1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan/virus java.exe/explorer.exe

Discussion in 'Virus & Other Malware Removal' started by edrage, Jun 4, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. edrage

    edrage Thread Starter

    Joined:
    Jun 4, 2011
    Messages:
    7
    Hi,

    I really appreciate the help, so it began with some minecraft texture packs (I well I think it did), I trusted something or click ok when I was installing them in a lapse of judgement I should know better really.

    firstly steam logged itself out which I found very odd, then Google chrome was going very slowly, and AVG went nuts but could not remove the infection as inaccessible.

    Malwarebytes has not really been any help except to point out I have a problem, but it can't remove it and it crashes the PC if I try to "fix". It does however stop access attempts as below this reoccurs about every 5 minuets but I can kill the process and this will stop the attempts/warnings.

    23:39:07 Administrator IP-BLOCK 94.102.55.234 (Type: outgoing, Port: 63752, Process: java.exe)
    00:10:45 Administrator IP-BLOCK 94.102.55.234 (Type: outgoing, Port: 49225, Process: 5y8maeiyrm9.exe)

    Also it kicks up warnings when I start task manager or access the properties of the what I suspect to be the infected files in appdata roaming and local/temp

    I look forward to a hearing from you

    Thanks
    Ed



    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows 7 Home Premium , Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz, Intel64 Family 6 Model 26 Stepping 5
    Processor Count: 8
    RAM: 6142 Mb
    Graphics Card: NVIDIA GeForce GTX 285, 1024 Mb
    Hard Drives: C: Total - 451706 MB, Free - 308091 MB;
    Motherboard: Gigabyte Technology Co., Ltd., EX58-UD3R, x.x,
    Antivirus: AVG Anti-Virus Free, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 01:20:18, on 05/06/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Users\Administrator\AppData\Roaming\Java\Java.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Users\Administrator\AppData\Roaming\Java\Java.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.scan.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: Shell=Explorer.exe "C:\Users\Administrator\AppData\Roaming\services.exe"
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Defender] C:\Users\Administrator\AppData\Roaming\explorer.exe
    O4 - HKLM\..\Run: [MSWUpdate] "C:\Users\Administrator\AppData\Roaming\services.exe"
    O4 - HKLM\..\Run: [9HRPJBKQFYX6S] C:\Users\Administrator\AppData\Roaming\5Y8MAEIYRM9.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Windows Defender] C:\Users\Administrator\AppData\Roaming\explorer.exe
    O4 - HKCU\..\Run: [MSWUpdate] "C:\Users\Administrator\AppData\Roaming\services.exe"
    O4 - HKCU\..\Run: [Java] C:\Users\Administrator\AppData\Roaming\Java\Java.exe
    O4 - HKCU\..\Run: [9HRPJBKQFYX6S] C:\Users\Administrator\AppData\Roaming\5Y8MAEIYRM9.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Windows Defender] C:\Users\Administrator\AppData\Roaming\explorer.exe

    DDS (Ver_2011-06-03.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by Administrator at 1:24:36 on 2011-06-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6142.4195 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Users\Administrator\AppData\Roaming\explorer.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Users\Administrator\AppData\Roaming\Java\Java.exe
    C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Users\Administrator\AppData\Roaming\Java\Java.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Mozy\MozyHomeEuropestat.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
     

    Attached Files:

  2. edrage

    edrage Thread Starter

    Joined:
    Jun 4, 2011
    Messages:
    7
    I have been looking at this and I presume the Virus is the Explorer.exe file in the C:\Users\Administrator\AppData\Roaming\explorer.exe

    This is the one that all the scanners and anti virus come up with but none can remove it house call I think came the closest but it Windows 7 blue screened out. it does the same when I try and end the process so I won;t be doing that again.

    I have my windows disks but really want to avoid a re install as I have a load of stuff that will be a pain to recover.

    I am being patient but pro actively so, the upload attempts by this virus really worry me what is it trying to upload?

    I have avoided typing any passwords, going on any banking sites etc.

    thanks
    Ed
     
  3. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    If help still needed post fresh dds logs.
     
  4. edrage

    edrage Thread Starter

    Joined:
    Jun 4, 2011
    Messages:
    7
    Hi I hope this is what you requested


    DDS (Ver_2011-06-12.02) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Administrator at 22:57:11 on 2011-06-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6142.4097 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files\Mozy\MozyHomeEuropestat.exe
    C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Mozy\MozyHomeEuropebackup.exe
    C:\Program Files\Mozy\MozyHomeEuropebackup.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============


    Thanks
     
  5. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    That appears to be only partial log. Could you post a complete one, please?
     
  6. edrage

    edrage Thread Starter

    Joined:
    Jun 4, 2011
    Messages:
    7
    sorry didn't realise how far down it went
    thanks

    .
    DDS (Ver_2011-06-12.02) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Administrator at 18:16:35 on 2011-06-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6142.4170 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Mozy\MozyHomeEuropebackup.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Mozy\MozyHomeEuropebackup.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Mozy\MozyHomeEuropebackup.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files\Mozy\MozyHomeEuropestat.exe
    C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Page_URL = hxxp://www.scan.co.uk
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [AdobeBridge]
    uRun: [Windows Defender] C:\Users\Administrator\AppData\Roaming\explorer.exe
    mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [Windows Defender] C:\Users\Administrator\AppData\Roaming\explorer.exe
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    uExplorerRun: [9HRPJBKQFYX6S] C:\Users\Administrator\AppData\Roaming\5Y8MAEIYRM9.exe
    mExplorerRun: [Windows Defender] C:\Users\Administrator\AppData\Roaming\explorer.exe
    mExplorerRun: [9HRPJBKQFYX6S] C:\Users\Administrator\AppData\Roaming\5Y8MAEIYRM9.exe
    StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYST~1.LNK - C:\Program Files (x86)\Mozy\MozyHomeEuropestat.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EC58361D-3A7E-4EAA-99B9-3ACD426EDC7D} : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [Windows Defender] C:\Users\Administrator\AppData\Roaming\explorer.exe
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gyj8macc.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gyj8macc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Downloader\npdd.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gyj8macc.default\extensions\[email protected]\plugins\npBP4FUpdater.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\system32\DRIVERS\tdrpm258.sys --> C:\Windows\system32\DRIVERS\tdrpm258.sys [?]
    R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
    R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
    R1 AvgTdiA;AVG Free Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
    R1 MozyHomeEuropeFilter;MozyHomeEuropeFilter;C:\Windows\system32\DRIVERS\MozyHomeEurope.sys --> C:\Windows\system32\DRIVERS\MozyHomeEurope.sys [?]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-4-28 52496]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-4-28 61200]
    R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-1-26 2480048]
    R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-4 366640]
    R2 MozyHomeEuropebackup;Mozy Backup Service;C:\Program Files\Mozy\MozyHomeEuropebackup.exe [2011-4-7 49968]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
    R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 SaiK0728;SaiK0728;C:\Windows\system32\DRIVERS\SaiK0728.sys --> C:\Windows\system32\DRIVERS\SaiK0728.sys [?]
    R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-1-26 79360]
    S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2010-1-26 5632]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    S3 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-06-09 23:04:40 -------- d-----w- C:\Program Files (x86)\AMD
    2011-06-08 16:59:29 64272 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
    2011-06-07 02:07:14 -------- d-----w- C:\Users\Administrator\AppData\Local\Origin
    2011-06-07 02:06:55 -------- d-----w- C:\Program Files (x86)\Origin Games
    2011-06-07 02:06:51 -------- d-----w- C:\Program Files (x86)\Origin
    2011-06-06 17:12:26 -------- d-----w- C:\Program Files\CCleaner
    2011-06-05 13:09:03 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98AAE257-046E-44DB-9536-AAC8DFC16080}\mpengine.dll
    2011-06-05 00:19:56 388096 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-05 00:19:56 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-06-04 22:34:43 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2011-06-04 22:34:39 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-04 22:34:39 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-06-04 22:34:36 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-06-04 22:34:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-06-04 17:34:46 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Java
    2011-05-31 23:17:30 -------- d-----w- C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-05-31 00:30:21 -------- d-----r- C:\Users\Administrator\Dropbox
    2011-05-31 00:28:13 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Dropbox
    2011-05-30 17:40:59 66552 ----a-w- C:\Windows\System32\drivers\MozyHomeEurope.sys
    2011-05-30 17:40:58 -------- d-----w- C:\Program Files\Mozy
    2011-05-29 13:17:52 40960 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2011-05-29 13:17:52 40960 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2011-05-29 13:17:52 -------- d-----w- C:\Program Files (x86)\Project64 1.6
    2011-05-27 17:07:44 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2011-05-26 21:20:41 -------- d-----w- C:\Users\Administrator\AppData\Roaming\PDAppFlex
    2011-05-25 19:57:23 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Adobe Mini Bridge CS5.1
    2011-05-25 19:57:22 -------- d-----w- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2011-05-25 17:03:10 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-05-24 22:16:55 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
    2011-05-24 22:16:55 328712 ----a-w- C:\Windows\System32\MijFrc.dll
    2011-05-24 22:16:55 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
    2011-05-24 22:16:55 -------- d-----w- C:\Users\Administrator\AppData\Roaming\MotioninJoy
    2011-05-24 22:16:54 97040 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
    2011-05-24 22:16:54 -------- d-----w- C:\Program Files\MotioninJoy
    2011-05-24 22:09:25 46592 ----a-w- C:\Windows\SysWow64\libusb0.dll
    2011-05-24 22:09:25 33792 ----a-w- C:\Windows\SysWow64\drivers\libusb0.sys
    2011-05-24 00:43:59 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
    2011-05-24 00:10:27 -------- d-----w- C:\Users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2011-05-24 00:10:25 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
    2011-05-22 16:18:21 -------- d-----w- C:\Program Files (x86)\tamasoftware
    2011-05-21 20:28:17 -------- d-----w- C:\Users\Administrator\AppData\Roaming\.minecraft
    2011-05-19 17:49:30 -------- d-----w- C:\Program Files (x86)\The Witcher 2 - Bonus
    2011-05-19 00:36:07 -------- d-----w- C:\Users\Administrator\AppData\Local\The Witcher 2
    2011-05-19 00:28:17 -------- d-----w- C:\Program Files (x86)\The Witcher 2
    2011-05-19 00:19:02 -------- d-----w- C:\temp
    2011-05-18 17:12:44 -------- d-----w- C:\Downloads
    2011-05-18 17:04:56 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Free Download Manager
    2011-05-18 17:04:55 -------- d-----w- C:\ProgramData\FreeDownloadManager.ORG
    2011-05-18 17:04:55 -------- d-----w- C:\Program Files (x86)\Free Download Manager
    2011-05-17 19:20:28 -------- d-----w- C:\Program Files\Ventrilo
    2011-05-17 18:45:50 -------- d-----w- C:\Users\Administrator\AppData\Local\Downloader
    2011-05-17 18:45:37 -------- d-----w- C:\Program Files (x86)\Downloader
    2011-05-17 17:15:47 16000 ----a-w- C:\Windows\System32\drivers\SaiMini.sys
    2011-05-17 17:15:46 -------- d-----w- C:\ProgramData\Saitek
    2011-05-17 17:15:07 -------- d-----w- C:\Program Files\Saitek
    .
    ==================== Find3M ====================
    .
    2011-05-27 17:07:28 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-05-24 18:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-05-13 16:37:50 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-05 16:41:11 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2011-05-04 03:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-03-31 17:46:08 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-03-31 17:46:07 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-03-31 17:10:03 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2011-03-25 03:29:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-03-25 03:29:14 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-03-25 03:29:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-03-25 03:29:04 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-03-25 03:29:04 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-03-25 03:29:03 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2011-03-25 03:28:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    .
    ============= FINISH: 18:16:58.06 ===============
     
  7. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
     
  8. edrage

    edrage Thread Starter

    Joined:
    Jun 4, 2011
    Messages:
    7
    I hope this is what is expected, I had to uninstall AVG to run this so fyi am am reinstalling it now

    ComboFix 11-06-14.01 - Administrator 14/06/2011 23:26:15.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6142.4791 [GMT 1:00]
    Running from: c:\users\Administrator\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-14 22:30 . 2011-06-14 22:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-14 21:53 . 2011-06-14 21:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\AVG9
    2011-06-10 17:26 . 2011-06-10 17:26 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-06-09 23:04 . 2011-06-09 23:04 -------- d-----w- c:\program files (x86)\AMD
    2011-06-08 16:59 . 2011-04-28 13:34 64272 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
    2011-06-07 02:07 . 2011-06-07 02:07 -------- d-----w- c:\users\Administrator\AppData\Local\Origin
    2011-06-07 02:06 . 2011-06-07 02:06 -------- d-----w- c:\program files (x86)\Origin Games
    2011-06-07 02:06 . 2011-06-07 02:06 -------- d-----w- c:\program files (x86)\Origin
    2011-06-06 17:12 . 2011-06-06 17:12 -------- d-----w- c:\program files\CCleaner
    2011-06-05 13:09 . 2011-05-24 18:12 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98AAE257-046E-44DB-9536-AAC8DFC16080}\mpengine.dll
    2011-06-05 00:19 . 2011-06-05 00:19 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-05 00:19 . 2011-06-05 00:19 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-06-04 22:34 . 2011-06-04 22:34 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
    2011-06-04 22:34 . 2011-06-04 22:34 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-04 22:34 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-04 22:34 . 2011-06-04 22:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-06-04 22:34 . 2011-05-29 08:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-04 17:34 . 2011-06-05 12:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\Java
    2011-05-31 23:17 . 2011-05-31 23:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-05-31 00:30 . 2011-06-14 17:08 -------- d-----r- c:\users\Administrator\Dropbox
    2011-05-31 00:28 . 2011-06-14 22:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\Dropbox
    2011-05-30 17:40 . 2011-04-07 10:51 66552 ----a-w- c:\windows\system32\drivers\MozyHomeEurope.sys
    2011-05-30 17:40 . 2011-05-30 17:40 -------- d-----w- c:\program files\Mozy
    2011-05-29 13:17 . 2011-05-29 15:03 -------- d-----w- c:\program files (x86)\Project64 1.6
    2011-05-29 13:17 . 2011-05-29 13:17 40960 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2011-05-29 13:17 . 2011-05-29 13:17 40960 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2011-05-27 17:07 . 2011-05-27 17:07 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2011-05-26 21:20 . 2011-05-26 21:20 -------- d-----w- c:\users\Administrator\AppData\Roaming\PDAppFlex
    2011-05-25 19:57 . 2011-05-25 19:57 -------- d-----w- c:\users\Administrator\AppData\Roaming\Adobe Mini Bridge CS5.1
    2011-05-25 19:57 . 2011-05-25 19:57 -------- d-----w- c:\users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2011-05-25 17:03 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-24 22:16 . 2011-05-24 22:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\MotioninJoy
    2011-05-24 22:16 . 2010-08-19 18:24 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
    2011-05-24 22:16 . 2010-08-19 18:24 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2011-05-24 22:16 . 2010-05-03 15:12 328712 ----a-w- c:\windows\system32\MijFrc.dll
    2011-05-24 22:16 . 2011-05-24 22:16 -------- d-----w- c:\program files\MotioninJoy
    2011-05-24 22:16 . 2011-01-01 09:12 97040 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
    2011-05-24 22:09 . 2005-03-09 19:50 33792 ----a-w- c:\windows\SysWow64\drivers\libusb0.sys
    2011-05-24 22:09 . 2005-03-09 19:50 46592 ----a-w- c:\windows\SysWow64\libusb0.dll
    2011-05-24 00:43 . 2011-05-24 00:43 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2011-05-24 00:42 . 2011-05-24 00:43 -------- d-----w- c:\program files\Common Files\Adobe
    2011-05-24 00:10 . 2011-05-24 00:10 -------- d-----w- c:\users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2011-05-24 00:10 . 2011-05-24 00:10 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
    2011-05-22 16:18 . 2011-05-22 16:18 -------- d-----w- c:\program files (x86)\tamasoftware
    2011-05-22 00:28 . 2011-05-24 00:42 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2011-05-21 20:28 . 2011-06-02 23:40 -------- d-----w- c:\users\Administrator\AppData\Roaming\.minecraft
    2011-05-19 17:49 . 2011-05-19 17:52 -------- d-----w- c:\program files (x86)\The Witcher 2 - Bonus
    2011-05-19 00:36 . 2011-05-19 00:36 -------- d-----w- c:\users\Administrator\AppData\Local\The Witcher 2
    2011-05-19 00:28 . 2011-05-19 00:39 -------- d-----w- c:\program files (x86)\The Witcher 2
    2011-05-19 00:19 . 2011-05-29 13:36 -------- d-----w- C:\temp
    2011-05-18 17:12 . 2011-05-18 17:12 -------- d-----w- C:\Downloads
    2011-05-18 17:04 . 2011-06-06 17:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\Free Download Manager
    2011-05-18 17:04 . 2011-05-18 17:04 -------- d-----w- c:\program files (x86)\Free Download Manager
    2011-05-18 17:04 . 2011-05-18 17:04 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
    2011-05-17 19:20 . 2011-06-06 17:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\Ventrilo
    2011-05-17 19:20 . 2011-05-17 19:20 -------- d-----w- c:\program files\Ventrilo
    2011-05-17 18:45 . 2011-05-17 18:46 -------- d-----w- c:\users\Administrator\AppData\Local\Downloader
    2011-05-17 18:45 . 2011-05-17 18:45 -------- d-----w- c:\program files (x86)\Downloader
    2011-05-17 17:15 . 2008-02-18 14:20 16000 ----a-w- c:\windows\system32\drivers\SaiMini.sys
    2011-05-17 17:15 . 2011-05-17 17:15 -------- d-----w- c:\programdata\Saitek
    2011-05-17 17:15 . 2011-05-17 17:15 -------- d-----w- c:\program files\Saitek
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-27 17:07 . 2010-01-28 16:57 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-05-24 18:14 . 2010-01-26 14:54 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-13 16:37 . 2011-05-13 16:37 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-04 03:52 . 2010-06-01 21:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-05-04 00:50 . 2011-05-04 00:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-05-04 00:50 . 2011-05-04 00:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-05-04 00:50 . 2011-05-04 00:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-05-04 00:50 . 2011-05-04 00:50 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-05-04 00:50 . 2011-05-04 00:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-05-04 00:50 . 2011-05-04 00:50 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-05-04 00:50 . 2011-05-04 00:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-05-04 00:50 . 2011-05-04 00:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-05-04 00:50 . 2011-05-04 00:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-05-04 00:50 . 2011-05-04 00:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-05-04 00:50 . 2011-05-04 00:50 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-05-04 00:50 . 2011-05-04 00:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-05-04 00:50 . 2011-05-04 00:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-05-04 00:50 . 2011-05-04 00:50 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-05-04 00:50 . 2011-05-04 00:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-05-04 00:50 . 2011-05-04 00:50 448512 ----a-w- c:\windows\system32\html.iec
    2011-05-04 00:50 . 2011-05-04 00:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-05-04 00:50 . 2011-05-04 00:50 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-05-04 00:50 . 2011-05-04 00:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-05-04 00:50 . 2011-05-04 00:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-05-04 00:50 . 2011-05-04 00:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-05-04 00:50 . 2011-05-04 00:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-05-04 00:50 . 2011-05-04 00:50 2303488 ----a-w- c:\windows\system32\jscript9.dll
    2011-05-04 00:50 . 2011-05-04 00:50 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-05-04 00:50 . 2011-05-04 00:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-05-04 00:50 . 2011-05-04 00:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-05-04 00:50 . 2011-05-04 00:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-05-04 00:50 . 2011-05-04 00:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-05-04 00:50 . 2011-05-04 00:50 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-05-04 00:50 . 2011-05-04 00:50 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-05-04 00:50 . 2011-05-04 00:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-05-04 00:50 . 2011-05-04 00:50 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-05-04 00:50 . 2011-05-04 00:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-05-04 00:50 . 2011-05-04 00:50 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-05-04 00:50 . 2011-05-04 00:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-05-04 00:50 . 2011-05-04 00:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-05-04 00:50 . 2011-05-04 00:50 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-05-04 00:50 . 2011-05-04 00:50 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-05-04 00:50 . 2011-05-04 00:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-05-04 00:50 . 2011-05-04 00:50 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-05-04 00:50 . 2011-05-04 00:50 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-05-04 00:50 . 2011-05-04 00:50 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr
    2011-04-09 07:02 . 2011-05-11 10:52 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 06:58 . 2011-05-11 23:56 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-04-09 06:02 . 2011-05-11 10:52 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02 . 2011-05-11 10:52 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56 . 2011-05-11 23:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-03-31 17:46 . 2010-04-01 20:39 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-03-31 17:46 . 2010-04-01 20:38 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-03-31 17:10 . 2010-04-01 20:38 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2011-03-25 03:29 . 2011-05-11 10:52 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-03-25 03:29 . 2011-05-11 10:52 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-03-25 03:29 . 2011-05-11 10:52 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-03-25 03:29 . 2011-05-11 10:52 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-03-25 03:29 . 2011-05-11 10:52 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-03-25 03:29 . 2011-05-11 10:52 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-03-25 03:28 . 2011-05-11 10:52 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-12-07 2984856]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-02-18 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5107192]
    "SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "TkBellExe"="c:\program files (x86)\Real\realplayer\update\realsched.exe" [2011-05-27 273544]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Mozy Status.lnk - c:\program files\Mozy\MozyHomeEuropestat.exe [2011-4-7 4834096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{07102c87-0aca-11df-b33b-806e6f6e6963}\bootwiz\asrm.bin
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 ALSysIO;ALSysIO;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 cpuz130;cpuz130;c:\users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-01-26 79360]
    R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
    R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
    S1 MozyHomeEuropeFilter;MozyHomeEuropeFilter;c:\windows\system32\DRIVERS\MozyHomeEurope.sys [x]
    S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-04-28 52496]
    S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-04-28 61200]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-26 2480048]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 MozyHomeEuropebackup;Mozy Backup Service;c:\program files\Mozy\MozyHomeEuropebackup.exe [2011-04-07 49968]
    S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-28 870200]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [x]
    S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-14 c:\windows\Tasks\Free File Viewer Update Checker.job
    - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-02-18 16:50]
    .
    2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3783330543-2271379319-3611108394-500Core.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 21:47]
    .
    2011-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3783330543-2271379319-3611108394-500UA.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 21:47]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MozyHomeEurope]
    @="{944bc754-3bde-46c6-7c52-974154f45e88}"
    [HKEY_CLASSES_ROOT\CLSID\{944bc754-3bde-46c6-7c52-974154f45e88}]
    2011-04-07 10:51 4347696 ----a-w- c:\program files\Mozy\MozyHomeEuropeshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MozyHomeEurope2]
    @="{0be1f069-378d-5ddc-6158-d2dd69ef889b}"
    [HKEY_CLASSES_ROOT\CLSID\{0be1f069-378d-5ddc-6158-d2dd69ef889b}]
    2011-04-07 10:51 4347696 ----a-w- c:\program files\Mozy\MozyHomeEuropeshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MozyHomeEurope3]
    @="{121ca94d-a542-2987-1237-c4026364e512}"
    [HKEY_CLASSES_ROOT\CLSID\{121ca94d-a542-2987-1237-c4026364e512}]
    2011-04-07 10:51 4347696 ----a-w- c:\program files\Mozy\MozyHomeEuropeshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361648]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
    "SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 186880]
    "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2008-01-18 352256]
    "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2008-01-18 194560]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gyj8macc.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Toolbar-Locked - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-AsUninst.exe - c:\windows\system32\AsUninst.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,3b,1b,02,ee,b7,
    2d,5a,3f,3f,06,bf,61,0f,25,e6,d6,8a,dd
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,25,
    81,36,1c,d3,07,97,c3,10,24,74,49,21,db
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (Administrator)
    "Timestamp"=hex:d2,bd,af,cc,97,1d,cc,01
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,19,ed,6f,9f,77,25,46,a0,83,8b,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,19,ed,6f,9f,77,25,46,a0,83,8b,\
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3fr\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AVI"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.m3u"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M4A"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MOV"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.php\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\PhotoViewer.dll"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\wmplayer.exe"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="rtffile"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x3f\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-3783330543-2271379319-3611108394-500\Software\SecuROM\License information*]
    "datasecu"=hex:67,21,5e,48,72,b3,9c,1f,fe,79,38,b3,5e,0f,55,ca,b3,3e,3a,4f,c0,
    a9,0f,f5,7c,3d,cd,43,a4,bb,74,12,9d,79,f3,63,fe,d6,47,56,81,22,5b,dd,4f,0e,\
    "rkeysecu"=hex:09,a5,9c,86,cc,9f,25,c5,bb,09,7c,38,38,50,b2,bc
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
    c:\windows\SysWOW64\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-14 23:42:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-14 22:42
    .
    Pre-Run: 312,981,123,072 bytes free
    Post-Run: 312,845,012,992 bytes free
    .
    - - End Of File - - 76F3E5A12C58FAB0674259CC5E40221D
     
  9. edrage

    edrage Thread Starter

    Joined:
    Jun 4, 2011
    Messages:
    7
    and ofc A full DDS log as you requested

    .
    DDS (Ver_2011-06-12.02) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Administrator at 23:51:25 on 2011-06-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6142.4305 [GMT 1:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Mozy\MozyHomeEuropebackup.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Mozy\MozyHomeEuropebackup.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Mozy\MozyHomeEuropebackup.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files\Mozy\MozyHomeEuropestat.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBRAEcAUgAtAFMAWAAwAEsARwAtAEcAMABOAFYAQQAtAEIAQQBCADYAOAAtAEQARgBUAFQAUAA"&"inst=NwA3AC0ANAAxADMAMwA1ADQAMAAwADcALQBGAFAAOQAyACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQQArADIALQBYAE8AOQArADEALQBGADkATQAyACsAMQA"&"prod=90"&"ver=9.0.894
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYST~1.LNK - C:\Program Files (x86)\Mozy\MozyHomeEuropestat.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{EC58361D-3A7E-4EAA-99B9-3ACD426EDC7D} : DhcpNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBRAEcAUgAtAFMAWAAwAEsARwAtAEcAMABOAFYAQQAtAEIAQQBCADYAOAAtAEQARgBUAFQAUAA"&"inst=NwA3AC0ANAAxADMAMwA1ADQAMAAwADcALQBGAFAAOQAyACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQQArADIALQBYAE8AOQArADEALQBGADkATQAyACsAMQA"&"prod=90"&"ver=9.0.894
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gyj8macc.default\
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\system32\DRIVERS\tdrpm258.sys --> C:\Windows\system32\DRIVERS\tdrpm258.sys [?]
    R1 MozyHomeEuropeFilter;MozyHomeEuropeFilter;C:\Windows\system32\DRIVERS\MozyHomeEurope.sys --> C:\Windows\system32\DRIVERS\MozyHomeEurope.sys [?]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-4-28 52496]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-4-28 61200]
    R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-1-26 2480048]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-4 366640]
    R2 MozyHomeEuropebackup;Mozy Backup Service;C:\Program Files\Mozy\MozyHomeEuropebackup.exe [2011-4-7 49968]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
    R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 SaiK0728;SaiK0728;C:\Windows\system32\DRIVERS\SaiK0728.sys --> C:\Windows\system32\DRIVERS\SaiK0728.sys [?]
    R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-1-26 79360]
    S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2010-1-26 5632]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    S3 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-06-14 22:41:08 -------- d-----w- C:\$RECYCLE.BIN
    2011-06-14 22:24:27 98816 ----a-w- C:\Windows\sed.exe
    2011-06-14 22:24:27 518144 ----a-w- C:\Windows\SWREG.exe
    2011-06-14 22:24:27 256512 ----a-w- C:\Windows\PEV.exe
    2011-06-14 22:24:27 208896 ----a-w- C:\Windows\MBR.exe
    2011-06-14 21:53:43 -------- d-----w- C:\Users\Administrator\AppData\Roaming\AVG9
    2011-06-09 23:04:40 -------- d-----w- C:\Program Files (x86)\AMD
    2011-06-08 16:59:29 64272 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
    2011-06-07 02:07:14 -------- d-----w- C:\Users\Administrator\AppData\Local\Origin
    2011-06-07 02:06:55 -------- d-----w- C:\Program Files (x86)\Origin Games
    2011-06-07 02:06:51 -------- d-----w- C:\Program Files (x86)\Origin
    2011-06-06 17:12:26 -------- d-----w- C:\Program Files\CCleaner
    2011-06-05 13:09:03 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98AAE257-046E-44DB-9536-AAC8DFC16080}\mpengine.dll
    2011-06-05 00:19:56 388096 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-05 00:19:56 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-06-04 22:34:43 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2011-06-04 22:34:39 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-04 22:34:39 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-06-04 22:34:36 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-06-04 22:34:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-06-04 17:34:46 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Java
    2011-05-31 23:17:30 -------- d-----w- C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-05-31 00:30:21 -------- d-----r- C:\Users\Administrator\Dropbox
    2011-05-31 00:28:13 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Dropbox
    2011-05-30 17:40:59 66552 ----a-w- C:\Windows\System32\drivers\MozyHomeEurope.sys
    2011-05-30 17:40:58 -------- d-----w- C:\Program Files\Mozy
    2011-05-29 13:17:52 40960 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2011-05-29 13:17:52 40960 ----a-r- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2011-05-29 13:17:52 -------- d-----w- C:\Program Files (x86)\Project64 1.6
    2011-05-27 17:07:44 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2011-05-26 21:20:41 -------- d-----w- C:\Users\Administrator\AppData\Roaming\PDAppFlex
    2011-05-25 19:57:23 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Adobe Mini Bridge CS5.1
    2011-05-25 19:57:22 -------- d-----w- C:\Users\Administrator\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2011-05-25 17:03:10 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-05-24 22:16:55 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
    2011-05-24 22:16:55 328712 ----a-w- C:\Windows\System32\MijFrc.dll
    2011-05-24 22:16:55 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
    2011-05-24 22:16:55 -------- d-----w- C:\Users\Administrator\AppData\Roaming\MotioninJoy
    2011-05-24 22:16:54 97040 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
    2011-05-24 22:16:54 -------- d-----w- C:\Program Files\MotioninJoy
    2011-05-24 22:09:25 46592 ----a-w- C:\Windows\SysWow64\libusb0.dll
    2011-05-24 22:09:25 33792 ----a-w- C:\Windows\SysWow64\drivers\libusb0.sys
    2011-05-24 00:43:59 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
    2011-05-24 00:10:27 -------- d-----w- C:\Users\Administrator\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2011-05-24 00:10:25 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
    2011-05-22 16:18:21 -------- d-----w- C:\Program Files (x86)\tamasoftware
    2011-05-21 20:28:17 -------- d-----w- C:\Users\Administrator\AppData\Roaming\.minecraft
    2011-05-19 17:49:30 -------- d-----w- C:\Program Files (x86)\The Witcher 2 - Bonus
    2011-05-19 00:36:07 -------- d-----w- C:\Users\Administrator\AppData\Local\The Witcher 2
    2011-05-19 00:28:17 -------- d-----w- C:\Program Files (x86)\The Witcher 2
    2011-05-19 00:19:02 -------- d-----w- C:\temp
    2011-05-18 17:12:44 -------- d-----w- C:\Downloads
    2011-05-18 17:04:56 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Free Download Manager
    2011-05-18 17:04:55 -------- d-----w- C:\ProgramData\FreeDownloadManager.ORG
    2011-05-18 17:04:55 -------- d-----w- C:\Program Files (x86)\Free Download Manager
    2011-05-17 19:20:28 -------- d-----w- C:\Program Files\Ventrilo
    2011-05-17 18:45:50 -------- d-----w- C:\Users\Administrator\AppData\Local\Downloader
    2011-05-17 18:45:37 -------- d-----w- C:\Program Files (x86)\Downloader
    2011-05-17 17:15:47 16000 ----a-w- C:\Windows\System32\drivers\SaiMini.sys
    2011-05-17 17:15:46 -------- d-----w- C:\ProgramData\Saitek
    2011-05-17 17:15:07 -------- d-----w- C:\Program Files\Saitek
    .
    ==================== Find3M ====================
    .
    2011-05-27 17:07:28 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-05-24 18:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-05-13 16:37:50 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-04 03:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-03-31 17:46:08 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-03-31 17:46:07 234768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-03-31 17:10:03 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2011-03-25 03:29:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-03-25 03:29:14 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-03-25 03:29:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-03-25 03:29:04 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-03-25 03:29:04 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-03-25 03:29:03 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2011-03-25 03:28:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    .
    ============= FINISH: 23:51:34.15 ===============
     
  10. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked.
    • Click Scan
    • Wait for the scan to finish. Copy-paste results back here. Still issues left?
     
  11. edrage

    edrage Thread Starter

    Joined:
    Jun 4, 2011
    Messages:
    7
    HI,

    Well you can't copy and paste out of the results window on ESET well at least I counld not.

    It showed no threats found, and I'll be honest i have idiea if the reports I copied aboved showed anything or not,

    AVG finds nothing now and Malwarebytes comes back with one result for a registry trace
    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\VB AND VBA PROGRAM SETTINGS\Micronsoft (Malware.Trace) -> No action taken.

    So I presume it;s gone so thanks very much for you help I will just wait for you to say it;s all good.

    Thanks
    Ed
     
  12. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    915
    Hi,

    If you're not familiar with that entry let MBAM fix it. Then let's see the final steps.


    THESE STEPS ARE VERY IMPORTANT

    Let's reset system restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

    A To disable the System Restore feature:

    1. Click on the Start button.
    2. Hover over the Computer option, right click on it and then click Properties.
    3. On the left hand side, click Advanced Settings.
    4. If asked to permit the action, click on Allow.
    5. Click on the System Protection tab.
    6. Select c: drive and click Configure...
    7. Select Turn off protection
    8. Press OK.
    Repeat steps 6-8 for each hard drive.

    B. Reboot.

    C Turn ON System Restore.
    Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


    Now lets uninstall ComboFix:
    • Click START then RUN
    • Now copy-paste Combofix /uninstall in the runbox and click OK


    UPDATING WINDOWS AND INTERNET EXPLORER

    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

    Make your Internet Explorer more secure

    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

    Download and run Secunia Personal Software Inspector (PSI) and fix its findings.


    Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade :cool:
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1000595