Backdoor Trojan

[Hamturk]

So if I had such a thing, which after some research seems like a reasonable explanation for what's being going on how would I find it?

I've received help on the forum before. Both times I've come away with my computer in a better state, but still had a feeling something was still wrong.

I run scans with Malwarebytes and the AVG trial almost daily and they all come back reporting no problems. The only problem I seem to have is a computer running slowly and popups when, but is enough to make me feel that something is up.

Firstly can someone help me identify if I actually have a backdoor trojan? and if so help me remove it.

Today I cleared out my quarantine on Malwarebytes, not sure why I didn't do it before or if I was even supposed to, but I deleted the 13 objects from there.

[melboy]

Hi and welcome back to the SWBW forums. 

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

• I will be working on your Malware issues this may or may not solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• If you don't know or understand something, please don't hesitate to ask.
  
• Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
• Please DO NOT run any other tools or scans whilst I am helping you.
  
• It is important that you reply to this thread. Do not start a new topic.
• DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• Absence of symptoms does not mean that everything is clear.

.

IMPORTANT: Please take time to read this topic where the Forum Guidelines are explained.

NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==================================


DDS

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2


Temporarily disable any real-time active protection and then double click dds.scr to run the tool. A command window will appear, this is normal.

• When done, DDS will open two (2) logs:
• DDS.txt
• Attach.txt

• Save both reports to your desktop.

.
Re-enable any real-time protection you disabled during the running of DDS.


 Please copy &  paste  the contents of :

• DDS.txt
• Attach.txt

And post them in your next reply.



aswMBR

Download aswMBR and save it to your Desktop.

• Right click aswMBR.exe & choose "Run as Administrator" to run it.
  
• Click Yes to the prompt to download Avast! virus definitions.
  (Please be patient whilst the virus definitions download)
  
• With the AVscan set to Quick Scan, click the Scan button.
  (Please be patient whilst your computer is scanned.)
  
• When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  
• Click OK
  
• Two files will be created, aswMBR.txt & a file named MBR.dat
  
• Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  
• NOTE: Do not click to fix anything at this stage!
  
• Click EXIT.
  
• Copy & Paste the contents of aswMBR.txt into your next reply.
  

.

[Hamturk]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by Danielle at 22:30:37 on 2012-04-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4009.1536 [GMT 1:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ts.fujitsu.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "C:\Users\Danielle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
mRun: [snp2uvc] C:\Windows\vsnp2uvc.exe
mRun: [DeskUpdateNotifier] "c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - C:\Users\Danielle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1110752A-7E96-4F3A-978A-8401E5161ECC} : NameServer = 88.82.13.12 88.82.13.12
TCP: Interfaces\{1CF4B797-729F-4F25-872B-25359B77683F} : NameServer = 88.82.13.44 88.82.13.44
TCP: Interfaces\{985B41EC-C0A4-4FDA-B231-13F3ACE1F4B4} : NameServer = 88.82.13.60 88.82.13.60
TCP: Interfaces\{D48B1BE5-F945-4C09-B308-189F27F0D81E} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{D48B1BE5-F945-4C09-B308-189F27F0D81E}\35B4952313035373 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D48B1BE5-F945-4C09-B308-189F27F0D81E}\4656661657C647 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
mRun-x64: [snp2uvc] C:\Windows\vsnp2uvc.exe
mRun-x64: [DeskUpdateNotifier] "c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun-x64: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\apoax222.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Danielle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Danielle\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Danielle\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\system32\Drivers\FBIOSDRV.sys --> C:\Windows\system32\Drivers\FBIOSDRV.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-11 654408]
R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-7 331776]
R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2011-5-7 63336]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-21 2656280]
R2 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-3-29 9216]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\drivers\FUJ02E3.sys --> C:\Windows\system32\drivers\FUJ02E3.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 136176]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 136176]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\system32\DRIVERS\ew_jucdcacm.sys --> C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\system32\DRIVERS\ew_juextctrl.sys --> C:\Windows\system32\DRIVERS\ew_juextctrl.sys [?]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\system32\DRIVERS\ew_juwwanecm.sys --> C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-04-15 16:19:50   --------   d-----w-   C:\Users\Danielle\AppData\Local\{25142753-66CF-4AC8-998B-6F0307E0BECB}
2012-04-15 16:19:31   --------   d-----w-   C:\Users\Danielle\AppData\Local\{2A5D8C99-4B53-4D9C-A513-7AC4A65949E8}
2012-04-14 22:22:32   --------   d-----w-   C:\Users\Danielle\AppData\Local\{2FF5B269-D3D1-431E-9B23-46E5788A17B2}
2012-04-14 22:21:43   --------   d-----w-   C:\Users\Danielle\AppData\Local\{B74F7CE9-8CE6-4177-9FAF-A9C0A9D7FA45}
2012-04-13 15:55:03   --------   d-----w-   C:\Users\Danielle\AppData\Local\{2E14687D-3A2D-4580-8634-83E7CC32671D}
2012-04-13 14:03:22   --------   d-----w-   C:\Users\Danielle\AppData\Local\{9644B4CA-03A3-4EAC-807D-32624C98A6DF}
2012-04-13 14:01:51   --------   d-----w-   C:\Users\Danielle\AppData\Local\{4F2CD7A6-DCD3-4DDB-B120-DB0288939B81}
2012-04-12 20:57:56   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1037DF8A-BA51-4DFA-8DEA-B3764EB8B347}
2012-04-12 08:19:57   --------   d-----w-   C:\Users\Danielle\AppData\Local\{05AFF22A-3E9B-4CF8-A668-2B798111E93E}
2012-04-11 22:04:11   --------   d-----w-   C:\Users\Danielle\AppData\Local\{716BC5C4-6133-4DAF-B58E-E3A6A11A1202}
2012-04-11 16:47:25   --------   d-----w-   C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-04-11 06:52:48   5559152   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-04-11 06:52:48   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 06:52:47   3913072   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 06:50:06   81408   ----a-w-   C:\Windows\System32\imagehlp.dll
2012-04-11 06:50:06   23408   ----a-w-   C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 06:50:06   159232   ----a-w-   C:\Windows\SysWow64\imagehlp.dll
2012-04-11 06:50:03   5120   ----a-w-   C:\Windows\SysWow64\wmi.dll
2012-04-11 06:50:03   5120   ----a-w-   C:\Windows\System32\wmi.dll
2012-04-11 06:50:03   220672   ----a-w-   C:\Windows\System32\wintrust.dll
2012-04-11 06:50:03   172544   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2012-04-11 06:45:11   --------   d-----w-   C:\Users\Danielle\AppData\Local\{B2D67134-7BED-4D08-BDC8-25C67F3168A6}
2012-04-10 09:11:59   --------   d-----w-   C:\Users\Danielle\AppData\Local\{5C8335EB-A118-4BFD-9784-D65C90963D81}
2012-04-09 20:33:03   --------   d-----w-   C:\Users\Danielle\AppData\Local\{AF3AEE61-9FF8-429E-A0D0-2C4FF0995DAD}
2012-04-09 08:32:20   --------   d-----w-   C:\Users\Danielle\AppData\Local\{FCEC9F44-9E16-4A7D-9EFC-893A1D42FDA7}
2012-04-08 15:35:28   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8F5E51CA-D37F-4903-B75D-1756FC37796D}
2012-04-08 14:13:15   --------   d-----w-   C:\Users\Danielle\AppData\Local\{CCD83F7E-3594-48EB-A912-04B24582BC5F}
2012-04-08 00:16:20   --------   d-----w-   C:\Users\Danielle\AppData\Local\{81A00C95-D7EB-41CF-BFD8-C4C805D4F0EF}
2012-04-07 09:23:04   --------   d-----w-   C:\Users\Danielle\AppData\Local\{6822E6E2-8F44-4271-9AC0-E609BEDF7632}
2012-04-06 20:21:10   --------   d-----w-   C:\Users\Danielle\AppData\Local\{FF148740-7C39-478E-AADD-25B6354C2B7D}
2012-04-05 20:28:00   --------   d-----w-   C:\Users\Danielle\AppData\Local\{229431BD-C9B8-4224-85E7-0C786359C0E5}
2012-04-05 08:27:34   --------   d-----w-   C:\Users\Danielle\AppData\Local\{23381F43-9976-4EF6-AB60-1E98B0ADA1E7}
2012-04-04 16:17:28   --------   d-----w-   C:\Users\Danielle\AppData\Local\{6AF0CE16-47A9-4968-B0DE-4921529D108A}
2012-04-03 20:43:53   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8A9EB653-9E06-4C7B-A981-B46C4A7BE4E4}
2012-04-03 07:27:10   --------   d-----w-   C:\Users\Danielle\AppData\Local\{602CFB45-C3EE-4F34-A30E-F0A3F9F91D2E}
2012-04-02 11:36:13   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8E4F9FD8-EE6D-41B6-8845-6D4B41A89B98}
2012-04-02 11:04:00   --------   d-----w-   C:\Users\Danielle\AppData\Local\{30BAF952-5D3D-4F69-A8F3-89D9D92601DC}
2012-04-01 21:53:23   --------   d-----w-   C:\Users\Danielle\AppData\Local\{6C0B0091-14AA-42AA-9389-10597DFCDC57}
2012-03-31 22:17:39   --------   d-----w-   C:\Users\Danielle\AppData\Local\{EF7D207A-0D50-4532-954E-B11B37E4D2E2}
2012-03-31 19:26:21   --------   d-----w-   C:\Users\Danielle\AppData\Roaming\uTorrent
2012-03-31 07:36:14   --------   d-----w-   C:\Users\Danielle\AppData\Local\{EE813319-DBBE-4CF2-A951-E6516725DD5D}
2012-03-30 18:36:14   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1B9A51C7-5967-4544-AB44-40399FDFE1F0}
2012-03-30 06:35:38   --------   d-----w-   C:\Users\Danielle\AppData\Local\{2F07E0AB-0DFA-406A-BB36-BF8B4BB1166F}
2012-03-29 09:05:55   --------   d-----w-   C:\Users\Danielle\AppData\Local\{C7B8B2A4-F0AB-4D8B-9367-5FBC55DF21FA}
2012-03-28 20:45:47   --------   d-----w-   C:\Users\Danielle\AppData\Local\theHunter
2012-03-28 17:08:46   --------   d-----w-   C:\Windows\SysWow64\directx
2012-03-28 17:08:44   --------   d-----w-   C:\Program Files (x86)\theHunter
2012-03-28 15:43:45   53248   ----a-r-   C:\Users\Danielle\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-03-28 15:15:39   --------   d-----w-   C:\Users\Danielle\AppData\Local\Downloaded Installations
2012-03-28 15:12:45   --------   d-----w-   C:\Users\Danielle\AppData\Local\{A85F5278-1C6C-490B-97CB-DDB2CB4F9162}
2012-03-28 06:11:48   --------   d-----w-   C:\Users\Danielle\AppData\Local\{3C705EDD-A178-4878-B546-1F9A856615A6}
2012-03-27 15:01:38   --------   d-----w-   C:\Users\Danielle\AppData\Local\{CF297DC9-8B46-43CE-8546-37C3A7731E6C}
2012-03-27 15:01:26   --------   d-----w-   C:\Users\Danielle\AppData\Local\{71892A43-CEE2-4379-8E83-307CA83B4DEA}
2012-03-26 22:49:12   --------   d-----w-   C:\Users\Danielle\AppData\Local\{B13D4E80-B889-4891-B11D-617015C02C3E}
2012-03-26 22:48:34   --------   d-----w-   C:\Users\Danielle\AppData\Local\{705914C3-0AD1-43E4-B97E-30C49F69A6C4}
2012-03-26 22:37:39   --------   d-----w-   C:\Windows\en
2012-03-26 22:36:55   --------   d-----w-   C:\Windows\de
2012-03-26 22:36:50   --------   d-----w-   C:\Windows\fr
2012-03-26 22:36:45   --------   d-----w-   C:\Windows\es
2012-03-26 22:36:42   --------   d-----w-   C:\Windows\it
2012-03-26 22:36:37   --------   d-----w-   C:\Windows\nl
2012-03-26 22:31:49   15712   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\3c5706571cd0ba001\MeshBetaRemover.exe
2012-03-26 22:25:40   --------   d-----w-   C:\Users\Danielle\AppData\Local\{EDE0139F-1CA1-45D0-BEB6-B62FD606138D}
2012-03-26 22:25:28   --------   d-----w-   C:\Users\Danielle\AppData\Local\{59464B59-F72F-40CE-ABA3-09D78454893C}
2012-03-26 21:56:29   --------   d-----w-   C:\Users\Danielle\AppData\Local\{53764085-4013-462B-97DB-023F674D0A54}
2012-03-26 21:56:05   --------   d-----w-   C:\Users\Danielle\AppData\Local\{CD7BDAFC-D9F0-44D9-BBAB-D937C7D59097}
2012-03-26 21:34:46   --------   d-----w-   C:\Users\Danielle\AppData\Local\{A30B8C11-8502-4CD6-8290-6895B24C248C}
2012-03-26 21:34:01   --------   d-----w-   C:\Users\Danielle\AppData\Local\{EF983A71-D3A4-4DE1-9DC2-AAFEAAF998A5}
2012-03-26 19:38:27   --------   d-----w-   C:\Users\Danielle\AppData\Local\{607F658F-AB0F-45B9-B8B6-ED94A8AD7DC8}
2012-03-26 19:37:57   --------   d-----w-   C:\Users\Danielle\AppData\Local\{5B1565EF-A5A2-4825-9A86-E02CA0C02D41}
2012-03-26 16:33:34   --------   d-----w-   C:\Users\Danielle\AppData\Local\{BEC64E8B-BCA9-4006-A38E-AC1986716B8B}
2012-03-26 16:33:12   --------   d-----w-   C:\Users\Danielle\AppData\Local\{C4CF3310-4FDD-45CF-AA0E-7928B69E8AED}
2012-03-26 16:05:55   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-03-26 15:15:16   --------   d-----w-   C:\Users\Danielle\AppData\Local\{B8FC71B9-E52C-495D-A948-17C3DE7FD75D}
2012-03-26 15:14:52   --------   d-----w-   C:\Users\Danielle\AppData\Local\{18F910C4-40AA-4DC4-935F-9AD69BB7471D}
2012-03-26 11:54:54   --------   d-----w-   C:\Users\Danielle\AppData\Local\{AA00458F-1DEB-424F-88F3-C7E833B71B22}
2012-03-26 11:54:30   --------   d-----w-   C:\Users\Danielle\AppData\Local\{C1275CB6-CA7B-4AA4-A62C-8DCED85C3A37}
2012-03-26 08:51:26   --------   d-----w-   C:\Users\Danielle\AppData\Local\{DB2EC263-A4C2-4C5C-AE7F-5528AC781FD8}
2012-03-26 08:51:10   --------   d-----w-   C:\Users\Danielle\AppData\Local\{DDD588A6-7D37-4A8C-AE1B-563764077E13}
2012-03-25 23:15:59   --------   d-----w-   C:\Users\Danielle\AppData\Local\{9F0C4C3A-16F6-4F21-8B6E-EB75D320184B}
2012-03-25 23:15:47   --------   d-----w-   C:\Users\Danielle\AppData\Local\{C426ECEB-2AB6-4666-8B75-6B1CE18E6326}
2012-03-25 14:18:25   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1BCE12C6-143A-4CC0-85DB-BC68B747F594}
2012-03-24 23:08:16   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1C836FF0-73FA-48F0-95A7-54B93014A353}
2012-03-24 23:07:57   --------   d-----w-   C:\Users\Danielle\AppData\Local\{82EE220B-4046-40FD-8568-A456688C78BE}
2012-03-24 15:17:42   --------   d-----w-   C:\Users\Danielle\AppData\Local\{72071438-F5C7-4DAE-8E04-9612D23E64F0}
2012-03-24 15:16:51   --------   d-----w-   C:\Users\Danielle\AppData\Local\{AAA3D9D1-6255-41D7-92DD-F8086CF5B88F}
2012-03-24 10:32:29   --------   d-----w-   C:\Users\Danielle\AppData\Local\{BC7D86EE-465B-4FC4-A71A-A1094115746A}
2012-03-24 10:32:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{17491640-9DA0-4A7D-B9E8-A301BC197042}
2012-03-23 23:14:02   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8670BC8D-C30F-4779-9D46-033D794D224B}
2012-03-23 23:13:39   --------   d-----w-   C:\Users\Danielle\AppData\Local\{64B7531D-C47C-47F2-9B48-B508B233A206}
2012-03-23 18:25:31   --------   d-----w-   C:\Users\Danielle\AppData\Local\{EC0C6EBF-80A5-49B8-B197-372BAF390DB2}
2012-03-23 18:25:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{CEBC888A-FF9E-4C91-9D09-381836BC31EF}
2012-03-23 08:45:24   --------   d-----w-   C:\Users\Danielle\AppData\Local\{B9F8FE7E-0836-4A86-B87F-238D6EB03EC0}
2012-03-23 08:45:00   --------   d-----w-   C:\Users\Danielle\AppData\Local\{7824C70C-265D-45C5-AB96-3FE53C198C95}
2012-03-22 18:33:30   --------   d-----w-   C:\Users\Danielle\AppData\Local\{5B58E561-316D-438A-9168-6051FEA16309}
2012-03-22 18:33:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{974D92E0-FE5F-42B9-8A24-D55DAFD1931C}
2012-03-22 13:32:55   --------   d-----w-   C:\Users\Danielle\AppData\Local\{758571E9-DE79-4416-B512-EE3B1FDE4C4D}
2012-03-22 13:32:32   --------   d-----w-   C:\Users\Danielle\AppData\Local\{AAA9CFAD-1692-4F5A-9E54-84B0E5710111}
2012-03-22 01:29:28   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1E9CD158-59B3-45AB-B52E-D9281E371880}
2012-03-22 01:28:59   --------   d-----w-   C:\Users\Danielle\AppData\Local\{BE75E43B-9A8C-42E8-AB44-CC1B7D925692}
2012-03-21 21:35:12   --------   d-----w-   C:\Users\Danielle\AppData\Local\{6A8E0D9D-479B-416B-A9C6-DA40F59831CE}
2012-03-21 21:34:08   --------   d-----w-   C:\Users\Danielle\AppData\Local\{5CE9FB9D-A075-4260-923E-C8F111A8A195}
2012-03-21 16:13:34   --------   d-----w-   C:\Users\Danielle\AppData\Local\{BF964C12-FE10-478E-AD13-5DAD4C362764}
2012-03-21 07:51:34   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1043C57F-D5D5-42DE-8614-BA3804A31A21}
2012-03-20 20:44:26   --------   d-----w-   C:\Users\Danielle\AppData\Local\{5477D277-C336-4A67-972F-89BC9BAF67D4}
2012-03-20 20:44:12   --------   d-----w-   C:\Users\Danielle\AppData\Local\{68FBC8E9-669C-486A-B20C-76C4DF0BAD71}
2012-03-20 16:53:41   --------   d-----w-   C:\Users\Danielle\AppData\Local\{CCFF3A98-1326-459D-9D4E-AAD1B04E82B3}
2012-03-20 16:53:28   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8EE2A72D-73B8-45E7-A413-8AFCAB068658}
2012-03-20 13:51:01   --------   d-----w-   C:\Users\Danielle\AppData\Local\{4A958CD4-D179-4D2E-B3C2-EFEC32FAE218}
2012-03-20 13:50:49   --------   d-----w-   C:\Users\Danielle\AppData\Local\{58899144-2831-49E1-8D2A-BF9F301F6BDE}
2012-03-20 08:50:35   --------   d-----w-   C:\Users\Danielle\AppData\Local\{662DCCF6-09C6-4EED-8F0D-BB2308B8FB0C}
2012-03-20 08:50:05   --------   d-----w-   C:\Users\Danielle\AppData\Local\{9DC193D3-35A6-43DF-8112-170345EFCE1C}
2012-03-20 08:06:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{24752A38-3E4C-4047-A34B-166FE4846290}
2012-03-19 19:14:33   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8ECC99D8-B633-4C99-A9FB-D37EAA9E07A9}
2012-03-19 19:14:10   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8A9AAEB7-97D3-422A-9891-AEF1CC6061AA}
2012-03-19 16:35:13   24904   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-03-19 16:35:13   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-19 15:24:29   --------   d-----w-   C:\Users\Danielle\AppData\Local\{3DE2E4D6-CE5F-4C8E-8A70-A6BD7750E9EF}
2012-03-19 15:24:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{148CAD9C-4D2A-4076-9EEF-6BB48C084AD2}
2012-03-19 07:40:41   --------   d-----w-   C:\Users\Danielle\AppData\Local\{4B66415A-36DA-474A-938A-1EEB3107ED1C}
2012-03-19 07:40:16   --------   d-----w-   C:\Users\Danielle\AppData\Local\{A3849A05-54FB-4E44-BFEF-9DBBC6D395ED}
2012-03-18 22:34:02   --------   d--h--w-   C:\$AVG
2012-03-18 22:03:09   --------   d-----w-   C:\Users\Danielle\AppData\Local\{13C862CB-3DB1-4864-BF98-7D84E899F8A0}
2012-03-18 22:02:57   --------   d-----w-   C:\Users\Danielle\AppData\Local\{28F2F9BB-E0E7-4575-91F8-8587564B1022}
2012-03-18 21:58:52   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8D4F65FE-31C7-43CD-B0FC-9D3982F7EFFB}
2012-03-18 21:58:37   --------   d-----w-   C:\Users\Danielle\AppData\Local\{D37B6147-EF36-4B54-98DB-2745289FBFB6}
2012-03-18 21:54:33   --------   d-----w-   C:\Users\Danielle\AppData\Roaming\AVG2012
2012-03-18 21:54:30   --------   d--h--w-   C:\ProgramData\Common Files
2012-03-18 21:54:21   --------   d-----w-   C:\Windows\SysWow64\drivers\AVG
2012-03-18 21:53:47   --------   d-----w-   C:\Windows\System32\drivers\AVG
2012-03-18 21:53:47   --------   d-----w-   C:\ProgramData\AVG2012
2012-03-18 21:53:20   --------   d-----w-   C:\Program Files (x86)\AVG
2012-03-18 21:43:47   --------   d-----w-   C:\ProgramData\MFAData
2012-03-18 21:29:32   --------   d-----w-   C:\Users\Danielle\AppData\Local\{EFAFEF59-B012-49C7-A547-BA5E67272E98}
2012-03-18 21:23:37   --------   d-----w-   C:\Users\Danielle\AppData\Local\{0046F141-9524-45B2-AEC9-127165F1B89B}
2012-03-18 21:23:13   --------   d-----w-   C:\Users\Danielle\AppData\Local\{47A53976-5BBA-41A7-9009-1BA0420F1FAA}
2012-03-18 11:34:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1F3703EE-520E-4B20-8795-CDB3CA2EB9DF}
2012-03-18 11:33:41   --------   d-----w-   C:\Users\Danielle\AppData\Local\{4A85E446-801C-4B16-9A38-F233BF2FA4E4}
2012-03-17 22:33:27   592824   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 22:33:27   44472   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-17 22:33:18   --------   d-----w-   C:\Users\Danielle\AppData\Local\{C253F62F-728A-4410-83C8-C8B3D8FAF39B}
2012-03-17 22:33:05   --------   d-----w-   C:\Users\Danielle\AppData\Local\{D0C835E9-2EF9-44C9-B656-ED76267871B9}
2012-03-17 16:45:50   --------   d-----w-   C:\Users\Danielle\AppData\Local\{2D7A84E8-A067-46D1-984E-AE3461C3EB82}
2012-03-17 16:45:27   --------   d-----w-   C:\Users\Danielle\AppData\Local\{4A713A12-9FB2-4B4E-9D09-E4780D129ACF}
2012-03-17 11:39:39   --------   d-----w-   C:\Users\Danielle\AppData\Local\{18D333D4-5B5E-42B1-9B90-C8C0CC932448}
2012-03-17 11:39:27   --------   d-----w-   C:\Users\Danielle\AppData\Local\{A40D79B1-A934-42AC-BF97-EDAD9880E30F}
2012-03-17 00:37:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{63F6B8EB-C934-4D26-8DD4-5B46DA55E9F5}
2012-03-17 00:36:36   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1895444F-8666-42D8-96A9-3A6D72633B1C}
2012-03-16 23:08:33   8643640   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD46CA70-7B62-4358-8CC2-902D75BD760E}\mpengine.dll
.
==================== Find3M  ====================
.
2012-02-28 06:56:48   2311168   ----a-w-   C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2012-02-28 06:48:57   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55   1799168   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-02-23 09:18:36   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 11:09:44   1070352   ----a-w-   C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07   1544192   ----a-w-   C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34   3145728   ----a-w-   C:\Windows\System32\win32k.sys
2012-01-25 06:38:39   77312   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
2012-01-19 08:23:58   339320   ----a-w-   C:\Windows\SysWow64\HMIPCore.dll
.
============= FINISH: 22:30:58.03 ===============

[Hamturk]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/10/2011 16:42:20
System Uptime: 15/04/2012 20:38:56 (2 hours ago)
.
Motherboard: FUJITSU |  | FJNBB0F
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | Onboard | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 50 GiB total, 13.151 GiB free.
D: is FIXED (NTFS) - 395 GiB total, 395.027 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&0002\8&185DC2C9&0&80600712C2F2_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&0002\8&185DC2C9&0&80600712C2F2_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&0002\8&185DC2C9&0&80600712C2F2_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&0002\8&185DC2C9&0&80600712C2F2_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&0002\8&185DC2C9&0&80600712C2F2_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&0002\8&185DC2C9&0&80600712C2F2_C00000000
Service:
.
==== System Restore Points ===================
.
RP114: 15/04/2012 21:49:42 - test
RP115: 15/04/2012 21:50:49 - 15/04/12
.
==== Installed Programs ======================
.
Adobe Reader 9.5.0
Anytime USB Charge Utility
Apple Application Support
Apple Software Update
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeskUpdate 4.11
eBay
FJ Camera
Fujitsu Display Manager
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) WiDi
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LifeBook Application Panel
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 11.0 (x86 en-GB)
MSVCRT
MSVCRT_amd64
Power Saving Utility
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
theHunter (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visual Studio 2008 x64 Redistributables
Vodafone Mobile Broadband Lite
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
13/04/2012 07:47:54, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
13/04/2012 07:47:53, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
13/04/2012 07:12:11, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
13/04/2012 07:12:11, Error: Service Control Manager [7000]  - The Application Information service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
13/04/2012 07:11:41, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
13/04/2012 07:11:11, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
13/04/2012 07:11:11, Error: Service Control Manager [7000]  - The Background Intelligent Transfer Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
13/04/2012 07:11:11, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
13/04/2012 07:10:41, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
12/04/2012 22:58:52, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/04/2012 14:47:04, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Vodafone Mobile Broadband Service service to connect.
11/04/2012 17:26:24, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 258
11/04/2012 17:24:48, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
.
==== End Of File ===========================

[Hamturk]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-15 22:40:20
-----------------------------
22:40:20.508    OS Version: Windows x64 6.1.7601 Service Pack 1
22:40:20.508    Number of processors: 4 586 0x2A07
22:40:20.509    ComputerName: DANIELLE-PC  UserName: Danielle
22:40:21.641    Initialize success
22:49:47.672    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:49:47.679    Disk 0 Vendor: WDC_WD50 03.0 Size: 476940MB BusType: 3
22:49:47.697    Disk 0 MBR read successfully
22:49:47.702    Disk 0 MBR scan
22:49:47.708    Disk 0 Windows 7 default MBR code
22:49:47.713    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         2117 MB offset 2048
22:49:47.719    Disk 0 Partition - 00     0F Extended LBA            474820 MB offset 4339712
22:49:47.740    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        51201 MB offset 4341760
22:49:47.744    Disk 0 Partition - 00     05     Extended            404615 MB offset 109201408
22:49:47.772    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       404614 MB offset 109203456
22:49:47.776    Disk 0 Partition - 00     05     Extended              5001 MB offset 1042714624
22:49:47.815    Disk 0 Partition 4 00     27 Hidden NTFS WinRE NTFS         5000 MB offset 937854976
22:49:47.820    Disk 0 Partition - 00     05     Extended             14001 MB offset 1881610240
22:49:47.882    Disk 0 Partition 5 00     27 Hidden NTFS WinRE NTFS        14000 MB offset 948099072
22:49:47.927    Disk 0 scanning C:\Windows\system32\drivers
22:49:55.657    Service scanning
22:50:16.621    Modules scanning
22:50:16.635    Disk 0 trace - called modules:
22:50:16.661    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:50:16.666    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fd1060]
22:50:16.672    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800425a050]
22:50:16.678    Scan finished successfully
22:50:50.967    Disk 0 MBR has been saved successfully to "C:\Users\Danielle\Desktop\MBR.dat"
22:50:50.981    The log file has been saved successfully to "C:\Users\Danielle\Desktop\aswMBR.txt"
22:51:17.430    Disk 0 MBR has been saved successfully to "C:\Users\Danielle\Desktop\MBR.dat"
22:51:17.435    The log file has been saved successfully to "C:\Users\Danielle\Desktop\Three.txt"

[melboy]

Hi


Temporarily disable Malwarebytes' Anti-malware (mbam)
 
We need to temporarily disable mbam's realtime protection so it doesn't interfere with any fixes.

• Right click the mbam system tray icon
  
• Uncheck Start with windows
  
• Uncheck Enable protection & click Yes to the prompt
  
• Reboot your computer for the changes to take effect.

.


ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
  
• Now STOP all your security applications (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  For instructions on how to disable your security programs, please see this topic:
  How to disable your security applications
  
  
• Double click combofix.exe & follow the prompts.
  
• When finished, it will produce a log.  Please save that log to post in your next reply
• Re-enable all the programs that were disabled during the running of ComboFix..

.
A word of warning: This tool is not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper. Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

[Hamturk]

ComboFix 12-04-16.02 - Danielle 16/04/2012  21:07:30.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4009.2513 [GMT 1:00]
Running from: c:\users\Danielle\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-16 to 2012-04-16  )))))))))))))))))))))))))))))))
.
.
2012-04-16 20:13 . 2012-04-16 20:13   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-04-16 20:13 . 2012-04-16 20:13   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-04-11 16:47 . 2012-04-11 16:47   --------   d-----w-   c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-04-11 06:52 . 2012-03-06 06:53   5559152   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-04-11 06:52 . 2012-03-06 05:59   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 06:52 . 2012-03-06 05:59   3913072   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 06:50 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-04-11 06:50 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2012-04-11 06:50 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-04-11 06:50 . 2012-03-01 06:38   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-04-11 06:50 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-04-11 06:50 . 2012-03-01 05:37   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-04-11 06:50 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-03-31 19:26 . 2012-03-31 21:04   --------   d-----w-   c:\users\Danielle\AppData\Roaming\uTorrent
2012-03-28 20:45 . 2012-03-28 20:45   --------   d-----w-   c:\users\Danielle\AppData\Local\theHunter
2012-03-28 17:08 . 2012-03-28 20:43   --------   d-----w-   c:\program files (x86)\theHunter
2012-03-28 15:43 . 2012-03-28 15:43   53248   ----a-r-   c:\users\Danielle\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2012-03-28 15:15 . 2012-03-28 15:15   --------   d-----w-   c:\users\Danielle\AppData\Local\Downloaded Installations
2012-03-26 22:37 . 2012-03-26 22:37   --------   d-----w-   c:\windows\en
2012-03-26 22:36 . 2012-03-26 22:36   --------   d-----w-   c:\windows\de
2012-03-26 22:36 . 2012-03-26 22:36   --------   d-----w-   c:\windows\fr
2012-03-26 22:36 . 2012-03-26 22:36   --------   d-----w-   c:\windows\es
2012-03-26 22:36 . 2012-03-26 22:36   --------   d-----w-   c:\windows\it
2012-03-26 22:36 . 2012-03-26 22:36   --------   d-----w-   c:\windows\nl
2012-03-26 22:31 . 2012-03-26 22:31   15712   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\3c5706571cd0ba001\MeshBetaRemover.exe
2012-03-26 16:06 . 2012-03-26 16:06   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-03-26 16:05 . 2012-03-26 16:05   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-03-26 16:05 . 2012-03-26 16:05   --------   d-----w-   c:\program files (x86)\Java
2012-03-19 16:35 . 2012-04-11 16:48   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-19 16:35 . 2012-04-04 14:56   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-18 22:34 . 2012-03-18 22:34   --------   d-----w-   C:\$AVG
2012-03-18 21:54 . 2012-03-18 21:54   --------   d-----w-   c:\users\Danielle\AppData\Roaming\AVG2012
2012-03-18 21:54 . 2012-03-18 21:54   --------   d--h--w-   c:\programdata\Common Files
2012-03-18 21:54 . 2012-03-18 21:54   --------   d-----w-   c:\windows\SysWow64\drivers\AVG
2012-03-18 21:53 . 2012-04-16 17:33   --------   d-----w-   c:\windows\system32\drivers\AVG
2012-03-18 21:53 . 2012-03-18 22:05   --------   d-----w-   c:\programdata\AVG2012
2012-03-18 21:53 . 2012-03-18 21:53   --------   d-----w-   c:\program files (x86)\AVG
2012-03-18 21:43 . 2012-04-16 19:55   --------   d-----w-   c:\programdata\MFAData
2012-03-17 22:33 . 2012-03-17 22:33   592824   ----a-w-   c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 22:33 . 2012-03-17 22:33   44472   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 22:33 . 2010-06-24 18:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 09:18 . 2010-11-21 03:27   279656   ------w-   c:\windows\system32\MpSigStub.exe
2012-02-17 17:00 . 2012-02-17 17:00   388096   ----a-r-   c:\users\Danielle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-17 06:38 . 2012-03-14 11:20   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 11:20   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 11:20   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 11:20   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-02-14 11:09 . 2012-02-14 11:09   1070352   ----a-w-   c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 11:28   1544192   ----a-w-   c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 11:28   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-02-08 07:13 . 2012-03-16 23:08   8643640   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD46CA70-7B62-4358-8CC2-902D75BD760E}\mpengine.dll
2012-02-03 04:34 . 2012-03-14 11:28   3145728   ----a-w-   c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 11:20   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 11:20   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 11:20   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-01-19 08:23 . 2012-02-27 13:29   339320   ----a-w-   c:\windows\SysWow64\HMIPCore.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-30 48752]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2010-10-13 97560]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-03-29 408576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 136176]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 136176]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys

S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-07 331776]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2010-06-17 63336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-03-29 9216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys

S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 15:42]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 15:42]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2152382239-2671259734-3952804028-1000Core.job
- c:\users\Danielle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20 15:21]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2152382239-2671259734-3952804028-1000UA.job
- c:\users\Danielle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20 15:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2010-06-08 45680]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2010-11-13 199528]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-10-07 6311424]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2010-07-16 162416]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2010-07-09 21616]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ts.fujitsu.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - c:\users\Danielle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1110752A-7E96-4F3A-978A-8401E5161ECC}: NameServer = 88.82.13.12 88.82.13.12
TCP: Interfaces\{1CF4B797-729F-4F25-872B-25359B77683F}: NameServer = 88.82.13.44 88.82.13.44
TCP: Interfaces\{985B41EC-C0A4-4FDA-B231-13F3ACE1F4B4}: NameServer = 88.82.13.60 88.82.13.60
FF - ProfilePath - c:\users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\apoax222.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-16  21:15:55
ComboFix-quarantined-files.txt  2012-04-16 20:15
.
Pre-Run: 13,488,050,176 bytes free
Post-Run: 14,355,238,912 bytes free
.
- - End Of File - - ED96A69E934691191689F2D913E50C3B

[melboy]

Hi

The only problem I seem to have is a computer running slowly and popups when, but is enough to make me feel that something is up.

Can you describe the popups, when you get them, what they are etc.

[Hamturk]

Mostly they're just blank, or something with some random writing in it, but other time I'll get pop-ups relative to what I'm on and random ads.

[melboy]

Are you browsing at the time - is it specific to one browser or does it happen in any?

[Hamturk]

Yes. I'm browsing at the time and it happens on firefox.

[melboy]

Only firefox - not IE?

[Hamturk]

I don't use IE.

I was just looking through google just now and I some articles about an About:Blank virus. The blank pop-ups I get usually say About:Blank.

[melboy]

That particular malware hasn't been around for a while - It's not that.

Do the popups happen when using chrome?


OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When done, two Notepad files will open.

• OTL.txt <-- Will be opened
  
• Extras.txt <-- Will be minimized

• Please post the contents of these 2 Notepad files in your next reply.

[Hamturk]

No I've been using it to talk with you here and not had any popups.