Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

• Disable any script blocking protection
• Double click dds to run the tool.
• When done, two DDS.txt's will open.
• Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• When asked if you want to download Avast's virus definitions please select Yes.
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
• You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

 

Here they are

The scan also found

networkspreader.exe in my temp folders but I assume you will see that in the text files.

 

Please run the following:

Refer to the ComboFix User's Guide

1. Download ComboFix from the following location:
   
   Link
   
   * IMPORTANT !!! Place ComboFix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   You can get help on disabling your protection programs here
   
3. Double click on ComboFix.exe & follow the prompts.
4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
5. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


NEXT


Please download TDSSKiller.zip

• Extract it to your desktop
• Double click TDSSKiller.exe
• when the window opens, click on Change Parameters
• under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
• click OK
• Press Start Scan
  • If Malicious objects are found then ensure Cure is selected
  • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
  • Then click Continue > Reboot now
• Copy and paste the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

 

Added the two new text reports

 

Please do the following:

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
c:\users\Peter\AppData\Roaming\QuikDANGER
c:\users\Peter\AppData\Roaming\Kaok

File::
c:\windows\Tasks\AutoKMS.job
c:\windows\AutoKMS\AutoKMS.exe 

Collect::
c:\users\Peter\AppData\Roaming\Quik\ceehb.exe

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix may request an update; please allow it.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right-mouse click JRT.exe and select Run as administrator
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.

• Run AdwCleaner and select Delete
• Once done it will ask to reboot, allow the reboot
• On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

• Please open your MalwareBytes AntiMalware Program
• Click the Update Tab and search for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- very important
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish

 

ComboFix Log

ComboFix 12-12-10.01 - Peter 12/10/2012  18:26:08.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.8154.5404 [GMT -5:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
Command switches used :: c:\users\Peter\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\AutoKMS\AutoKMS.exe"
"c:\windows\Tasks\AutoKMS.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Peter\AppData\Roaming\Kaok
c:\users\Peter\AppData\Roaming\QuikDANGER
c:\windows\AutoKMS\AutoKMS.exe
c:\windows\Tasks\AutoKMS.job
.
.
(((((((((((((((((((((((((   Files Created from 2012-11-10 to 2012-12-10  )))))))))))))))))))))))))))))))
.
.
2012-12-10 23:29 . 2012-12-10 23:29	--------	d-----w-	c:\users\Mum\AppData\Local\temp
2012-12-10 23:29 . 2012-12-10 23:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-05 02:20 . 2012-12-05 02:21	--------	d-----w-	c:\program files (x86)\BSPViewer
2012-12-02 21:24 . 2012-12-02 21:24	--------	d-----w-	c:\program files (x86)\AMX Mod X
2012-12-01 08:37 . 2012-12-01 08:46	--------	d-----w-	c:\users\Peter\AppData\Roaming\Polynomial
2012-11-28 07:09 . 2012-09-20 15:29	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-28 07:09 . 2012-11-28 07:09	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD37E501-B146-4146-A1B1-89C35D1AC5EF}\gapaengine.dll
2012-11-27 03:34 . 2012-11-27 03:34	--------	d-----w-	c:\users\Peter\AppData\Local\The Witcher 2
2012-11-24 21:17 . 2012-11-24 21:17	--------	d-----w-	c:\programdata\Sony
2012-11-24 21:17 . 2012-11-24 21:17	--------	d-----w-	c:\users\Peter\AppData\Roaming\Publish Providers
2012-11-24 21:12 . 2012-11-24 21:16	--------	d-----w-	c:\users\Peter\AppData\Local\Sony
2012-11-24 21:12 . 2012-11-24 21:12	--------	d-----w-	c:\windows\SysWow64\spool
2012-11-24 21:12 . 2012-11-24 21:12	--------	d-----w-	c:\program files (x86)\Sony
2012-11-24 21:11 . 2012-11-24 21:33	--------	d-----w-	c:\users\Peter\AppData\Roaming\Sony
2012-11-24 21:11 . 2012-11-24 21:11	--------	d-----w-	c:\program files\WinRAR
2012-11-24 21:01 . 2012-11-24 21:04	--------	d-----w-	C:\Fraps
2012-11-17 02:06 . 2012-11-17 02:06	--------	d-----w-	c:\users\Peter\AppData\Local\Rockstar Games
2012-11-17 02:06 . 2012-11-17 02:06	--------	d--h--r-	c:\users\Peter\AppData\Roaming\SecuROM
2012-11-17 02:05 . 2012-11-17 02:06	--------	d-----w-	c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-11-17 02:05 . 2012-11-17 02:05	--------	d-----w-	c:\windows\SysWow64\xlive
2012-11-16 23:46 . 2012-12-10 23:29	--------	d-----w-	c:\windows\AutoKMS
2012-11-14 02:59 . 2012-11-14 02:59	--------	d-----w-	c:\program files (x86)\GPU-Z
2012-11-12 18:13 . 2012-11-12 18:13	--------	d-----w-	c:\users\Peter\AppData\Roaming\Malwarebytes
2012-11-12 18:13 . 2012-11-12 18:13	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-12 18:13 . 2012-11-12 18:13	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-12 18:13 . 2012-09-30 00:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-11 22:37 . 2012-11-11 22:37	--------	d-----w-	c:\users\Peter\.thumbnails
2012-11-11 22:37 . 2012-11-11 22:37	--------	d-----w-	c:\users\Peter\AppData\Local\fontconfig
2012-11-11 22:37 . 2012-11-30 05:23	--------	d-----w-	c:\users\Peter\.gimp-2.8
2012-11-11 22:37 . 2012-11-11 22:37	--------	d-----w-	c:\users\Peter\AppData\Local\gegl-0.2
2012-11-11 22:36 . 2012-11-11 22:36	--------	d-----w-	c:\program files\GIMP 2
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-24 00:25 . 2009-08-18 17:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-24 00:24 . 2009-08-18 16:24	19696	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-19 00:35 . 2012-09-19 21:30	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-19 00:35 . 2012-09-19 21:30	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 19:26 . 2012-10-09 19:26	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-28 19:37 . 2012-09-28 19:37	221696	----a-w-	c:\windows\system32\clinfo.exe
2012-09-28 19:36 . 2012-09-28 19:36	75776	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-09-28 19:36 . 2012-09-28 19:36	65536	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-09-28 19:36 . 2012-09-28 19:36	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-09-28 19:36 . 2012-09-28 19:36	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-09-28 19:36 . 2012-09-28 19:36	32635904	----a-w-	c:\windows\system32\amdocl64.dll
2012-09-28 19:32 . 2012-09-28 19:32	27341824	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-09-28 02:23 . 2012-07-28 04:09	5557928	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21	10697216	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05	70144	----a-w-	c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02	16082432	----a-w-	c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59	23825920	----a-w-	c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57	13703168	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-07-28 02:15	935424	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2012-07-28 02:13	1120768	----a-w-	c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41	19624960	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39	6536192	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39	442368	----a-w-	c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39	538112	----a-w-	c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-09-28 01:31	3127296	----a-w-	c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-09-28 01:25	6704640	----a-w-	c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2012-07-28 01:51	7167488	----a-w-	c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-07-28 01:32	2691584	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-09-28 01:13	595456	----a-w-	c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	405504	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12	460288	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2012-07-28 01:13	129536	----a-w-	c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-09-28 01:11	103424	----a-w-	c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-07-28 01:13	82944	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-09-24 20:43 . 2012-09-24 20:43	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-24 20:43 . 2012-09-24 20:43	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-24 20:43 . 2012-09-24 20:43	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-19 19:56 . 2012-08-23 03:12	2506352	----a-w-	c:\windows\PE_Rom.dll
2012-09-19 19:50 . 2012-08-23 03:20	2571888	----a-w-	c:\windows\PE_File.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Peter\AppData\Local\Akamai\netsession_win.exe" [2012-08-11 4440896]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-09 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 00:35]
.
2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-04 10:20]
.
2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-04 10:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-710142519-1254953674-3544397317-1000\Software\SecuROM\License information*]
"datasecu"=hex:13,f9,16,d3,c8,94,53,46,40,77,94,19,12,1c,7d,6b,73,9f,70,f8,68,
   48,5d,5a,3f,44,ea,fe,4f,84,71,ad,a1,5e,67,7e,c5,d1,b4,87,b9,db,0c,b9,5a,c4,\
"rkeysecu"=hex:d0,9b,74,ee,5d,ac,59,34,ee,0f,33,df,82,d3,a3,9e
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\DAODx.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Completion time: 2012-12-10  18:36:23 - machine was rebooted
ComboFix-quarantined-files.txt  2012-12-10 23:36
ComboFix2.txt  2012-12-09 00:40
.
Pre-Run: 645,931,810,816 bytes free
Post-Run: 645,880,082,432 bytes free
.
- - End Of File - - C7F1038E23BB089762380BD6A4E20D71

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.0.9 (12.12.2012:2)
OS: Windows 7 Ultimate x64
Ran by Peter on Wed 12/12/2012 at 16:35:07.83
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/12/2012 at 16:38:25.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malware Bytes

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.12.13

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Peter :: PETER-PC [administrator]

12/12/2012 4:53:17 PM
mbam-log-2012-12-12 (16-53-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229614
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 # AdwCleaner v2.100 - Logfile created 12/12/2012 at 16:42:56
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : Peter - PETER-PC
# Boot Mode : Normal
# Running from : C:\Users\Peter\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Mum\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [842 octets] - [12/12/2012 16:42:56]

########## EOF - C:\AdwCleaner[S1].txt - [901 octets] ##########

 

Please run the following:

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.techsupportforum.com/forums/f50/air-canada-malware-email-678402.html#post3987839

Collect::
E:\Users\Peter\AppData\Local\Temp\Rpcqt.dll

File::
C:\Program Files (x86)\Vuze\bunndle.zip	
C:\Users\Peter\Downloads\DTLite4454-0316.exe	
C:\Users\Peter\Downloads\siw-setup.exe	
E:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll	
E:\Users\Peter\Downloads\siw-setup.exe

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix may request an update; please allow it.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please advise if there are any outstanding issues

 

ComboFix 12-12-12.01 - Peter 12/12/2012  22:13:22.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.8154.5252 [GMT -5:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
Command switches used :: c:\users\Peter\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Vuze\bunndle.zip"
"c:\users\Peter\Downloads\DTLite4454-0316.exe"
"c:\users\Peter\Downloads\siw-setup.exe"
"e:\program files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll"
"e:\users\Peter\Downloads\siw-setup.exe"
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Vuze\bunndle.zip
c:\users\Peter\Downloads\DTLite4454-0316.exe
c:\users\Peter\Downloads\siw-setup.exe
e:\program files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll
e:\users\Peter\AppData\Local\Temp\Rpcqt.dll
e:\users\Peter\Downloads\siw-setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-11-13 to 2012-12-13  )))))))))))))))))))))))))))))))
.
.
2012-12-13 03:18 . 2012-12-13 03:18	--------	d-----w-	c:\users\Mum\AppData\Local\temp
2012-12-13 03:18 . 2012-12-13 03:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-12 21:58 . 2012-12-12 21:58	--------	d-----w-	c:\program files (x86)\ESET
2012-12-12 21:35 . 2012-12-12 21:35	--------	d-----w-	c:\windows\ERUNT
2012-12-12 21:34 . 2012-12-12 21:34	--------	d-----w-	C:\JRT
2012-12-12 14:31 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{900B4D64-0832-4F53-BE85-1D55E868D668}\mpengine.dll
2012-12-11 09:06 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-05 02:20 . 2012-12-05 02:21	--------	d-----w-	c:\program files (x86)\BSPViewer
2012-12-02 21:24 . 2012-12-02 21:24	--------	d-----w-	c:\program files (x86)\AMX Mod X
2012-12-01 08:37 . 2012-12-01 08:46	--------	d-----w-	c:\users\Peter\AppData\Roaming\Polynomial
2012-11-28 07:09 . 2012-09-20 15:29	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-28 07:09 . 2012-11-28 07:09	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD37E501-B146-4146-A1B1-89C35D1AC5EF}\gapaengine.dll
2012-11-27 03:34 . 2012-11-27 03:34	--------	d-----w-	c:\users\Peter\AppData\Local\The Witcher 2
2012-11-24 21:17 . 2012-11-24 21:17	--------	d-----w-	c:\programdata\Sony
2012-11-24 21:17 . 2012-11-24 21:17	--------	d-----w-	c:\users\Peter\AppData\Roaming\Publish Providers
2012-11-24 21:12 . 2012-11-24 21:16	--------	d-----w-	c:\users\Peter\AppData\Local\Sony
2012-11-24 21:12 . 2012-11-24 21:12	--------	d-----w-	c:\windows\SysWow64\spool
2012-11-24 21:12 . 2012-11-24 21:12	--------	d-----w-	c:\program files (x86)\Sony
2012-11-24 21:11 . 2012-11-24 21:33	--------	d-----w-	c:\users\Peter\AppData\Roaming\Sony
2012-11-24 21:11 . 2012-11-24 21:11	--------	d-----w-	c:\program files\WinRAR
2012-11-24 21:01 . 2012-11-24 21:04	--------	d-----w-	C:\Fraps
2012-11-17 02:06 . 2012-11-17 02:06	--------	d-----w-	c:\users\Peter\AppData\Local\Rockstar Games
2012-11-17 02:06 . 2012-11-17 02:06	--------	d--h--r-	c:\users\Peter\AppData\Roaming\SecuROM
2012-11-17 02:05 . 2012-11-17 02:06	--------	d-----w-	c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-11-17 02:05 . 2012-11-17 02:05	--------	d-----w-	c:\windows\SysWow64\xlive
2012-11-16 23:46 . 2012-12-10 23:29	--------	d-----w-	c:\windows\AutoKMS
2012-11-14 02:59 . 2012-11-14 02:59	--------	d-----w-	c:\program files (x86)\GPU-Z
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 07:24 . 2012-09-19 21:30	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 07:24 . 2012-09-19 21:30	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-24 00:25 . 2009-08-18 17:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-24 00:24 . 2009-08-18 16:24	19696	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-09 19:26 . 2012-10-09 19:26	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-30 00:54 . 2012-11-12 18:13	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-28 19:37 . 2012-09-28 19:37	221696	----a-w-	c:\windows\system32\clinfo.exe
2012-09-28 19:36 . 2012-09-28 19:36	75776	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-09-28 19:36 . 2012-09-28 19:36	65536	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-09-28 19:36 . 2012-09-28 19:36	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-09-28 19:36 . 2012-09-28 19:36	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-09-28 19:36 . 2012-09-28 19:36	32635904	----a-w-	c:\windows\system32\amdocl64.dll
2012-09-28 19:32 . 2012-09-28 19:32	27341824	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-09-28 02:23 . 2012-07-28 04:09	5557928	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21	10697216	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05	70144	----a-w-	c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02	16082432	----a-w-	c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59	23825920	----a-w-	c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57	13703168	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-07-28 02:15	935424	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2012-07-28 02:13	1120768	----a-w-	c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41	19624960	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39	6536192	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39	442368	----a-w-	c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39	538112	----a-w-	c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-09-28 01:31	3127296	----a-w-	c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-09-28 01:25	6704640	----a-w-	c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2012-07-28 01:51	7167488	----a-w-	c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-07-28 01:32	2691584	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-09-28 01:13	595456	----a-w-	c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	405504	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12	460288	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2012-07-28 01:13	129536	----a-w-	c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-09-28 01:11	103424	----a-w-	c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-07-28 01:13	82944	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-09-24 20:43 . 2012-09-24 20:43	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-24 20:43 . 2012-09-24 20:43	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-24 20:43 . 2012-09-24 20:43	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-19 19:56 . 2012-08-23 03:12	2506352	----a-w-	c:\windows\PE_Rom.dll
2012-09-19 19:50 . 2012-08-23 03:20	2571888	----a-w-	c:\windows\PE_File.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Peter\AppData\Local\Akamai\netsession_win.exe" [2012-08-11 4440896]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-09 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 07:24]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-04 10:20]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-04 10:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-710142519-1254953674-3544397317-1000\Software\SecuROM\License information*]
"datasecu"=hex:13,f9,16,d3,c8,94,53,46,40,77,94,19,12,1c,7d,6b,73,9f,70,f8,68,
   48,5d,5a,3f,44,ea,fe,4f,84,71,ad,a1,5e,67,7e,c5,d1,b4,87,b9,db,0c,b9,5a,c4,\
"rkeysecu"=hex:d0,9b,74,ee,5d,ac,59,34,ee,0f,33,df,82,d3,a3,9e
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\DAODx.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2012-12-12  22:23:17 - machine was rebooted
ComboFix-quarantined-files.txt  2012-12-13 03:23
ComboFix2.txt  2012-12-10 23:36
ComboFix3.txt  2012-12-09 00:40
.
Pre-Run: 647,769,862,144 bytes free
Post-Run: 647,615,864,832 bytes free
.
- - End Of File - - 48914A77D57F23C1253E8C332B49F113

Combofix attempted to upload some information to their server but it failed and saved as a document for me to manually upload. Should I post that here as well?

 

Combofix attempted to upload some information to their server but it failed and saved as a document for me to manually upload.

Please do the following:

Please open this link HERE in a new window.

In the box marked Link to topic where this file was requested: please paste in the following text

http://www.techsupportforum.com/forums/f50/air-canada-malware-email-678402.html#post3987965

Click the Browse button and navigate to C:\Qoobox\Quarantine

There should be a zip file there called [4]-Submit_****-**-**_**.**.**.zip ( the * denotes Date and Time stamp )
Select this file and click Open
In the Largest box please put

File Requested By CatByte
Failed Collect::

Finally click SendFile

Please return here and let me know when that file has been uploaded.


NEXT


Please advise how the computer is running now and if there are any outstanding issues