Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: ADs appear at bottom left and right of browser

  1. #1
    Junior Member
    Join Date
    Dec 2012
    Posts
    7

    Default ADs appear at bottom left and right of browser

    Hi, I am new to these forums and I do not usually ask for help on these things but I am stuck on how to remove these ads that keep appearing at the bottom right and left of my web browser. I have tried to fix this problem myself by following the steps that were given to people with a similar problem to me and I only recently read that I should not have done that so if I have created extra work then I am sorry. I have the DDS and Attach files that were requested:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
    Run by Arseniy at 1:01:07 on 2012-12-27
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8173.4384 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe
    C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Windows\system32\HPSIsvc.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Logitech\G35\G35.exe
    C:\Program Files (x86)\AZiO KB588U Driver\KbClient_FD3.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverrider.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
    C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Arseniy\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.entru.com/?s=21982
    mSearchAssistant = hxxp://www.google.com
    uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    uRun: [GoogleChromeAutoLaunch_A54027E74664F5343D4F3BF1B252515D] "C:\Users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Launch DearMo DK1000DA] C:\Program Files (x86)\AZiO KB588U Driver\KbClient_FD3.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [D3DOverrider] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverriderWrapper.exe" /s
    StartupFolder: C:\Users\Arseniy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SDKTRA~1.LNK - C:\Program Files\Java\jdk1.7.0_07\bin\javaw.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - C:\Users\Arseniy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{8C06C6FE-B796-47C9-8E3D-C16DEE764EED} : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    Hosts: 199.193.118.246 www.google-analytics.com.
    Hosts: 199.193.118.246 ad-emea.doubleclick.net.
    Hosts: 199.193.118.246 www.statcounter.com.
    Hosts: 199.193.118.246 connect.facebook.net.
    Hosts: 93.115.241.27 www.google-analytics.com.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Arseniy\AppData\Roaming\Mozilla\Firefox\Profiles\spv419ud.default\
    FF - prefs.js: browser.startup.homepage - hxxp://search.entru.com/?s=21982
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\Arseniy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Arseniy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Arseniy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 203888]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-24 55280]
    R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [2010-10-27 917120]
    R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe [2010-11-3 909440]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2011-3-4 586880]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-3-5 235752]
    R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2012-2-11 126520]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-4 13336]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-3-4 32544]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-2 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-2 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-2 168384]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-2 2923392]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2010-11-15 121832]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2010-11-15 364520]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-12-11 66728]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
    R3 KbFilter_Kb_FlexDef3;Siliten HID Keyboard(FlexDef3) Driver Service;C:\Windows\System32\drivers\KbFilter_FlexDef3.sys [2011-12-27 22016]
    R3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\System32\drivers\ladfDHP2amd64.sys [2010-9-29 62168]
    R3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\System32\drivers\ladfSBVMamd64.sys [2010-9-29 377176]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-2-15 99384]
    S3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2011-3-4 23680]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 98688]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
    S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
    S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-3-4 48416]
    S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-3-4 29472]
    S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-2-15 203320]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-3-4 48416]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-16 1255736]
    S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
    S4 RsFx0153;RsFx0153 Driver;C:\Windows\System32\drivers\RsFx0153.sys [2012-6-29 321992]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-6-29 441288]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2012-12-27 04:31:01 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{965C084A-5EAF-409E-905A-9F7E08C9EF5A}\mpengine.dll
    2012-12-27 03:31:59 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-12-26 19:59:23 -------- d-----w- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    2012-12-26 18:06:17 -------- d-sh--w- C:\Users\Arseniy\AppData\Roaming\Common
    2012-12-26 18:06:16 -------- d-----w- C:\Users\Arseniy\AppData\Roaming\DisplayFusion
    2012-12-26 18:06:09 -------- d-----w- C:\Program Files (x86)\DisplayFusion
    2012-12-25 16:10:23 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-24 20:53:57 -------- d-----w- C:\Users\Arseniy\AppData\Local\Two Worlds II
    2012-12-16 02:15:36 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-12-16 00:29:29 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
    2012-12-15 22:15:35 -------- d-----w- C:\Users\Arseniy\AppData\Roaming\Antares
    2012-12-15 22:15:31 -------- d-----w- C:\Program Files (x86)\Antares Audio Technologies
    2012-12-15 17:06:14 -------- d-----w- C:\Program Files (x86)\PACE Anti-Piracy
    2012-12-15 16:19:31 -------- d-----w- C:\Users\Arseniy\AppData\Local\{F139AFD4-F369-4B7F-ACBB-FCAF3508237D}
    2012-12-15 06:43:28 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
    2012-12-15 06:40:40 -------- d-----w- C:\Users\Arseniy\AppData\Local\{D869D82D-5C02-495B-86EF-636D8BD40B73}
    2012-12-15 06:33:21 -------- d-----w- C:\ProgramData\PACE
    2012-12-15 03:50:03 -------- d-----w- C:\Users\Arseniy\AppData\Roaming\fltk.org
    2012-12-15 03:50:03 -------- d-----w- C:\ProgramData\fltk.org
    2012-12-14 18:09:39 -------- d-----w- C:\Users\Arseniy\AppData\Local\{97D715A9-6763-4CC2-9DB7-976EBD70CAE6}
    2012-12-13 19:30:28 5955856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2012-12-13 16:48:40 -------- d-----w- C:\Users\Arseniy\AppData\Local\{00B30DBB-23A3-4209-B632-B74EDA4BB323}
    2012-12-13 03:39:28 -------- d-----w- C:\Users\Arseniy\AppData\Local\{2DBE0A40-6A9D-4986-91F0-E4FAE2EF443A}
    2012-12-12 13:35:32 -------- d-----w- C:\Users\Arseniy\AppData\Roaming\SynthMaker
    2012-12-12 13:35:30 -------- d-----w- C:\Users\Arseniy\AppData\Roaming\Acoustica
    2012-12-12 13:29:49 -------- d-----w- C:\Program Files (x86)\VST
    2012-12-12 13:29:29 -------- d-----w- C:\ProgramData\Acoustica
    2012-12-12 13:29:29 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 6
    2012-12-12 13:03:29 -------- d-----w- C:\Users\Arseniy\AppData\Local\{99D5F77D-962A-443E-9048-BCC47D89C875}
    2012-12-12 03:59:22 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
    2012-12-12 03:59:22 -------- d-----w- C:\Program Files\Virtual Audio Cable
    2012-12-12 03:55:23 -------- d-----w- C:\Program Files (x86)\Audacity
    2012-12-12 01:03:04 -------- d-----w- C:\Users\Arseniy\AppData\Local\{A8174FC7-2690-48C6-86AB-64C781A612DB}
    2012-12-11 13:02:40 -------- d-----w- C:\Users\Arseniy\AppData\Local\{B540D9F6-E113-446D-8859-2DCBEBD270FC}
    2012-12-10 23:36:26 -------- d-----w- C:\Users\Arseniy\AppData\Local\{3FB90E74-B4C7-46E6-A96A-B6EEFFE12F96}
    2012-12-10 10:58:50 -------- d-----w- C:\Users\Arseniy\AppData\Local\{879AF12B-047C-4422-90C8-CED426B538B9}
    2012-12-09 15:42:19 -------- d-----w- C:\Users\Arseniy\AppData\Local\{07CDA8E3-7E1C-452E-9BB2-7CB9587507D6}
    2012-12-08 14:38:27 -------- d-----w- C:\Users\Arseniy\AppData\Local\{3321D25E-752B-42FD-B2FD-71829A8BC32C}
    2012-12-08 03:51:03 -------- d-----r- C:\Users\Arseniy\Dropbox
    2012-12-07 10:57:28 -------- d-----w- C:\Users\Arseniy\AppData\Local\{CEBAACA7-0BB6-4AE9-ACEE-BD54C36D7F8B}
    2012-12-06 02:57:48 -------- d-----w- C:\Users\Arseniy\AppData\Local\{2E9312D0-C5BD-49CE-BE57-4A367DBF58A4}
    2012-12-05 03:43:35 -------- d-----w- C:\Users\Arseniy\AppData\Local\{523811F3-9348-4690-B541-18A673E941E4}
    2012-12-04 13:42:49 -------- d-----w- C:\Users\Arseniy\AppData\Local\{BD2CCEBF-FD78-4427-B97C-5B99348821F3}
    2012-12-04 01:09:38 -------- d-----w- C:\Users\Arseniy\AppData\Local\{BADEC476-F5B0-47D7-BC14-C6954F64241D}
    2012-12-03 13:09:15 -------- d-----w- C:\Users\Arseniy\AppData\Local\{594B1F8B-AE60-4B27-8DD2-48146D42B4DC}
    2012-12-02 21:31:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-12-02 21:31:43 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2012-12-02 21:31:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2012-12-02 21:30:39 -------- d-----w- C:\Users\Arseniy\AppData\Local\Programs
    2012-12-02 21:26:14 -------- d-----w- C:\Users\Arseniy\AppData\Local\Microsoft_Corporation
    2012-12-02 21:25:16 86984 ----a-w- C:\Windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
    2012-12-02 21:25:16 57288 ----a-w- C:\Windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
    2012-12-02 21:24:05 88520 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4000.0.dll
    2012-12-02 21:24:05 82888 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4000.0.dll
    2012-12-02 18:39:09 -------- d-----w- C:\Users\Arseniy\AppData\Local\{22E64CD7-116D-41CC-805D-BA5202979807}
    2012-12-02 01:45:15 -------- d-----w- C:\ACS Programs
    2012-12-01 15:45:50 -------- d-----w- C:\Users\Arseniy\AppData\Local\{ADE8D2BA-381C-4294-93E0-8F3F1DA159DC}
    2012-11-30 11:08:28 -------- d-----w- C:\Users\Arseniy\AppData\Local\{75DA0995-0578-4DBB-A18E-5D495FB1AD08}
    2012-11-29 13:08:54 -------- d-----w- C:\Users\Arseniy\AppData\Local\{F6EBBABC-C6F6-4BE2-A458-25BBB240524E}
    2012-11-29 03:48:22 -------- d-----w- C:\Program Files\Business Objects
    2012-11-29 03:47:15 -------- d-----w- C:\Windows\SysWow64\js
    2012-11-29 03:47:15 -------- d-----w- C:\Windows\SysWow64\css
    2012-11-29 03:47:15 -------- d-----w- C:\Program Files (x86)\Business Objects
    2012-11-29 03:45:50 -------- d-----w- C:\Program Files\Microsoft Device Emulator
    2012-11-29 03:45:50 -------- d-----w- C:\Program Files (x86)\Microsoft Device Emulator
    2012-11-29 03:45:24 -------- d-----w- C:\Program Files (x86)\Windows Mobile 5.0 SDK R2
    2012-11-29 03:42:21 -------- d-----w- C:\ProgramData\PreEmptive Solutions
    2012-11-29 03:38:47 -------- d-----w- C:\Program Files (x86)\CE Remote Tools
    2012-11-29 03:37:59 -------- d-----w- C:\Program Files (x86)\Microsoft Web Designer Tools
    2012-11-29 03:37:00 97296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1036.dll
    2012-11-29 03:37:00 96272 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.3082.dll
    2012-11-29 03:37:00 96272 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1031.dll
    2012-11-29 03:37:00 95248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1040.dll
    2012-11-29 03:37:00 91152 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1033.dll
    2012-11-29 03:37:00 81424 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1041.dll
    2012-11-29 03:37:00 79888 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1042.dll
    2012-11-29 03:37:00 76304 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1028.dll
    2012-11-29 03:37:00 75792 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.2052.dll
    2012-11-29 03:37:00 562688 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
    2012-11-28 23:58:03 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1B410908-F803-4421-985C-F9E0AB42D734}\gapaengine.dll
    2012-11-28 23:43:11 -------- d-----w- C:\Users\Arseniy\AppData\Local\{59079B10-FAA1-4D5E-82F3-54AEEF54B0A0}
    2012-11-28 10:58:49 -------- d-----w- C:\Users\Arseniy\AppData\Local\{19F4D958-19E8-4160-A978-78C00D389044}
    2012-11-27 13:43:33 -------- d-----w- C:\Users\Arseniy\AppData\Local\{5DDB481D-F77C-4770-92E9-B3F28EB4318A}
    .
    ==================== Find3M ====================
    .
    2012-12-12 01:58:14 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 01:58:14 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-10-13 19:31:08 212 ----a-w- C:\Windows\ildasmfnt.bin
    2012-10-11 02:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
    2012-10-11 02:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
    2012-10-11 02:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
    2012-10-11 02:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
    2012-10-11 02:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
    2012-10-11 02:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
    2012-10-11 02:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
    2012-10-11 02:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-04 21:19:14 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-10-04 21:19:11 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-10-04 21:19:11 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 1:01:48.09 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04-Mar-11 4:24:58 AM
    System Uptime: 26-Dec-12 10:35:12 PM (3 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8P67 LE
    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 2475/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 333.557 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 466 GiB total, 1.077 GiB free.
    F: is FIXED (NTFS) - 2795 GiB total, 1467.643 GiB free.
    H: is CDROM ()
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {5458011f-08d4-4605-93a2-f03e61bedba3}
    Description: Enhanced Display Driver Helper Service
    Device ID: ROOT\ASUSOTHERDEVICES\0002
    Manufacturer: ASUSTeK
    Name: Enhanced Display Driver Helper Service
    PNP Device ID: ROOT\ASUSOTHERDEVICES\0002
    Service: asuskbnt
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 199.193.118.246 www.google-analytics.com.
    Hosts: 199.193.118.246 ad-emea.doubleclick.net.
    Hosts: 199.193.118.246 www.statcounter.com.
    Hosts: 199.193.118.246 connect.facebook.net.
    Hosts: 93.115.241.27 www.google-analytics.com.
    Hosts: 93.115.241.27 ad-emea.doubleclick.net.
    Hosts: 93.115.241.27 www.statcounter.com.
    Hosts: 93.115.241.27 connect.facebook.net.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Acoustica Mixcraft 6
    Adobe AIR
    Adobe Creative Suite 5 Master Collection
    Adobe Flash Media Live Encoder 3.2
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Flash Professional CS6
    Adobe Help Manager
    Adobe Reader X (10.1.4)
    AI Suite II
    Alice: Madness Returns
    Amnesia: The Dark Descent
    And Yet It Moves
    Antares Autotune VST v5.09
    Asmedia ASM104x USB 3.0 Host Controller Driver
    ASUS GameOSD Utility
    ASUS nVidia Driver
    Atom Zombie Smasher
    Audacity 2.0.2
    Autodesk Softimage Mod Tool 7.5
    AZiO KB588U Driver
    Bandisoft MPEG-1 Decoder
    Battlelog Web Plugins
    Borderlands 2
    Braid
    Browser Configuration Utility
    C9
    CCleaner
    Combined Community Codec Pack 2011-07-30
    Corona SDK
    Counter-Strike: Global Offensive Beta
    Crayon Physics Deluxe
    Crystal Reports Basic for Visual Studio 2008
    Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
    Crystal Reports for Visual Studio
    D3DX10
    Darksiders
    DarksidersInstaller
    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
    DisplayFusion 4.0.1
    Divinity 2: Developer's Cut
    Dota 2
    ERUNT 1.1j
    Find and Mount 2.32
    FlashDevelop 4.0.4
    Free Audio CD Burner version 1.4.7
    Free YouTube to MP3 Converter version 3.11.33.1005
    GameRanger
    Google Chrome
    Google Talk Plugin
    Guns of Icarus Online
    Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054)
    Hotfix for Office (KB950278)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    HP LaserJet Professional M1130-M1210 MFP Series
    HP LaserJet Professional M1210 MFP Series Fax Installer
    I Am Alive
    iLok Client Helper
    Intel(R) Rapid Storage Technology
    Intel® Watchdog Timer Driver (Intel® WDT)
    Japanese Fonts Support For Adobe Reader X
    Java 7 Update 7
    Java 7 Update 7 (64-bit)
    Java Auto Updater
    Java Platform, Enterprise Edition 5 SDK
    Java SE Development Kit 7 Update 7 (64-bit)
    Java(TM) 6 Update 31
    Java(TM) 6 Update 37 (64-bit)
    Java(TM) SE Development Kit 6 Update 37 (64-bit)
    JDownloader 0.9
    Killing Floor
    League of Legends
    Logitech G35
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.65.1.1000
    McAfee Security Scan Plus
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Device Emulator (64 bit) version 3.0 - ENU
    Microsoft Document Explorer 2008
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Help Viewer 1.1
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 32-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 32-bit MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft PowerPoint 2010
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server 2008 R2 (64-bit)
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Management Objects (x64)
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 RsFx Driver
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server Database Publishing Wizard 1.3
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services v1.0 SP1 (x64)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2008 Remote Debugger - ENU
    Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    Microsoft Visual Studio 2010 Office Developer Tools (x64)
    Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Ultimate - ENU
    Microsoft Visual Studio Macro Tools
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
    Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
    Microsoft Word 2010
    Microsoft XNA Framework Redistributable 4.0
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    MKVtoolnix 4.9.1
    Monkey's Audio
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSI Afterburner 2.1.0
    MSVCRT
    MSVCRT Redists
    NetBeans IDE 7.2.1
    Notepad++
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 306.02
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    Open PLS in Windows Media Player 2.3.0
    Osmos
    Pando Media Booster
    PandoraRecovery (Remove Only)
    PDF Settings CS5
    PDF Settings CS6
    PlanetSide 2
    PS3 Media Server
    PxMergeModule
    Realtek Ethernet Controller Driver
    Realtek Ethernet Diagnostic Utility
    Realtek High Definition Audio Driver
    Revenge of the Titans
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    SAMSUNG USB Driver for Mobile Phones
    Samsung_MonSetup
    Scan To
    SeaTools for Windows
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 64-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
    Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)
    Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Security Update for Microsoft Word 2010 (KB2553488) 64-Bit Edition
    Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit)
    Sid Meier's Civilization V
    Skype Click to Call
    Skype™ 6.0
    Spybot - Search & Destroy
    SQL Server 2008 R2 SP2 Common Files
    SQL Server 2008 R2 SP2 Database Engine Services
    SQL Server 2008 R2 SP2 Database Engine Shared
    SQL Server 2008 R2 SP2 Management Studio
    Sql Server Customer Experience Improvement Program
    StarCraft II
    Steam
    System Requirements Lab CYRI
    TeamViewer 7
    Terraria
    Torchlight II
    TortoiseSVN 1.7.1.22161 (64 bit)
    Trine 2
    Two Worlds II
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    Utility
    VC Runtimes MSI
    Vegas Pro 10.0 (64-bit)
    Ventrilo Client for Windows x64
    Virtual Audio Cable 4.10
    Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    Visual C++ 2008 x64 Runtime - (v9.0.30729)
    Visual C++ 2008 x64 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 64-bit Redistributables
    Visual Studio .NET Prerequisites - English
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio 2010 Prerequisites - English
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    VST Bridge 1.1
    Warhammer 40,000: Dawn of War - Game of the Year Edition
    WCF RIA Services V1.0 SP1
    Web Deployment Tool
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    WinRAR 4.00 (64-bit)
    XSplit
    .
    ==== Event Viewer Messages From Past Week ========
    .
    26-Dec-12 3:13:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
    26-Dec-12 3:13:28 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    26-Dec-12 2:59:37 PM, Error: Service Control Manager [7000] - The RivaTuner64 service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    26-Dec-12 11:47:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800afb8230, 0xfffff8800fdc4630, 0xffffffffc000009a, 0x0000000000000004). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122612-55551-01.
    26-Dec-12 11:44:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800943b010, 0xfffff8800feef630, 0xffffffffc000009a, 0x0000000000000004). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122612-59217-01.
    26-Dec-12 10:41:09 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    26-Dec-12 10:38:39 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    26-Dec-12 10:38:39 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    26-Dec-12 10:36:35 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    26-Dec-12 10:36:30 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    26-Dec-12 10:36:30 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    26-Dec-12 10:36:30 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    26-Dec-12 10:26:33 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    26-Dec-12 10:17:10 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
    26-Dec-12 10:09:47 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
    25-Dec-12 2:51:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000007, 0x000000000021bd47, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122512-61058-01.
    22-Dec-12 10:57:15 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    .
    ==== End Of File ===========================

    Thank you for your time.

  2. #2
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi and sumguy111

    My name is Robybel.

    I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    Please be adviced, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
    This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.


    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


    Vista and Windows 7 users:

    These tools MUST be run from the executable. (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.

    Having said that....Let's get going!!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  3. #3
    Junior Member
    Join Date
    Dec 2012
    Posts
    7

    Default

    Thank you and good luck.

  4. #4
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi sumguy111

    P2P Programs:

    P2P programs are a major source of Malware infections.
    From your log I see you have uTorrent and jDownloader We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
    The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
    If you wish to keep the program(s), please do not use them until your computer is cleaned.

    Information regarding the risk of using these programs can be found from here and here
    ___________________________________________________

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    =============================== Next =======================================

    Please download aswMBR.exe and save it to your desktop.
    • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
    • Allow it to update where necessary
    • Click Scan

      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.



    On your next reply please post :
    • checkup.txt
    • aswMBR log

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  5. #5
    Junior Member
    Join Date
    Dec 2012
    Posts
    7

    Default

    Thank you for the reply. I am aware of the risks involving p2p programs and am careful when using them. I have run the scans and here are the logs:

    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java Platform, Enterprise Edition 5 SDK
    Java(TM) 6 Update 31
    Java 7 Update 7
    Java version out of Date!
    Adobe Flash Player 11.5.502.135
    Mozilla Firefox 12.0 Firefox out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    Google Chrome 23.0.1271.97
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Spybot Teatimer.exe is disabled!
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-29 16:06:54
    -----------------------------
    16:06:54.966 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:06:54.966 Number of processors: 4 586 0x2A07
    16:06:54.967 ComputerName: PC-SUPREME UserName: Arseniy
    16:06:56.306 Initialize success
    16:07:47.025 AVAST engine defs: 12122900
    16:07:56.993 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    16:07:56.996 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
    16:07:57.014 Disk 0 MBR read successfully
    16:07:57.018 Disk 0 MBR scan
    16:07:57.024 Disk 0 Windows XP default MBR code
    16:07:57.028 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    16:07:57.066 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
    16:07:57.162 Disk 0 scanning C:\Windows\system32\drivers
    16:08:10.065 Service scanning
    16:08:37.223 Modules scanning
    16:08:37.233 Disk 0 trace - called modules:
    16:08:37.247 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    16:08:37.253 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800908a060]
    16:08:37.584 3 CLASSPNP.SYS[fffff88001bae43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007db9050]
    16:08:39.906 AVAST engine scan C:\Windows
    16:08:42.764 AVAST engine scan C:\Windows\system32
    16:13:42.317 AVAST engine scan C:\Windows\system32\drivers
    16:13:54.134 AVAST engine scan C:\Users\Arseniy
    16:29:12.970 AVAST engine scan C:\ProgramData
    16:39:47.490 Scan finished successfully
    17:01:08.423 Disk 0 MBR has been saved successfully to "C:\Users\Arseniy\Desktop\MBR.dat"
    17:01:08.426 The log file has been saved successfully to "C:\Users\Arseniy\Desktop\aswMBR.txt"

  6. #6
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi sumguy111

    Uninstall Java

    Click Start
    Select Control Panel
    Select Programs
    Click Programs and Features
    Select the program you want to uninstall by clicking on it, and then click the Uninstall button.
    You may need administrator privileges to remove programs.


    =============================== Next =======================================



    AdwCleaner

    • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.


    =============================== Next =======================================



    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Refer to the ComboFix User's Guide


    Download ComboFix from one of these locations:

    Link 1
    Link 2



    * IMPORTANT- Save ComboFix.exe to your Desktop

    ====================================================


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


    ====================================================


    Double click on combofix.exe & follow the prompts.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.



    On your next reply please post :
    • AdwCleaner log
    • Combofix log

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  7. #7
    Junior Member
    Join Date
    Dec 2012
    Posts
    7

    Default

    Hi, I have uninstalled everything with java except for something called Java Platform, Enterprise Edition 5 SDK as it gives me an error whenever I try to uninstall it. I have run the programs and here are the logs:

    # AdwCleaner v2.104 - Logfile created 12/30/2012 at 18:29:19
    # Updated 29/12/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Arseniy - PC-SUPREME
    # Boot Mode : Normal
    # Running from : C:\Users\Arseniy\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Mozilla Firefox v12.0 (en-US)

    File : C:\Users\Arseniy\AppData\Roaming\Mozilla\Firefox\Profiles\spv419ud.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\Arseniy\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [862 octets] - [30/12/2012 18:29:19]

    ########## EOF - C:\AdwCleaner[S1].txt - [921 octets] ##########





    ComboFix 12-12-30.01 - Arseniy 30-Dec-12 18:53:22.6.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8173.6106 [GMT -5:00]
    Running from: c:\users\Arseniy\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-31 00:01 . 2012-12-31 00:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-12-31 00:01 . 2012-12-31 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-30 16:19 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C6D92DF-FB39-4BD6-9BF0-AEDD0DDDDCDF}\mpengine.dll
    2012-12-29 16:09 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-27 02:00 . 2012-12-27 02:00 -------- d-----w- c:\program files (x86)\ERUNT
    2012-12-26 19:59 . 2012-12-26 19:59 -------- d-----w- c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    2012-12-26 18:06 . 2012-12-26 18:06 -------- d-sh--w- c:\users\Arseniy\AppData\Roaming\Common
    2012-12-26 18:06 . 2012-12-27 04:47 -------- d-----w- c:\users\Arseniy\AppData\Roaming\DisplayFusion
    2012-12-26 18:06 . 2012-12-26 18:06 -------- d-----w- c:\program files (x86)\DisplayFusion
    2012-12-24 20:53 . 2012-12-24 20:53 -------- d-----w- c:\users\Arseniy\AppData\Local\Two Worlds II
    2012-12-16 02:15 . 2012-12-16 02:15 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-12-16 00:29 . 2012-12-16 00:29 -------- d-----w- c:\program files (x86)\SplitMediaLabs
    2012-12-15 22:15 . 2012-12-15 22:15 -------- d-----w- c:\users\Arseniy\AppData\Roaming\Antares
    2012-12-15 22:15 . 2012-12-15 22:15 -------- d-----w- c:\program files (x86)\Antares Audio Technologies
    2012-12-15 17:06 . 2012-12-15 17:06 -------- d-----w- c:\program files (x86)\PACE Anti-Piracy
    2012-12-15 06:43 . 2012-12-15 06:43 -------- d-----w- c:\program files (x86)\Common Files\PACE Anti-Piracy
    2012-12-15 06:33 . 2012-12-15 06:33 -------- d-----w- c:\programdata\PACE
    2012-12-15 03:50 . 2012-12-15 03:50 -------- d-----w- c:\users\Arseniy\AppData\Roaming\fltk.org
    2012-12-15 03:50 . 2012-12-15 03:50 -------- d-----w- c:\programdata\fltk.org
    2012-12-13 19:30 . 2012-12-13 19:30 5955856 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfCaomponent.dll
    2012-12-12 13:35 . 2012-12-12 13:35 -------- d-----w- c:\users\Arseniy\AppData\Roaming\SynthMaker
    2012-12-12 13:35 . 2012-12-12 13:35 -------- d-----w- c:\users\Arseniy\AppData\Roaming\Acoustica
    2012-12-12 13:29 . 2012-12-15 22:15 -------- d-----w- c:\program files (x86)\VST
    2012-12-12 13:29 . 2012-12-12 13:30 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 6
    2012-12-12 13:29 . 2012-12-12 13:29 -------- d-----w- c:\programdata\Acoustica
    2012-12-12 03:59 . 2012-12-12 03:59 -------- d-----w- c:\program files\Virtual Audio Cable
    2012-12-12 03:59 . 2012-12-12 03:59 66728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
    2012-12-12 03:56 . 2012-12-15 16:54 -------- d-----w- c:\users\Arseniy\AppData\Roaming\Audacity
    2012-12-12 03:55 . 2012-12-12 03:55 -------- d-----w- c:\program files (x86)\Audacity
    2012-12-08 03:51 . 2012-12-10 11:37 -------- d-----r- c:\users\Arseniy\Dropbox
    2012-12-02 21:31 . 2012-12-16 02:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-12-02 21:31 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
    2012-12-02 21:31 . 2012-12-02 21:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2012-12-02 21:30 . 2012-12-02 21:30 -------- d-----w- c:\users\Arseniy\AppData\Local\Programs
    2012-12-02 21:26 . 2012-12-02 21:26 -------- d-----w- c:\users\Arseniy\AppData\Local\Microsoft_Corporation
    2012-12-02 21:25 . 2012-06-29 06:22 57288 ----a-w- c:\windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
    2012-12-02 21:25 . 2012-06-29 06:17 86984 ----a-w- c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
    2012-12-02 21:24 . 2012-06-29 06:22 82888 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4000.0.dll
    2012-12-02 21:24 . 2012-06-29 06:17 88520 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4000.0.dll
    2012-12-02 21:19 . 2012-12-02 21:19 -------- d-----w- c:\program files\Microsoft.NET
    2012-12-02 01:45 . 2012-12-02 03:22 -------- d-----w- C:\ACS Programs
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-12 01:58 . 2012-04-05 11:09 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-12 01:58 . 2011-11-03 02:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-28 23:55 . 2012-11-28 23:58 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B410908-F803-4421-985C-F9E0AB42D734}\gapaengine.dll
    2012-11-15 03:12 . 2011-09-24 18:43 2479136 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-10-30 02:04 . 2011-03-06 16:06 66395536 ----a-w- c:\windows\system32\MRT.exe
    2012-10-18 18:25 . 2012-11-15 02:47 3149824 ----a-w- c:\windows\system32\win32k.sys
    2012-10-11 02:23 . 2012-10-11 02:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
    2012-10-11 02:23 . 2012-10-11 02:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-10-11 02:23 . 2012-10-11 02:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-10-11 02:23 . 2012-08-25 04:16 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2012-10-11 02:23 . 2012-10-11 02:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2012-10-11 02:23 . 2012-10-11 02:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-10-11 02:23 . 2012-10-11 02:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-10-11 02:23 . 2012-10-11 02:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2012-10-11 02:23 . 2012-10-11 02:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-10-11 02:23 . 2012-10-11 02:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
    2012-10-11 02:23 . 2011-03-04 09:29 2731880 ----a-w- c:\windows\system32\nvapi64.dll
    2012-10-11 02:23 . 2012-02-10 02:43 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-10-11 02:23 . 2011-03-04 09:29 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-10-11 02:23 . 2012-10-11 02:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
    2012-10-11 02:23 . 2012-10-11 02:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-10-11 02:23 . 2012-10-11 02:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-10-11 02:23 . 2012-10-11 02:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-10-11 02:22 . 2011-03-04 09:29 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-10-11 02:22 . 2012-10-11 02:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-10-11 02:22 . 2011-10-14 02:55 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-10-11 02:22 . 2011-03-04 09:29 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-10-11 02:22 . 2012-10-11 02:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-10-11 02:22 . 2012-10-11 02:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-10-11 02:22 . 2012-10-11 02:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-11 02:22 . 2012-10-11 02:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-10-09 18:17 . 2012-11-15 02:47 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-15 02:47 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-15 02:47 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-15 02:47 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    2012-10-04 21:19 . 2012-10-04 21:19 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-10-04 21:19 . 2011-03-18 18:04 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-10-03 17:56 . 2012-11-15 02:47 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-10-03 17:44 . 2012-11-15 02:47 70656 ----a-w- c:\windows\system32\nlaapi.dll
    2012-10-03 17:44 . 2012-11-15 02:47 303104 ----a-w- c:\windows\system32\nlasvc.dll
    2012-10-03 17:44 . 2012-11-15 02:47 246272 ----a-w- c:\windows\system32\netcorehc.dll
    2012-10-03 17:44 . 2012-11-15 02:47 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-10-03 17:44 . 2012-11-15 02:47 216576 ----a-w- c:\windows\system32\ncsi.dll
    2012-10-03 17:42 . 2012-11-15 02:47 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-10-03 16:42 . 2012-11-15 02:47 18944 ----a-w- c:\windows\SysWow64\netevent.dll
    2012-10-03 16:42 . 2012-11-15 02:47 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
    2012-10-03 16:42 . 2012-11-15 02:47 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    2012-10-03 16:07 . 2012-11-15 02:47 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-10-02 19:51 . 2012-05-24 02:39 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-10-02 19:51 . 2011-03-24 04:52 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-10-02 19:51 . 2011-03-24 04:53 6200680 ----a-w- c:\windows\system32\nvcpl.dll
    2012-10-02 19:50 . 2011-03-24 04:53 891240 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-10-02 19:50 . 2011-03-24 04:53 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-10-02 19:50 . 2011-03-24 04:53 118120 ----a-w- c:\windows\system32\nvmctray.dll
    2012-10-02 19:50 . 2010-10-19 07:25 63336 ----a-w- c:\windows\system32\nvshext.dll
    2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GoogleChromeAutoLaunch_A54027E74664F5343D4F3BF1B252515D"="c:\users\Arseniy\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
    "DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-05-30 4480456]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
    "Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Launch DearMo DK1000DA"="c:\program files (x86)\AZiO KB588U Driver\KbClient_FD3.exe" [2011-09-09 663635]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    "D3DOverrider"="c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverriderWrapper.exe" [2009-08-22 40960]
    .
    c:\users\Arseniy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    SDK Tray Menu.lnk - c:\program files\Java\jdk1.7.0_07\bin\javaw.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 atidgllk;atidgllk;c:\users\Arseniy\AppData\Local\Temp\Rar$EX75.808\atidgllk.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-16 99384]
    R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-12-26 19952]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472]
    R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
    R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
    R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
    R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-16 203320]
    R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
    R3 vtany;vtany;c:\windows\vtany.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-16 1255736]
    R3 X6va005;X6va005;c:\users\Arseniy\AppData\Local\Temp\00554E0.tmp [x]
    R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
    R3 xspirit;xspirit;c:\users\Arseniy\AppData\Local\Temp\xspirit.sys [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
    R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys [2012-06-29 321992]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-06-29 441288]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [2010-10-28 917120]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe [2010-11-03 909440]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2010-10-21 586880]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
    S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-12-03 126520]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-11-16 121832]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-11-16 364520]
    S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-12-12 66728]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
    S3 KbFilter_Kb_FlexDef3;Siliten HID Keyboard(FlexDef3) Driver Service;c:\windows\system32\DRIVERS\KbFilter_FlexDef3.sys [2010-09-03 22016]
    S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
    S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 01:58]
    .
    2012-12-30 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS\AutoKMS.exe [2012-03-22 19:25]
    .
    2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096665876-1410169568-912929124-1000Core.job
    - c:\users\Arseniy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 03:43]
    .
    2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1096665876-1410169568-912929124-1000UA.job
    - c:\users\Arseniy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 03:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-07 11465832]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.entru.com/?s=21982
    mStart Page =
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearchAssistant = hxxp://www.google.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\users\Arseniy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Arseniy\AppData\Roaming\Mozilla\Firefox\Profiles\spv419ud.default\
    FF - prefs.js: browser.startup.homepage - hxxp://search.entru.com/?s=21982
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-SDWinLogon - SDWinLogon.dll
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Arseniy\AppData\Local\Temp\00554E0.tmp"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
    "ImagePath"="c:\windows\system32\xsherlock.xem"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,fd,4e,94,88,27,d8,44,a1,bf,f4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,fd,4e,94,88,27,d8,44,a1,bf,f4,\
    .
    [HKEY_USERS\S-1-5-21-1096665876-1410169568-912929124-1000\Software\SecuROM\License information*]
    "datasecu"=hex:a1,b7,f2,ba,ba,be,f0,56,02,6d,a3,68,01,5f,ae,49,97,ac,93,07,89,
    ba,09,b4,e4,ab,2c,be,fa,39,04,b0,d8,3d,81,6a,bb,23,d0,43,82,61,ee,46,1b,a7,\
    "rkeysecu"=hex:62,58,34,dc,e1,cb,51,60,ff,ad,2e,7e,c5,3c,21,02
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:66,ac,57,d0,bd,aa,f0,f7,1b,81,1a,80,c1,dd,d2,33,95,d7,fe,07,11,
    61,c2,f5,af,89,24,5d,5e,9e,78,d9,c7,09,ca,a8,f9,81,2f,5c,7a,63,20,1e,04,87,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:66,ac,57,d0,bd,aa,f0,f7,1b,81,1a,80,c1,dd,d2,33,95,d7,fe,07,11,
    61,c2,f5,af,89,24,5d,5e,9e,78,d9,c7,09,ca,a8,f9,81,2f,5c,7a,63,20,1e,04,87,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-12-30 19:03:20
    ComboFix-quarantined-files.txt 2012-12-31 00:03
    .
    Pre-Run: 355,219,701,760 bytes free
    Post-Run: 354,853,449,728 bytes free
    .
    - - End Of File - - 25D0BEA831C33E0701EB2860043894FC

  8. #8
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi sumguy111

    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.


    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    =========== Next==================


    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
    13. Push the Back button.
    14. Select Uninstall application on close check box and push


    On your next reply please post :
    • Malwarebytes report
    • Eset result

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  9. #9
    Junior Member
    Join Date
    Dec 2012
    Posts
    7

    Default

    Here are the logs from MBAM and ESET online scan:

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2012.12.31.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Arseniy :: PC-SUPREME [administrator]

    31-Dec-12 11:55:23 AM
    mbam-log-2012-12-31 (11-55-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 244910
    Time elapsed: 2 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    C:\Users\Arseniy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVYVULQ2\jquery-1.4.1.min[1].htm JS/Agent.NEU trojan
    C:\Users\Arseniy\Downloads\Batman_Begins_1080p_HDDVD_x264-ESiR.exe Win32/Adware.1ClickDownload.G application
    C:\Users\Arseniy\Downloads\cnet2_LL2MP3_zip.exe a variant of Win32/InstallCore.D application
    C:\Users\Arseniy\Downloads\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application
    C:\Users\Arseniy\Downloads\FreeYouTubeToMP3Converter (1).exe Win32/OpenCandy application
    C:\Users\Arseniy\Downloads\FreeYouTubeToMP3Converter (2).exe Win32/OpenCandy application
    C:\Users\Arseniy\Downloads\ninjahook_1.31.apk Android/Adware.AirPush.A application
    C:\Users\Arseniy\Downloads\OrbitSetup4.1.02.exe Win32/OpenCandy application
    C:\Users\Arseniy\Downloads\Visual Studio\MV Studio 2010.iso a variant of Win32/HackTool.Patcher.T application
    C:\Users\Arseniy\Downloads\Visual Studio\MV_Patch.rar a variant of Win32/HackTool.Patcher.T application
    C:\Windows\AutoKMS\AutoKMS.exe a variant of Win32/HackKMS.B application

  10. #10
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi sumguy111

    Please follow all previous instructions regarding security programs.

    Open a new Notepad session
    • Click the Start button, click run
    • in the run box type notepad
    • click ok
    • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
    • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE


    Code:
    File::
    C:\Users\Arseniy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVYVULQ2\jquery-1.4.1.min[1].htm 
    C:\Users\Arseniy\Downloads\Batman_Begins_1080p_HDDVD_x264-ESiR.exe 
    C:\Users\Arseniy\Downloads\cnet2_LL2MP3_zip.exe 
    C:\Users\Arseniy\Downloads\cnet_PandoraRecovery2_1_1Setup_exe.exe 
    C:\Users\Arseniy\Downloads\FreeYouTubeToMP3Converter (1).exe 
    C:\Users\Arseniy\Downloads\FreeYouTubeToMP3Converter (2).exe 
    C:\Users\Arseniy\Downloads\ninjahook_1.31.apk 
    C:\Users\Arseniy\Downloads\OrbitSetup4.1.02.exe 
    C:\Users\Arseniy\Downloads\Visual Studio\MV Studio 2010.iso 
    C:\Users\Arseniy\Downloads\Visual Studio\MV_Patch.rar 
    C:\Windows\AutoKMS\AutoKMS.exe

    In the notepad
    • Click File, Save as..., and set the Save in to your Desktop
    • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
    • Click save

    Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

    This will start ComboFix again.Close all browser/windows first.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



    Next

    Please Re-run your DDS
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Double click DDS icon to run the tool (may take up to 3 minutes to run)
    • When done, DDS.txt will open.
    • Save the report to your desktop.
    ---------------------------------------------------
    • Post the contents of the DDS.txt report in your next reply



    Please let me know, how your pc is running and if there are any outstanding issues


    On your next reply please post :
    • New DDS log


    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •