvc.exe
    2012-10-10 02:22 . 2012-10-10 02:22 440320 ----a-w- c:\windows\system32\igfxrell.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrita.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 27643904 ----a-w- c:\windows\SysWow64\igdrcl32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 142336 ----a-w- c:\windows\system32\igfxdo.dll
    2012-10-10 02:22 . 2012-03-19 21:09 56320 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-10-10 02:22 . 2012-10-10 02:22 8579584 ----a-w- c:\windows\SysWow64\ig7icd32.dll
    2012-10-10 02:22 . 2012-10-10 02:22 482304 ----a-w- c:\windows\system32\igfx11cmrt64.dll
    2012-10-10 02:22 . 2012-10-10 02:22 386048 ----a-w- c:\windows\system32\igfxpph.dll
    2012-10-10 02:22 . 2012-10-10 02:22 11595776 ----a-w- c:\windows\system32\ig7icd64.dll
    2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 435712 ----a-w- c:\windows\system32\igfxrara.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
    2012-10-10 02:22 . 2012-10-10 02:22 28672 ----a-w- c:\windows\system32\igfxexps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-12 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe [2012-5-14 80384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ chkvdisk\0autocheck autochk *\0lsdelete
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
    @="Ad-Aware Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    R0 nvelofsfltr;nvelofsfltr;c:\windows\system32\DRIVERS\nvelofsfltr.sys [2012-05-11 110704]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
    R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x]
    R3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-07-19 37480]
    R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
    R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
    S0 nvelodiskfltr;NVCache Policy Driver;c:\windows\system32\DRIVERS\nvelodiskfltr.sys [2012-05-11 231024]
    S0 nveloportfltr;NVELO Port Filter Driver;c:\windows\system32\DRIVERS\nveloportfltr.sys [2012-05-11 24176]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
    S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-08-25 920736]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-08-25 951936]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-08-25 149120]
    S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe [2012-08-25 1492912]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-03-12 190120]
    S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-05-14 138752]
    S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
    S2 nveloSvc;NVELO Dataplex Service;c:\windows\system32\Dataplex\nveloSvc.exe [2012-05-11 33392]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
    S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-08-02 8786848]
    S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-08-02 565152]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
    S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-06-21 13728]
    S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2012-08-25 26136]
    S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-05-14 26048]
    S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-05-14 26048]
    S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-05-14 44992]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
    S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-07-19 37480]
    S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
    S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys [2012-12-19 6144]
    S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2012-08-13 122640]
    S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-06-21 68512]
    S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-05-22 15736]
    S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2012-12-26 34752]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-22 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
    - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 17:32]
    .
    2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 15:21]
    .
    2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 19:38]
    .
    2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 19:38]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-25 6548112]
    "nveloApp"="c:\program files\Dataplex\CacheFilter\nveloApp.exe" [2012-05-11 117360]
    "MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-03 444856]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: mediafire.com\www
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\
    FF - ExtSQL: 2012-11-12 20:22; {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}; c:\users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{8D93BD99-EECF-4812-B3BA-B8A2E7FEEA11} - c:\programdata\{63B3AF69-722B-4FA9-965F-94DEB1E78796}\simplify3_setup_ext.exe
    AddRemove-{DC8F0C18-E6B0-4722-A4AB-D134473091C2} - c:\programdata\{E25B3CC7-9347-4C9D-9339-1E15F9DA7A07}\dejpeg4_setup_ext.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-26 22:21:37
    ComboFix-quarantined-files.txt 2012-12-26 22:21
    ComboFix2.txt 2012-12-26 22:17
    .
    Pre-Run: 912,385,757,184 bytes free
    Post-Run: 912,324,587,520 bytes free
    .
    - - End Of File - - A6875F29A96DDDA01AEFC73D1C6BA1F9
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Upload a File to Virustotal

    Go to http://www.virustotal.com/

    • Click the Browse... button
    • Navigate to the file c:\windows\PE_Rom.dll or just copy/paste it in.
    • Click the Scan it tab
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.
     
  11. mountainlion

    mountainlion Thread Starter

    Joined:
    Jan 9, 2007
    Messages:
    151
    i clicked on additional info,is that what you wanted?

    VirusTotal
    SHA256: c079ac756702aeb088663bf72b1461fbf8bad3dffb28496580cdc7c0545a6deb
    File name: PE_Rom.dll
    Detection ratio: 0 / 46
    Analysis date: 2012-12-26 22:35:30 UTC ( 0 minutes ago )
    0
    0
    More details

    Analysis
    Comments
    Votes
    Additional information

    ssdeep
    49152:tC7MMZpmdzZ+sLxw2ayVCXlR7TUv9IuV/FJ7Tcv9IuVWUTUQ:0YMZpiZBLKROCXlR7WV/FJ7OVWKF
    TrID
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    F-Prot packer identifier
    UPX
    ExifTool

    MIMEType.................: application/octet-stream
    Subsystem................: Windows GUI
    MachineType..............: Intel 386 or later, and compatibles
    TimeStamp................: 0000:00:00 00:00:00
    FileType.................: Win32 DLL
    PEType...................: PE32
    CodeSize.................: 4096
    LinkerVersion............: 9.0
    EntryPoint...............: 0x7d40
    InitializedDataSize......: 4096
    SubsystemVersion.........: 5.0
    ImageVersion.............: 0.0
    OSVersion................: 5.0
    UninitializedDataSize....: 24576

    Portable Executable structural information

    Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
    Entry point address...........: 0x00007D40

    PE Sections...................:

    Name Virtual Address Virtual Size Raw Size Entropy MD5
    UPX0 4096 24576 0 0.00 d41d8cd98f00b204e9800998ecf8427e
    UPX1 28672 4096 4096 7.50 f71600cd694e45107e54b35e07e7f0cd
    UPX2 32768 4096 1024 3.93 8a9fa88c48fffd29fcdbb95502603777

    PE Imports....................:

    [[KERNEL32.DLL]]
    VirtualProtect, VirtualFree, LoadLibraryA, VirtualAlloc, GetProcAddress

    [[ASIO.dll]]
    GetPortVal


    PE Exports....................:

    ASEX_Model_String, ASEX_block_count, ASEX_boot_block_version, ASEX_caller_id, ASEX_check_bios_image, ASEX_customer, ASEX_date, ASEX_flash_size, ASEX_get_bios_image, ASEX_hardware_compatible_version, ASEX_logo, ASEX_major_version, ASEX_mb, ASEX_message, ASEX_minor_version, ASEX_product, ASEX_systemflag, ASEX_update_bios_firmware

    ClamAV PUA Engine
    Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/support/faq/pua.
    First seen by VirusTotal
    2012-12-26 22:35:30 UTC ( 2 minutes ago )
    Last seen by VirusTotal
    2012-12-26 22:35:30 UTC ( 2 minutes ago )
    File names (max. 25)

    PE_Rom.dll
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Can also upload to Jotti for another check unless you know what it is or what it belongs to,

    1. Click HERE to get to Jotti's site.

    2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

    c:\windows\PE_Rom.dll

    3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

    4. Please provide me with the results of the analysis.

    Do you still get the last alert you mention?
     
  13. mountainlion

    mountainlion Thread Starter

    Joined:
    Jan 9, 2007
    Messages:
    151
    Here is the additional info from Jottis site below
    It said 1 out of 19 scanners reproted malware.
    File size: 4648880 bytes
    Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
    MD5: e7752313899990fd92836478d2e592c4
    SHA1: 3545463cd7cbeca842b0527027ad5487cdca8c38
    Packer (Avast): UPX
    Packer (Drweb): UPX
    Packer (Kaspersky): UPX

    Yes i still get the alert,its something to do with asus setup,its no big deal,i think maybe in time it will go when my drivers/motherboard get updated etc as there isnt anything else though i have the latest drivers for both.
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Yes I see the alert is related to ASUS, also the file I ask you to update comes on your system maybe at the same time. There are other ASUS entries that arrive together:

    2012-12-26 21:02 . 2012-12-26 21:05 4648880 ----a-w- c:\windows\PE_Rom.dll
    2012-12-26 21:02 . 2012-12-26 21:02 -------- d-----w- c:\programdata\ASUS OC Profiles
    2012-12-26 21:02 . 2012-12-26 21:02 -------- d-----w- c:\programdata\ASUS PowerControl Profiles
    2012-12-26 21:01 . 2012-12-26 21:01 -------- d-----w- c:\program files\ASUS


    I agree with you, if this alert is related to ASUS it is maybe not malicious. The file uploaded is a packer, it maybe is ok if you know for sure is also part of ASUS.

    Do you have any other issues or problems that cause you concern, or are you happy to clean up and close out...
     
  15. mountainlion

    mountainlion Thread Starter

    Joined:
    Jan 9, 2007
    Messages:
    151
    Thanks kevin for all your help,asus isnt malicious and in time it will go or i'll just unistall the drivers then reinstall,thanks again for all your help kevin,you know your stuff!!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1082321

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice