Help! Google redirect Virus
August 5th, 2016
1) Scan with AVG
2) Scan with Malwarebytes
3) Scan with Advanced System Care
4) Scan with Norton 360 5) Scan with Combofix
I had AVG uninstalled before scanning with N360
None of the above steps have helped me solve the issue so I thought it was time to get some help. I would like to note the only browser I use is google chrome ( I don’t use any other browsers and don’t feel the need to)
Here is the log for Hijackthis Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:55:18 PM, on 27/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Taha\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Taha\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateway.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11307 bytes
Here is the log for dds and attach dds
DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Taha at 21:57:01 on 2012-12-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3956.1306 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Taha\AppData\Local\Apps\2.0\XG38NNL2.38Q\XJVNCXGM.JP6\curs..tion_9 e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Taha\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://gateway.msn.com
mStart Page = hxxp://gateway.msn.com
mDefault_Page_URL = hxxp://gateway.msn.com
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Taha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0D582337-EE57-42B3-8BCB-4CC3E2647118} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5A452B00-DBF9-4003-A1A1-F98150B85A77} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5A452B00-DBF9-4003-A1A1-F98150B85A77}\053797368675C414E4 : DHCPNameServer = 192.168.99.10 192.168.99.12
TCP: Interfaces\{5A452B00-DBF9-4003-A1A1-F98150B85A77}\34E474 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5A452B00-DBF9-4003-A1A1-F98150B85A77}\631353540344 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5A452B00-DBF9-4003-A1A1-F98150B85A77}\6457E6E697341647 : DHCPNameServer = 64.71.255.198
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = hxxp://gateway.msn.com
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys [2012-12-26 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys [2012-12-26 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-30 1384608]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys [2012-12-26 167072]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-20 283200]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20121226.001\IDSviA64.sys [2012-12-27 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys [2012-12-26 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604000.009\symnets.sys [2012-12-26 405624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2012-11-28 23552]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-10-20 841248]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-10-26 160992]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe [2012-12-26 138272]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-20 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-18 243232]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2012-10-20 292864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-26 138912]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-10-20 56344]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-8 406056]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2012-9-18 22016]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-9-18 112640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-7-22 40448]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-28 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-28 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-21 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
.
=============== Created Last 30 ================
.
2012-12-27 16:57:42--------d-----w-C:\$RECYCLE.BIN
2012-12-27 16:48:0598816----a-w-C:\Windows\sed.exe
2012-12-27 16:48:05256000----a-w-C:\Windows\PEV.exe
2012-12-27 16:48:05208896----a-w-C:\Windows\MBR.exe
2012-12-27 00:59:39--------d-----w-C:\Program Files (x86)\Common Files\Symantec Shared
2012-12-27 00:10:03405624----a-r-C:\Windows\System32\drivers\N360x64\0604000.009\symnets.sys
2012-12-27 00:10:031129120----a-w-C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys
2012-12-27 00:10:02737952----a-w-C:\Windows\System32\drivers\N360x64\0604000.009\srtsp64.sys
2012-12-27 00:10:02451192----a-r-C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys
2012-12-27 00:10:0237536----a-w-C:\Windows\System32\drivers\N360x64\0604000.009\srtspx64.sys
2012-12-27 00:10:02190072----a-r-C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys
2012-12-27 00:10:02167072----a-w-C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys
2012-12-27 00:09:22--------d-----w-C:\Windows\System32\drivers\N360x64\0604000.009
2012-12-26 23:53:47175736----a-w-C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-12-26 23:53:47--------d-----w-C:\Program Files\Symantec
2012-12-26 23:53:47--------d-----w-C:\Program Files\Common Files\Symantec Shared
2012-12-26 23:52:44--------d-----w-C:\Windows\System32\drivers\N360x64
2012-12-26 23:52:42--------d-----w-C:\Program Files (x86)\Norton 360
2012-12-26 23:52:30--------d-----w-C:\Program Files (x86)\NortonInstaller
2012-12-26 23:48:36--------d-----w-C:\Users\Taha\AppData\Local\Avg2013
2012-12-26 01:41:21--------d-----w-C:\Users\Taha\AppData\Roaming\Malwarebytes
2012-12-26 01:40:53--------d-----w-C:\ProgramData\Malwarebytes
2012-12-26 01:40:51--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-25 17:04:22--------d-----w-C:\Users\Taha\AppData\Local\Skyrim
2012-12-25 16:35:25--------d-----w-C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-12-25 16:16:56--------d-----w-C:\Users\Taha\AppData\Local\Black_Tree_Gaming
2012-12-25 16:16:50--------d-----w-C:\Program Files\Nexus Mod Manager
2012-12-22 16:37:29--------d-----w-C:\Users\Taha\AppData\Local\Universe Sandbox
2012-12-22 16:37:25--------d-sh--w-C:\Users\Taha\AppData\Roaming\wyUpdate AU
2012-12-22 16:36:49--------d-----w-C:\Program Files (x86)\Universe Sandbox
2012-12-21 21:28:4046080----a-w-C:\Windows\System32\atmlib.dll
2012-12-21 21:28:4034304----a-w-C:\Windows\SysWow64\atmlib.dll
2012-12-21 21:28:39367616----a-w-C:\Windows\System32\atmfd.dll
2012-12-21 21:28:37295424----a-w-C:\Windows\SysWow64\atmfd.dll
2012-12-21 13:41:29--------d-sh--w-C:\ProgramData\DSS
2012-12-21 13:34:36--------d-----w-C:\Users\Taha\AppData\Roaming\Lionhead Studios
2012-12-21 13:33:07--------d-----w-C:\Windows\SysWow64\xlive
2012-12-21 13:33:01--------d-----w-C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-12-20 14:57:54--------d-----w-C:\Users\Taha\AppData\Roaming\UnoTelly
2012-12-20 14:57:53--------d-----w-C:\Users\Taha\AppData\Local\Unovation_Inc
2012-12-20 14:57:30--------d-----w-C:\Program Files (x86)\UnoTelly
2012-12-20 14:02:02--------d-----w-C:\Program Files (x86)\Sarm Software
2012-12-20 05:25:55--------d-----w-C:\Program Files\iPod
2012-12-20 05:25:54--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-20 05:25:54--------d-----w-C:\Program Files\iTunes
2012-12-20 05:25:54--------d-----w-C:\Program Files (x86)\iTunes
2012-12-20 03:20:21--------d-----w-C:\Program Files (x86)\Beamdog
2012-12-20 00:31:03--------d-----w-C:\ProgramData\AMD
2012-12-20 00:31:00--------d-----w-C:\Program Files (x86)\AMD AVT
2012-12-20 00:30:58--------d-----w-C:\Program Files (x86)\AMD APP
2012-12-19 22:22:2340960----a-r-C:\Users\Taha\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-12-19 22:22:2340960----a-r-C:\Users\Taha\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-12-19 22:22:21--------d-----w-C:\Program Files (x86)\Project64 1.6
2012-12-19 20:39:32--------d-----w-C:\Users\Taha\AppData\Roaming\Theta
2012-12-19 20:27:58--------d-----w-C:\Program Files\Microsoft Xbox 360 Accessories
2012-12-19 19:40:3525472----a-w-C:\Windows\System32\RegistryDefragBootTime.exe
2012-12-19 19:32:41--------d-----w-C:\ProgramData\IObit
2012-12-19 19:32:28--------d-----w-C:\Users\Taha\AppData\Roaming\IObit
2012-12-19 19:32:26--------d-----w-C:\Program Files (x86)\IObit
2012-12-19 19:04:00--------d-----w-C:\Program Files (x86)\Assassins Creed III
2012-12-12 08:02:312382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-12-12 07:00:422048----a-w-C:\Windows\SysWow64\tzres.dll
2012-12-11 00:24:12--------d-----w-C:\Users\Taha\AppData\Local\Ubisoft Game Launcher
2012-12-09 20:06:31--------d-----w-C:\Users\Taha\.2006Scape
2012-12-06 19:03:1429----a-w-C:\Windows\SysWow64\TempWmicBatchFile.bat
2012-12-06 19:01:23--------d-----w-C:\Prey
2012-11-29 02:15:35--------d-----w-C:\Users\Taha\AppData\Local\Microsoft Games
.
==================== Find3M ====================
.
2012-11-22 18:39:144608----a-w-C:\Windows\SysWow64\w95inf32.dll
2012-11-22 18:39:142272----a-w-C:\Windows\SysWow64\w95inf16.dll
2012-11-22 03:26:403149824----a-w-C:\Windows\System32\win32k.sys
2012-11-14 06:11:442312704----a-w-C:\Windows\System32\jscript9.dll
2012-11-14 06:04:111392128----a-w-C:\Windows\System32\wininet.dll
2012-11-14 06:02:491494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46599040----a-w-C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:402382848----a-w-C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:221800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:151427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:371129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-11-09 05:45:092048----a-w-C:\Windows\System32\tzres.dll
2012-11-02 05:59:11478208----a-w-C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31376832----a-w-C:\Windows\SysWow64\dpnet.dll
2012-10-28 02:14:09152576----a-w-C:\Windows\SysWow64\msclmd.dll
2012-10-28 02:14:06175616----a-w-C:\Windows\System32\msclmd.dll
2012-10-20 21:15:0395208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-20 21:15:02821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-10-20 21:15:02746984----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-10-20 20:28:12283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
2012-10-20 18:14:5129480----a-w-C:\Windows\SysWow64\msxml3a.dll
2012-10-20 18:14:50505128----a-w-C:\Windows\SysWow64\msvcp71.dll
2012-10-20 18:14:50353576----a-w-C:\Windows\SysWow64\msvcr71.dll
2012-10-20 18:08:490----a-w-C:\Windows\ativpsrm.bin
2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
2012-10-10 03:10:48148480----a-w-C:\Windows\SysWow64\rztouchdll.dll
2012-10-10 03:10:44617472----a-w-C:\Windows\SysWow64\rzdevicedll.dll
2012-10-10 03:10:44165888----a-w-C:\Windows\SysWow64\rzaudiodll.dll
2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16362496----a-w-C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15243200----a-w-C:\Windows\System32\wow64.dll
2012-10-04 17:46:1513312----a-w-C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55215040----a-w-C:\Windows\System32\winsrv.dll
2012-10-04 17:43:2816384----a-w-C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16424960----a-w-C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:415120----a-w-C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41274944----a-w-C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55338432----a-w-C:\Windows\System32\conhost.exe
2012-10-04 14:46:467680----a-w-C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:4625600----a-w-C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:4414336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:432048----a-w-C:\Windows\SysWow64\user.exe
2012-10-04 14:41:506144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:504608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:503584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:503072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
.
============= FINISH: 21:57:42.22 ===============
Thank you for your help
[quote].
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2
Install Date: 20/10/2012 2:33:19 PM
System Uptime: 27/12/2012 2:06:16 PM (7 hours ago)
.
Motherboard: Gateway | | NV59 Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU 1 | 911/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 72.053 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP60: 26/12/2012 6:45:46 PM - Removed AVG 2013
RP61: 26/12/2012 6:48:37 PM - Removed AVG 2013
RP62: 27/12/2012 12:20:57 PM - Removed League of Legends
RP63: 27/12/2012 12:25:39 PM - Removed LogMeIn Hamachi
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.5.2 MUI
Alcor Micro USB Card Reader
ALPS Touch Pad Driver
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assassin's Creed � III
Assassins Creed III version 5.1
Backup Manager Basic
Baldur's Gate - Enhanced Edition
Bonjour
Broadcom Gigabit NetLink Controller
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Curse Client
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Fable III
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Talk Plugin
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Identity Card
ImagXpress
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Internet Download Manager
iTunes
Java 7 Update 9
Java Auto Updater
Launch Manager
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero StartSmart Help
neroxml
Nexus Mod Manager
Norton 360
Orcs Must Die! 2
Origin
Portal 2
Project64 1.6
Razer Game Booster
Razer Synapse 2.0
Realtek High Definition Audio Driver
Sarmsoft Resume Builder
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype� 6.0
Steam
System Requirements Lab CYRI
System Requirements Lab Test
The Lord of the Rings: War in the North
Torchlight II (c) Runic Games version 1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Uplay
Ventrilo Client for Windows x64
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.4
WD Link
WD SmartWare
Windows Live ID Sign-in Assistant
World of Warcraft
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
27/12/2012 11:55:58 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
27/12/2012 11:55:19 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
26/12/2012 2:10:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
26/12/2012 2:10:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
25/12/2012 2:55:12 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
22/12/2012 6:12:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
22/12/2012 6:12:50 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/12/2012 7:19:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
20/12/2012 9:23:23 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
Here is the log for combofix which I ran before Quote:
ComboFix 12-12-27.03 - Taha 27/12/2012 11:49:08.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3956.2354 [GMT -5:00]
Running from: c:\users\Taha\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Taha\AppData\Roaming\14148153.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-11-27 to 2012-12-27 )))))))))))))))))))))))))))))))
.
.
2012-12-27 16:55 . 2012-12-27 16:55--------d-----w-c:\users\Default\AppData\Local\temp
2012-12-27 00:59 . 2012-12-27 00:59--------d-----w-c:\program files (x86)\Common Files\Symantec Shared
2012-12-26 23:53 . 2012-12-26 23:53175736----a-w-c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-12-26 23:53 . 2012-12-26 23:53--------d-----w-c:\program files\Symantec
2012-12-26 23:53 . 2012-12-26 23:53--------d-----w-c:\program files\Common Files\Symantec Shared
2012-12-26 23:52 . 2012-12-27 00:14--------d-----w-c:\windows\system32\drivers\N360x64
2012-12-26 23:52 . 2012-12-26 23:52--------d-----w-c:\program files (x86)\Norton 360
2012-12-26 23:52 . 2012-12-26 23:52--------d-----w-c:\program files (x86)\NortonInstaller
2012-12-26 23:48 . 2012-12-26 23:48--------d-----w-c:\users\Taha\AppData\Local\Avg2013
2012-12-26 01:41 . 2012-12-26 01:41--------d-----w-c:\users\Taha\AppData\Roaming\Malwarebytes
2012-12-26 01:40 . 2012-12-26 01:40--------d-----w-c:\programdata\Malwarebytes
2012-12-26 01:40 . 2012-12-26 01:40--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-26 01:40 . 2012-09-30 00:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-12-25 17:04 . 2012-12-25 19:58--------d-----w-c:\users\Taha\AppData\Local\Skyrim
2012-12-25 16:35 . 2012-12-25 19:58--------d-----w-c:\program files (x86)\The Elder Scrolls V Skyrim
2012-12-25 16:16 . 2012-12-25 16:16--------d-----w-c:\users\Taha\AppData\Local\Black_Tree_Gaming
2012-12-25 16:16 . 2012-12-25 16:16--------d-----w-c:\program files\Nexus Mod Manager
2012-12-22 16:37 . 2012-12-22 16:37--------d-----w-c:\users\Taha\AppData\Local\Universe Sandbox
2012-12-22 16:37 . 2012-12-22 16:37--------d-sh--w-c:\users\Taha\AppData\Roaming\wyUpdate AU
2012-12-22 16:36 . 2012-12-26 02:52--------d-----w-c:\program files (x86)\Universe Sandbox
2012-12-21 21:28 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
2012-12-21 21:28 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
2012-12-21 21:28 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
2012-12-21 21:28 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
2012-12-21 13:41 . 2012-12-21 13:41--------d-sh--w-c:\programdata\DSS
2012-12-21 13:34 . 2012-12-21 13:34--------d-----w-c:\users\Taha\AppData\Roaming\Lionhead Studios
2012-12-21 13:33 . 2012-12-21 13:33--------d-----w-c:\windows\SysWow64\xlive
2012-12-21 13:33 . 2012-12-21 13:33--------d-----w-c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-12-20 14:57 . 2012-12-20 14:57--------d-----w-c:\users\Taha\AppData\Roaming\UnoTelly
2012-12-20 14:57 . 2012-12-20 14:57--------d-----w-c:\users\Taha\AppData\Local\Unovation_Inc
2012-12-20 14:57 . 2012-12-20 14:57--------d-----w-c:\program files (x86)\UnoTelly
2012-12-20 14:02 . 2012-12-20 14:02--------d-----w-c:\program files (x86)\Sarm Software
2012-12-20 05:25 . 2012-12-20 05:25--------d-----w-c:\program files\iPod
2012-12-20 05:25 . 2012-12-20 05:26--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-20 05:25 . 2012-12-20 05:26--------d-----w-c:\program files\iTunes
2012-12-20 05:25 . 2012-12-20 05:26--------d-----w-c:\program files (x86)\iTunes
2012-12-20 03:20 . 2012-12-20 03:20--------d-----w-c:\program files (x86)\Beamdog
2012-12-20 00:38 . 2012-12-20 00:38--------d-----w-c:\programdata\ATI
2012-12-20 00:31 . 2012-12-20 00:31--------d-----w-c:\programdata\AMD
2012-12-20 00:31 . 2012-12-20 00:31--------d-----w-c:\program files (x86)\AMD AVT
2012-12-20 00:30 . 2012-12-20 00:30--------d-----w-c:\program files (x86)\AMD APP
2012-12-19 22:22 . 2012-12-19 22:2240960----a-r-c:\users\Taha\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-12-19 22:22 . 2012-12-19 22:2240960----a-r-c:\users\Taha\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-12-19 22:22 . 2012-12-19 22:34--------d-----w-c:\program files (x86)\Project64 1.6
2012-12-19 20:39 . 2012-12-19 20:39--------d-----w-c:\users\Taha\AppData\Roaming\Theta
2012-12-19 20:27 . 2012-12-19 20:28--------d-----w-c:\program files\Microsoft Xbox 360 Accessories
2012-12-19 19:40 . 2012-10-13 00:0925472----a-w-c:\windows\system32\RegistryDefragBootTime.exe
2012-12-19 19:32 . 2012-12-19 19:35--------d-----w-c:\programdata\IObit
2012-12-19 19:32 . 2012-12-19 19:32--------d-----w-c:\users\Taha\AppData\Roaming\IObit
2012-12-19 19:32 . 2012-12-19 19:32--------d-----w-c:\program files (x86)\IObit
2012-12-19 19:04 . 2012-12-19 19:08--------d-----w-c:\program files\CCleaner
2012-12-19 19:04 . 2012-12-19 19:27--------d-----w-c:\program files (x86)\Assassins Creed III
2012-12-12 08:02 . 2012-11-14 05:522382848----a-w-c:\windows\system32\mshtml.tlb
2012-12-12 07:00 . 2012-11-09 05:452048----a-w-c:\windows\system32\tzres.dll
2012-12-11 19:18 . 2012-12-11 19:18--------d-----w-c:\program files (x86)\LogMeIn Hamachi
2012-12-11 00:24 . 2012-12-11 00:27--------d-----w-c:\users\Taha\AppData\Local\Ubisoft Game Launcher
2012-12-11 00:24 . 2012-12-11 00:24--------d-----w-c:\program files (x86)\Ubisoft
2012-12-09 20:06 . 2012-12-09 20:07--------d-----w-c:\users\Taha\.2006Scape
2012-12-06 19:03 . 2012-12-27 16:5729----a-w-c:\windows\SysWow64\TempWmicBatchFile.bat
2012-12-06 19:01 . 2012-12-06 19:03--------d-----w-C:\Prey
2012-11-29 02:15 . 2012-11-29 02:15--------d-----w-c:\users\Taha\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-21 13:35 . 2009-08-18 17:49564632----a-w-c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-12-21 13:35 . 2009-08-18 16:2419696----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-12-12 08:04 . 2012-10-21 07:5767413224----a-w-c:\windows\system32\MRT.exe
2012-11-22 18:39 . 2012-11-22 18:394608----a-w-c:\windows\SysWow64\w95inf32.dll
2012-11-22 18:39 . 2012-11-22 18:392272----a-w-c:\windows\SysWow64\w95inf16.dll
2012-10-28 02:14 . 2009-07-14 02:36152576----a-w-c:\windows\SysWow64\msclmd.dll
2012-10-28 02:14 . 2009-07-14 02:36175616----a-w-c:\windows\system32\msclmd.dll
2012-10-21 07:16 . 2012-10-21 07:1686528----a-w-c:\windows\SysWow64\iesysprep.dll
2012-10-21 07:16 . 2012-10-21 07:1676800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2012-10-21 07:16 . 2012-10-21 07:1674752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-10-21 07:16 . 2012-10-21 07:1663488----a-w-c:\windows\SysWow64\tdc.ocx
2012-10-21 07:16 . 2012-10-21 07:1648640----a-w-c:\windows\SysWow64\mshtmler.dll
2012-10-21 07:16 . 2012-10-21 07:16367104----a-w-c:\windows\SysWow64\html.iec
2012-10-21 07:16 . 2012-10-21 07:16161792----a-w-c:\windows\SysWow64\msls31.dll
2012-10-21 07:16 . 2012-10-21 07:16110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2012-10-21 07:16 . 2012-10-21 07:1674752----a-w-c:\windows\SysWow64\iesetup.dll
2012-10-21 07:16 . 2012-10-21 07:1623552----a-w-c:\windows\SysWow64\licmgr10.dll
2012-10-21 07:16 . 2012-10-21 07:16152064----a-w-c:\windows\SysWow64\wextract.exe
2012-10-21 07:16 . 2012-10-21 07:16150528----a-w-c:\windows\SysWow64\iexpress.exe
2012-10-21 07:16 . 2012-10-21 07:1635840----a-w-c:\windows\SysWow64\imgutil.dll
2012-10-21 07:16 . 2012-10-21 07:1611776----a-w-c:\windows\SysWow64\mshta.exe
2012-10-21 07:16 . 2012-10-21 07:16101888----a-w-c:\windows\SysWow64\admparse.dll
2012-10-21 07:16 . 2012-10-21 07:1689088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
2012-10-21 07:16 . 2012-10-21 07:16222208----a-w-c:\windows\system32\msls31.dll
2012-10-21 07:16 . 2012-10-21 07:1665024----a-w-c:\windows\system32\pngfilt.dll
2012-10-21 07:16 . 2012-10-21 07:16197120----a-w-c:\windows\system32\msrating.dll
2012-10-21 07:16 . 2012-10-21 07:16149504----a-w-c:\windows\system32\occache.dll
2012-10-21 07:16 . 2012-10-21 07:1612288----a-w-c:\windows\system32\mshta.exe
2012-10-21 07:16 . 2012-10-21 07:16114176----a-w-c:\windows\system32\admparse.dll
2012-10-21 07:16 . 2012-10-21 07:16267776----a-w-c:\windows\system32\ieaksie.dll
2012-10-21 07:16 . 2012-10-21 07:1691648----a-w-c:\windows\system32\SetIEInstalledDate.exe
2012-10-21 07:16 . 2012-10-21 07:1689088----a-w-c:\windows\system32\ie4uinit.exe
2012-10-21 07:16 . 2012-10-21 07:1685504----a-w-c:\windows\system32\iesetup.dll
2012-10-21 07:16 . 2012-10-21 07:1682432----a-w-c:\windows\system32\icardie.dll
2012-10-21 07:16 . 2012-10-21 07:1676800----a-w-c:\windows\system32\tdc.ocx
2012-10-21 07:16 . 2012-10-21 07:1655296----a-w-c:\windows\system32\msfeedsbs.dll
2012-10-21 07:16 . 2012-10-21 07:16534528----a-w-c:\windows\system32\ieapfltr.dll
2012-10-21 07:16 . 2012-10-21 07:1649664----a-w-c:\windows\system32\imgutil.dll
2012-10-21 07:16 . 2012-10-21 07:1648640----a-w-c:\windows\system32\mshtmler.dll
2012-10-21 07:16 . 2012-10-21 07:16452608----a-w-c:\windows\system32\dxtmsft.dll
2012-10-21 07:16 . 2012-10-21 07:16448512----a-w-c:\windows\system32\html.iec
2012-10-21 07:16 . 2012-10-21 07:16403248----a-w-c:\windows\system32\iedkcs32.dll
2012-10-21 07:16 . 2012-10-21 07:1639936----a-w-c:\windows\system32\iernonce.dll
2012-10-21 07:16 . 2012-10-21 07:163695416----a-w-c:\windows\system32\ieapfltr.dat
2012-10-21 07:16 . 2012-10-21 07:16282112----a-w-c:\windows\system32\dxtrans.dll
2012-10-21 07:16 . 2012-10-21 07:16163840----a-w-c:\windows\system32\ieakui.dll
2012-10-21 07:16 . 2012-10-21 07:16160256----a-w-c:\windows\system32\ieakeng.dll
2012-10-21 07:16 . 2012-10-21 07:16145920----a-w-c:\windows\system32\iepeers.dll
2012-10-21 07:16 . 2012-10-21 07:16135168----a-w-c:\windows\system32\IEAdvpack.dll
2012-10-21 07:16 . 2012-10-21 07:16111616----a-w-c:\windows\system32\iesysprep.dll
2012-10-21 07:16 . 2012-10-21 07:1610752----a-w-c:\windows\system32\msfeedssync.exe
2012-10-21 07:16 . 2012-10-21 07:16249344----a-w-c:\windows\system32\webcheck.dll
2012-10-21 07:16 . 2012-10-21 07:1630720----a-w-c:\windows\system32\licmgr10.dll
2012-10-21 07:16 . 2012-10-21 07:16165888----a-w-c:\windows\system32\iexpress.exe
2012-10-21 07:16 . 2012-10-21 07:16160256----a-w-c:\windows\system32\wextract.exe
2012-10-21 07:16 . 2012-10-21 07:16103936----a-w-c:\windows\system32\inseng.dll
2012-10-20 21:15 . 2012-10-20 21:1595208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-20 21:15 . 2012-10-20 21:15821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-10-20 21:15 . 2012-10-20 21:15746984----a-w-c:\windows\SysWow64\deployJava1.dll
2012-10-20 20:28 . 2012-10-20 20:28283200----a-w-c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-20 18:14 . 2012-10-20 18:1429480----a-w-c:\windows\SysWow64\msxml3a.dll
2012-10-20 18:14 . 2012-10-20 18:14505128----a-w-c:\windows\SysWow64\msvcp71.dll
2012-10-20 18:14 . 2012-10-20 18:14353576----a-w-c:\windows\SysWow64\msvcr71.dll
2012-10-17 06:31 . 2012-10-23 07:399291768----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8270E2C-8ECB-41FC-BF82-5BBB1EEC7897}\mpengine.dll
2012-10-16 08:38 . 2012-11-28 12:25135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 12:25350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 12:25561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-10 03:10 . 2012-10-10 03:10148480----a-w-c:\windows\SysWow64\rztouchdll.dll
2012-10-10 03:10 . 2012-10-10 03:10617472----a-w-c:\windows\SysWow64\rzdevicedll.dll
2012-10-10 03:10 . 2012-10-10 03:10165888----a-w-c:\windows\SysWow64\rzaudiodll.dll
2012-10-09 18:17 . 2012-11-14 07:5755296----a-w-c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 07:57226816----a-w-c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 07:5744032----a-w-c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 07:57193536----a-w-c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 07:0044032----a-w-c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 07:571914248----a-w-c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 07:5770656----a-w-c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 07:57303104----a-w-c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 07:57246272----a-w-c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 07:5718944----a-w-c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 07:57216576----a-w-c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 07:57569344----a-w-c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 07:5718944----a-w-c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 07:57175104----a-w-c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 07:57156672----a-w-c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 07:5745568----a-w-c:\windows\system32\drivers\tcpipreg.sys
2012-09-28 20:37 . 2012-09-28 20:37221696----a-w-c:\windows\system32\clinfo.exe
2012-09-28 20:36 . 2012-09-28 20:3675776----a-w-c:\windows\system32\OpenVideo64.dll
2012-09-28 20:36 . 2012-09-28 20:3665536----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-09-28 20:36 . 2012-09-28 20:3663488----a-w-c:\windows\system32\OVDecode64.dll
2012-09-28 20:36 . 2012-09-28 20:3656320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-09-28 20:36 . 2012-09-28 20:3632635904----a-w-c:\windows\system32\amdocl64.dll
2012-09-28 20:32 . 2012-09-28 20:3227341824----a-w-c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-30 3540416]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-10-11 336304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Taha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-12-25 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 ALSysIO;ALSysIO;c:\users\Taha\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-22 40448]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-21 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-14 14544]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2012-04-18 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-30 1384608]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-20 283200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20121226.001\IDSvia64.sys [2012-12-25 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2012-04-18 405624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2012-11-28 23552]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-02-26 841248]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-27 138912]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2012-09-18 22016]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-09-18 112640]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-20 18:38]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-20 18:38]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2286249988-2608529289-3486802832-1001Core.job
- c:\users\Taha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-01 18:44]
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2286249988-2608529289-3486802832-1001UA.job
- c:\users\Taha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-01 18:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:4923432----a-w-c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-02-26 818720]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gateway.msn.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://gateway.msn.com
mStart Page = hxxp://gateway.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-12-27 12:02:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-27 17:02
.
Pre-Run: 72,030,375,936 bytes free
Post-Run: 71,664,332,800 bytes free
.
- - End Of File - - EA45FE4B986A356DD5159F584BEED6C1
you mentioned the scans but did you try scanning in safe mode? also look out for suspicious extensions accidentally installed in chrome maybe they are redirecting it…also install adblock extension and see if it works..
Yeah run chrome in safemode and see and if it still has the issue then uninstall chrome and reinstall it and see if it solves the issue
cheers
and if still the issue is there i recommend you install malwarebytes antimalware and scan the pc
Here is the download link :
http://www.google.com?t=15179960&highlight=
Post By SHARE bro cheers