1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan Dropper virus on services file

Discussion in 'Virus & Other Malware Removal' started by FizzyJay, Jul 11, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. FizzyJay

    FizzyJay Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    5
    I ran my AVG anti-virus software and it told me that the file:
    C:\Windows\System32\services.exe
    has been infected with Trojan horse Dropper.Generic_c.MMI and that the infected file has been white listed.

    Here is my HJT scan file:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:43:09 PM, on 10/07/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\Video Web Camera\traybar.exe
    C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Users\Thomas\Desktop\a.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=nv59&r=27360810k6b6l0370z1h5a49k1y320
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=nv59&r=27360810k6b6l0370z1h5a49k1y320
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=nv59&r=27360810k6b6l0370z1h5a49k1y320
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - MRI_DISABLED - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.cantireu.com
    O15 - Trusted Zone: *.icanelearn.com
    O15 - Trusted Zone: *.line6.net
    O15 - Trusted Zone: *.plateau.com
    O16 - DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} (Setup Class) - https://www.permissionresearch.com/Config/packages/pr/prsetup.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13852 bytes

    I'm looking for someone to help me please :C
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Hello FizzyJay and welcome to TSG,

    I'm kevinf80 and I will be helping with any malware issues you may have with your system.

    • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
    • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
    • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
    • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.

    Please proceed as follows :-


    Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then enter. Type exit when its finished and re-boot your PC.

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  3. FizzyJay

    FizzyJay Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    5
    Thanks for the swift reply Kevin, I did the command promt command and it said that there were no "Violations", but I did not see any sort of log made for that.

    Here is the log for the ComboFix:

    ComboFix 12-07-11.03 - Thomas 11/07/2012 19:39:52.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.7860.5928 [GMT -6:00]
    Running from: c:\users\Thomas\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\intellidownload\gunzip.exe
    c:\programdata\CP.ico
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\Downloaded Program Files\prsetup.dll
    c:\windows\Installer\{188a36e9-5e0c-c310-6f0d-08896b023b54}\@
    c:\windows\Installer\{188a36e9-5e0c-c310-6f0d-08896b023b54}\L\00000004.@
    c:\windows\Installer\{188a36e9-5e0c-c310-6f0d-08896b023b54}\L\201d3dde
    c:\windows\Installer\{188a36e9-5e0c-c310-6f0d-08896b023b54}\L\55490ac4
    c:\windows\Installer\{188a36e9-5e0c-c310-6f0d-08896b023b54}\U\00000004.@
    c:\windows\Installer\{188a36e9-5e0c-c310-6f0d-08896b023b54}\U\00000008.@
    c:\windows\Installer\{188a36e9-5e0c-c310-6f0d-08896b023b54}\U\000000cb.@
    c:\windows\Installer\{188a36e9-5e0c-c310-6f0d-08896b023b54}\U\80000000.@
    c:\windows\Installer\{188a36e9-5e0c-c310-6f0d-08896b023b54}\U\80000032.@
    c:\windows\Installer\{188a36e9-5e0c-c310-6f0d-08896b023b54}\U\80000064.@
    c:\windows\system32\fxsst.dll . . . . Failed to delete
    c:\windows\system32\slwga.dll . . . . Failed to delete
    c:\windows\system32\srrstr.dll . . . . Failed to delete
    c:\windows\system32\systemcpl.dll . . . . Failed to delete
    c:\windows\system32\termsrv.dll . . . . Failed to delete
    .
    ----- File Replicators -----
    .
    c:\programdata\Adobe\Reader\9.2\ARM\11748\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\11748\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\11748\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\11861\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\11861\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\11861\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\1201\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\1201\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\1201\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\13636\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\13636\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\13636\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\14180\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\14180\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\14180\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\17357\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\17357\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\17357\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\20515\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\20515\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\20515\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\23347\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\23347\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\23347\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\24111\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\24111\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\24111\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\25936\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\25936\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\25936\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\26820\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\26820\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\26820\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\27295\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\27295\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\27295\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\30466\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\30466\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\30466\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\31237\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\31237\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\31237\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\3140\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\3140\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\3140\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\9382\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\9382\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\9382\ReaderUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\9947\AcrobatUpdater.exe
    c:\programdata\Adobe\Reader\9.2\ARM\9947\AdobeARMHelper.exe
    c:\programdata\Adobe\Reader\9.2\ARM\9947\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\11748\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\11748\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\11748\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\11861\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\11861\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\11861\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\1201\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\1201\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\1201\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\13636\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\13636\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\13636\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\14180\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\14180\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\14180\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\17357\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\17357\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\17357\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\20515\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\20515\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\20515\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\23347\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\23347\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\23347\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\24111\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\24111\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\24111\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\25936\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\25936\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\25936\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\26820\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\26820\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\26820\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\27295\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\27295\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\27295\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\30466\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\30466\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\30466\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\31237\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\31237\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\31237\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\3140\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\3140\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\3140\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\9382\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\9382\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\9382\ReaderUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\9947\AcrobatUpdater.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\9947\AdobeARMHelper.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\9947\ReaderUpdater.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-12 01:51 . 2012-07-12 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-07 03:57 . 2012-07-07 03:57 -------- d-----w- c:\users\Thomas\AppData\Roaming\Packard Bell
    2012-07-07 03:57 . 2012-07-07 03:57 -------- d-----w- c:\users\Thomas\AppData\Local\Gateway
    2012-07-06 04:38 . 2012-07-06 04:39 -------- d-----w- c:\users\Thomas\AppData\Roaming\AVG
    2012-07-05 16:24 . 2012-07-05 16:24 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
    2012-07-04 02:00 . 2012-07-11 06:47 -------- d-----w- c:\windows\usb-audio.deBehringer2902
    2012-07-04 01:50 . 2009-10-30 19:39 49728 ----a-w- c:\windows\system32\drivers\busbwdm.sys
    2012-07-04 01:50 . 2009-10-30 19:39 460864 ----a-w- c:\windows\system32\drivers\BUSB2902.sys
    2012-07-03 15:06 . 2012-07-03 15:06 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-03 15:01 . 2012-07-03 15:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-03 15:01 . 2012-07-03 15:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 15:01 . 2012-07-03 15:01 -------- d-----w- c:\windows\system32\Macromed
    2012-07-03 14:55 . 2012-07-03 20:18 -------- d-----w- c:\program files (x86)\OApps
    2012-07-03 14:55 . 2012-07-03 14:55 -------- d-----w- c:\program files (x86)\TorrentSearch
    2012-07-03 14:55 . 2012-07-12 01:50 -------- d-----w- c:\program files (x86)\intellidownload
    2012-07-03 14:46 . 2012-07-03 20:39 -------- d-----w- c:\users\Thomas\AppData\Roaming\Line 6
    2012-07-03 14:45 . 2012-07-03 14:45 -------- d-----w- c:\programdata\Line 6
    2012-07-03 14:45 . 2012-07-03 14:45 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
    2012-07-03 14:45 . 2012-07-03 14:45 -------- d-----w- c:\program files (x86)\Line6
    2012-07-03 14:38 . 2012-07-03 14:38 -------- d-----w- c:\users\Thomas\AppData\Local\CRE
    2012-07-03 14:38 . 2012-07-03 14:38 -------- d-----w- c:\program files (x86)\Conduit
    2012-07-03 14:38 . 2012-07-03 14:38 -------- d-----w- c:\users\Thomas\AppData\Local\Conduit
    2012-07-03 14:38 . 2012-07-11 06:48 -------- d-----w- c:\program files (x86)\uTorrent
    2012-07-03 14:37 . 2012-07-11 06:48 -------- d-----w- c:\users\Thomas\AppData\Roaming\uTorrent
    2012-06-24 19:48 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-22 13:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 13:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 13:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 13:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 13:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 13:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 13:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 13:13 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 13:13 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-14 04:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-14 04:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-14 04:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-14 04:53 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-14 04:53 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 04:53 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-14 04:53 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-14 04:53 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 04:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-14 04:52 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-14 04:52 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-14 04:52 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-14 04:52 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-14 04:52 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-14 04:52 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-14 04:52 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-14 04:52 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-13 04:01 . 2012-06-13 04:01 -------- d-----w- c:\users\Thomas\AppData\Local\AVG Secure Search
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-05 22:50 . 2012-06-05 22:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-06-05 22:50 . 2012-06-05 22:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-06-05 22:50 . 2012-06-05 22:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-06-05 22:50 . 2012-06-05 22:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-06-05 22:50 . 2012-06-05 22:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-06-05 22:50 . 2012-06-05 22:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-06-05 22:50 . 2012-06-05 22:50 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-06-05 22:50 . 2012-06-05 22:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-06-05 22:50 . 2012-06-05 22:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-06-05 22:50 . 2012-06-05 22:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-06-05 22:50 . 2012-06-05 22:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-06-05 22:50 . 2012-06-05 22:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-06-05 22:50 . 2012-06-05 22:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-06-05 22:50 . 2012-06-05 22:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-06-05 22:50 . 2012-06-05 22:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-06-05 22:50 . 2012-06-05 22:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-06-05 22:50 . 2012-06-05 22:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-06-05 22:50 . 2012-06-05 22:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-06-05 22:50 . 2012-06-05 22:50 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-06-05 22:50 . 2012-06-05 22:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-06-05 22:50 . 2012-06-05 22:50 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-06-05 22:50 . 2012-06-05 22:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-06-05 22:50 . 2012-06-05 22:50 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-06-05 22:50 . 2012-06-05 22:50 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-06-05 22:50 . 2012-06-05 22:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-06-05 22:50 . 2012-06-05 22:50 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-06-05 22:50 . 2012-06-05 22:50 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-06-05 22:50 . 2012-06-05 22:50 448512 ----a-w- c:\windows\system32\html.iec
    2012-06-05 22:50 . 2012-06-05 22:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-06-05 22:50 . 2012-06-05 22:50 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-06-05 22:50 . 2012-06-05 22:50 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-06-05 22:50 . 2012-06-05 22:50 603648 ----a-w- c:\windows\system32\vbscript.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-06-12 14:56 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-14 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-09-24 244480]
    "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-12-03 600688]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
    "CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
    "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
    "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
    "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-23 928096]
    .
    c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe [2012-3-13 274328]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 11:08 35696 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 136176]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-22 40448]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
    R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys [2009-10-30 460864]
    R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2009-10-30 49728]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 136176]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe [2012-03-13 237272]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-21 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-09-26 64272]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
    S1 RapportCerberus_32029;RapportCerberus_32029;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus64_32029.sys [2011-10-18 396816]
    S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-09-26 55056]
    S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-09-26 61712]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
    S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
    S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-09-26 919352]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
    S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
    S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 118864]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 02:54]
    .
    2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-28 02:54]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
    "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=nv59&r=27360810k6b6l0370z1h5a49k1y320
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: cantireu.com
    Trusted Zone: icanelearn.com
    Trusted Zone: line6.net
    Trusted Zone: plateau.com
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files (x86)\Pando Networks\Media Booster\uninst.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-640407645-4038575709-3359598853-1001\Software\SecuROM\License information*]
    "datasecu"=hex:18,0e,52,d6,9b,9c,31,91,e1,a2,67,2d,63,8a,c8,f0,45,1f,97,32,56,
    e0,0c,11,c5,4c,00,51,1a,50,ef,d9,31,ef,d2,cb,e4,82,7a,4c,12,8d,58,1a,b0,c3,\
    "rkeysecu"=hex:d4,b9,60,18,d4,27,0a,7d,bd,68,93,3b,ba,0a,24,65
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-11 20:04:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-12 02:04
    .
    Pre-Run: 473,582,874,624 bytes free
    Post-Run: 483,927,490,560 bytes free
    .
    - - End Of File - - D3FE263550DAA5280F07D3FE69ADB9CD

    Awaiting further instructions..
     
  4. FizzyJay

    FizzyJay Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    5
    On a side note, ComboFix said I hadn't disabled my AVG security when infact I had, I wasn't sure what to do about that but it ran anyways. I haven't noticed any damage as of yet thankfully.

    Awaiting further instructions..
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    OK, continue as follows please:

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    ClearJavaCache::
    Folder::
    c:\windows\SysWow64\%APPDATA%
    c:\program files (x86)\Conduit
    c:\users\Thomas\AppData\Local\Conduit
    c:\program files (x86)\uTorrentControl2
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"=-
    [-HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"=-
    [-HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 3

    Go here http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html to Download Sophos tool.

    Select the Download now tab as below:


    [​IMG]

    In the new window select for Home User then fill out all necessary information:

    The download should start automatically, if not select the link as below:


    [​IMG]

    Save the download file to your Desktop, when complete double click the file [​IMG] to install the tool. Windows 7 or Vista user accept UAC alert.

    The tool will self extract as below:


    [​IMG]


    In the new window select next, as below:


    [​IMG]


    Agree the licence and select next, as below:


    [​IMG]


    Leave the installation folder as default, select next, as below:


    [​IMG]


    In the new window select "Install" as below:


    [​IMG]


    The install will progress from:


    [​IMG]


    To:

    [​IMG]


    At the above image ensure "Launch Sophos Virus Removal tool" is checked, then select Finish:

    In the new window select "Start scanning" as below:


    [​IMG]


    When the tool completes the log can be found by Navigating Start > Computer > C:\Program data \Sophos. open the Sophos folder and expand to Logs.

    Post the 3 produced logs, also give update on current issues/concerns..

    Kevin
     
  6. FizzyJay

    FizzyJay Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    5
    Here is the ComboFix log:

    ComboFix 12-07-11.03 - Thomas 12/07/2012 1:31.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.7860.5772 [GMT -6:00]
    Running from: c:\users\Thomas\Desktop\ComboFix.exe
    Command switches used :: c:\users\Thomas\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\fxsst.dll . . . . Failed to delete
    c:\windows\system32\slwga.dll . . . . Failed to delete
    c:\windows\system32\srrstr.dll . . . . Failed to delete
    c:\windows\system32\systemcpl.dll . . . . Failed to delete
    c:\windows\system32\termsrv.dll . . . . Failed to delete
    .
    ----- File Replicators -----
    .
    c:\programdata\Adobe\Reader\9.2\ARM\11748\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\11861\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\1201\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\13636\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\14180\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\15238\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\17357\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\20515\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\23347\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\24111\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\25936\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\26820\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\27295\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\30466\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\31237\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\3140\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\9382\AdobeARM.exe
    c:\programdata\Adobe\Reader\9.2\ARM\9947\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\11748\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\11861\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\1201\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\13636\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\14180\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\15238\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\17357\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\20515\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\23347\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\24111\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\25936\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\26820\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\27295\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\30466\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\31237\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\3140\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\9382\AdobeARM.exe
    c:\users\All Users\Adobe\Reader\9.2\ARM\9947\AdobeARM.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-12 08:14 . 2012-07-12 08:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-07 03:57 . 2012-07-07 03:57 -------- d-----w- c:\users\Thomas\AppData\Roaming\Packard Bell
    2012-07-07 03:57 . 2012-07-07 03:57 -------- d-----w- c:\users\Thomas\AppData\Local\Gateway
    2012-07-06 04:38 . 2012-07-06 04:39 -------- d-----w- c:\users\Thomas\AppData\Roaming\AVG
    2012-07-05 16:24 . 2012-07-05 16:24 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
    2012-07-04 02:00 . 2012-07-11 06:47 -------- d-----w- c:\windows\usb-audio.deBehringer2902
    2012-07-04 01:50 . 2009-10-30 19:39 49728 ----a-w- c:\windows\system32\drivers\busbwdm.sys
    2012-07-04 01:50 . 2009-10-30 19:39 460864 ----a-w- c:\windows\system32\drivers\BUSB2902.sys
    2012-07-03 15:06 . 2012-07-03 15:06 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-03 15:01 . 2012-07-03 15:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-03 15:01 . 2012-07-03 15:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 15:01 . 2012-07-03 15:01 -------- d-----w- c:\windows\system32\Macromed
    2012-07-03 14:55 . 2012-07-03 20:18 -------- d-----w- c:\program files (x86)\OApps
    2012-07-03 14:55 . 2012-07-03 14:55 -------- d-----w- c:\program files (x86)\TorrentSearch
    2012-07-03 14:55 . 2012-07-12 01:50 -------- d-----w- c:\program files (x86)\intellidownload
    2012-07-03 14:46 . 2012-07-03 20:39 -------- d-----w- c:\users\Thomas\AppData\Roaming\Line 6
    2012-07-03 14:45 . 2012-07-03 14:45 -------- d-----w- c:\programdata\Line 6
    2012-07-03 14:45 . 2012-07-03 14:45 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
    2012-07-03 14:45 . 2012-07-03 14:45 -------- d-----w- c:\program files (x86)\Line6
    2012-07-03 14:38 . 2012-07-03 14:38 -------- d-----w- c:\users\Thomas\AppData\Local\CRE
    2012-07-03 14:38 . 2012-07-03 14:38 -------- d-----w- c:\program files (x86)\Conduit
    2012-07-03 14:38 . 2012-07-03 14:38 -------- d-----w- c:\users\Thomas\AppData\Local\Conduit
    2012-07-03 14:38 . 2012-07-11 06:48 -------- d-----w- c:\program files (x86)\uTorrent
    2012-07-03 14:37 . 2012-07-11 06:48 -------- d-----w- c:\users\Thomas\AppData\Roaming\uTorrent
    2012-06-24 19:48 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-22 13:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 13:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 13:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 13:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 13:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 13:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 13:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 13:13 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 13:13 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-14 04:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-14 04:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-14 04:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-14 04:53 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-14 04:53 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 04:53 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-14 04:53 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-14 04:53 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 04:52 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-14 04:52 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-14 04:52 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-14 04:52 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-14 04:52 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-14 04:52 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-14 04:52 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-14 04:52 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-14 04:52 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-13 04:01 . 2012-06-13 04:01 -------- d-----w- c:\users\Thomas\AppData\Local\AVG Secure Search
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-05 22:50 . 2012-06-05 22:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-06-05 22:50 . 2012-06-05 22:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-06-05 22:50 . 2012-06-05 22:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-06-05 22:50 . 2012-06-05 22:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-06-05 22:50 . 2012-06-05 22:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-06-05 22:50 . 2012-06-05 22:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-06-05 22:50 . 2012-06-05 22:50 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-06-05 22:50 . 2012-06-05 22:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-06-05 22:50 . 2012-06-05 22:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-06-05 22:50 . 2012-06-05 22:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-06-05 22:50 . 2012-06-05 22:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-06-05 22:50 . 2012-06-05 22:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-06-05 22:50 . 2012-06-05 22:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-06-05 22:50 . 2012-06-05 22:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-06-05 22:50 . 2012-06-05 22:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-06-05 22:50 . 2012-06-05 22:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-06-05 22:50 . 2012-06-05 22:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-06-05 22:50 . 2012-06-05 22:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-06-05 22:50 . 2012-06-05 22:50 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-06-05 22:50 . 2012-06-05 22:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-06-05 22:50 . 2012-06-05 22:50 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-06-05 22:50 . 2012-06-05 22:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-06-05 22:50 . 2012-06-05 22:50 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-06-05 22:50 . 2012-06-05 22:50 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-06-05 22:50 . 2012-06-05 22:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-06-05 22:50 . 2012-06-05 22:50 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-06-05 22:50 . 2012-06-05 22:50 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-06-05 22:50 . 2012-06-05 22:50 448512 ----a-w- c:\windows\system32\html.iec
    2012-06-05 22:50 . 2012-06-05 22:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-06-05 22:50 . 2012-06-05 22:50 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-06-05 22:50 . 2012-06-05 22:50 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-06-05 22:50 . 2012-06-05 22:50 603648 ----a-w- c:\windows\system32\vbscript.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-12_01.56.50 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-11-06 05:06 . 2012-07-12 02:31 45130 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-12 08:19 38160 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-08-21 01:29 . 2012-07-12 08:19 11160 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-640407645-4038575709-3359598853-1001_UserData.bin
    - 2012-07-12 01:54 . 2012-07-12 01:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-12 08:16 . 2012-07-12 08:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-07-12 01:54 . 2012-07-12 01:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-12 08:16 . 2012-07-12 08:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 04:54 . 2012-07-12 08:16 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-07-12 01:54 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-08-21 04:08 . 2012-07-12 07:16 317510 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 05:01 . 2012-07-12 08:15 327648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-07-12 01:53 327648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:54 . 2012-07-12 08:16 1228800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-12 01:54 1228800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-12 08:16 1474560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-12 01:54 1474560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-02-21 15:21 . 2012-07-12 08:15 2431220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-640407645-4038575709-3359598853-1001-8192.dat
    + 2012-07-04 02:01 . 2012-07-12 02:26 1745472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-640407645-4038575709-3359598853-1001-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-06-12 14:56 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-14 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-09-24 244480]
    "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2009-12-03 600688]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
    "CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
    "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
    "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
    "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-23 928096]
    .
    c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe [2012-3-13 274328]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 11:08 35696 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-22 40448]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
    R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys [2009-10-30 460864]
    R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2009-10-30 49728]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe [2012-03-13 237272]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-21 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-09-26 64272]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
    S1 RapportCerberus_32029;RapportCerberus_32029;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus64_32029.sys [2011-10-18 396816]
    S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-09-26 55056]
    S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-09-26 61712]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
    S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
    S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-09-26 919352]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
    S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
    S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 118864]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
    .
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
    "Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=nv59&r=27360810k6b6l0370z1h5a49k1y320
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: cantireu.com
    Trusted Zone: icanelearn.com
    Trusted Zone: line6.net
    Trusted Zone: plateau.com
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-640407645-4038575709-3359598853-1001\Software\SecuROM\License information*]
    "datasecu"=hex:18,0e,52,d6,9b,9c,31,91,e1,a2,67,2d,63,8a,c8,f0,45,1f,97,32,56,
    e0,0c,11,c5,4c,00,51,1a,50,ef,d9,31,ef,d2,cb,e4,82,7a,4c,12,8d,58,1a,b0,c3,\
    "rkeysecu"=hex:d4,b9,60,18,d4,27,0a,7d,bd,68,93,3b,ba,0a,24,65
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-12 02:26:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-12 08:26
    ComboFix2.txt 2012-07-12 02:04
    .
    Pre-Run: 484,467,417,088 bytes free
    Post-Run: 484,227,055,616 bytes free
    .
    - - End Of File - - 820756381DC0C83CED20E1293727D697

    Here is the MBAM log:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.12.08
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Thomas :: THOMAS-PC [administrator]
    12/07/2012 9:59:42 AM
    mbam-log-2012-07-12 (09-59-42).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213758
    Time elapsed: 1 minute(s), 34 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 1
    HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    Finally, here is the sophos log:

    2012-07-12 10:04:02 Sophos Virus Removal Tool version 2.1
    2012-07-12 10:04:02 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.
    2012-07-12 10:04:02 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
    2012-07-12 10:04:02 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2012-07-12 10:04:02 Component SVRTcli.exe version 2.1
    2012-07-12 10:04:02 Component control.dll version 2.1
    2012-07-12 10:04:02 Component SVRTservice.exe version 2.1
    2012-07-12 10:04:02 Component osdp.dll version 1.44.0.1982
    2012-07-12 10:04:03 Component veex.dll version 3.33.2.1982
    2012-07-12 10:04:03 Component savi.dll version 7.5.9.1982
    2012-07-12 10:04:03 Component rkdisk.dll version 1.5.30.0
    2012-07-12 10:04:12 Option all = no
    2012-07-12 10:04:12 Option recurse = yes
    2012-07-12 10:04:12 Option archive = no
    2012-07-12 10:04:12 Option service = yes
    2012-07-12 10:04:12 Option confirm = yes
    2012-07-12 10:04:12 Option sxl = yes
    2012-07-12 10:04:12 Option max-data-age = 35
    2012-07-12 10:04:12 Version info: Product version 2.1
    2012-07-12 10:04:12 Version info: Detection engine 3.33.2
    2012-07-12 10:04:12 Version info: Detection data 4.79
    2012-07-12 10:04:12 Version info: Virus data date 02/07/2012
    2012-07-12 10:04:12 Version info: Data files added 261


    2012-07-12 10:44:00 Could not open C:\hiberfil.sys
    2012-07-12 10:45:13 Could not open C:\pagefile.sys
    2012-07-12 10:52:34 >>> Virus 'Mal/FakeAV-DO' found in file C:\Program Files (x86)\Gateway Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe\FILE:0001
    2012-07-12 11:03:07 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2012-07-12 11:03:07 Could not open C:\System Volume Information\{58ea33b6-cc38-11e1-8520-00262d714433}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2012-07-12 11:03:07 Could not open C:\System Volume Information\{973640a7-cb15-11e1-a9fa-00262d714433}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2012-07-12 11:18:00 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2012-07-12 11:18:00 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2012-07-12 11:49:25 The following items will be cleaned up:
    2012-07-12 11:49:25 Mal/FakeAV-DO
    2012-07-12 12:01:49 >>> Virus 'Mal/FakeAV-DO' found in file C:\Program Files (x86)\Gateway Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe\FILE:0001
    2012-07-12 12:01:49 Disinfection failed
    2012-07-12 12:02:09 Scan completed.
    2012-07-12 12:02:09
    ------------------------------------------------------------


    With respect to my current issues/concerns, my computer appears to be running better since the runnings of combofix, mbam and sophos although sophos failed to remove the malware it discovered. ComboFix did take not quite an hour to run this morning (~1:30am -> 2:30am my time), could this be due to a more serious infection? MBAM detected one threat and removed it successfully, which is a good thing ;). Prior to starting this fix process, my computer sometimes would freeze while gaming or even while browsing with chrome/ie. While I have yet to use my computer for online games, browsing has not lead to a freeze as of yet. The speed of my computer at startup still feels slower than it did before my pc became infected. Could this be from some damage done by the infection(s) or due to a lingering infection that the software run up to this point has not detected? Regardless, great work thus far with removing these threats from my computer.

    Awaiting further instructions..
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Hiya FizzyJay,

    I concerned that Combofix is looking to delete the following system files, maybe they are corrupt or patched. It is unusual action from CF

    c:\windows\system32\fxsst.dll
    c:\windows\system32\slwga.dll
    c:\windows\system32\srrstr.dll
    c:\windows\system32\systemcpl.dll
    c:\windows\system32\termsrv.dll

    I`d like you to uload them to VirusTotal for analysis.

    Please visit
    Virustotal
    • Click the Browse... button
    • Navigate to the file c:\windows\system32\fxsst.dll or just copy/paste it in.
    • Click the Scan it tab
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.
    • Repeat the above steps for the following files

    c:\windows\system32\slwga.dll
    c:\windows\system32\srrstr.dll
    c:\windows\system32\systemcpl.dll
    c:\windows\system32\termsrv.dll


    Let me see the results,

    Also can you UNinstall Virtual Villagers - The Secret City

    Kevin
     
  8. FizzyJay

    FizzyJay Thread Starter

    Joined:
    Jul 11, 2012
    Messages:
    5
    The first file, c:\windows\system32\fxsst.dll, does not exist according to VirusTotal
    Link for the second scan: https://www.virustotal.com/file/da5...507edcc740cbbcc2ac3a340f/analysis/1342129972/
    The third file, c:\windows\system32\srrstr.dll, does not exist according to VirusTotal
    Link for the fourth scan:
    https://www.virustotal.com/file/109...d2aab5ebfcd59e8ba66ff3fa/analysis/1342130276/
    The fifth and final file also does not exist according to VirusTotal

    I uninstalled that Gateway game as requested

    Awaiting further instructions..
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Apologies for dragging this out, I want to be 100% sure we`ve missed nothing, run the following :-

    Step 1

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Kevin..
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1060496