Malware Removal Help and Assistance Requested

[Jonas]

Hello i got problem cant unistall programs... it says nsis.sf.net/nsis_error please help me

[Jonas]

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jonas :: JONAS-HP [administrator]

Protection: Enabled

2012.10.24 00:33:14
mbam-log-2012-10-24 (00-33-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198037
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Jonas]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/24/2012 at 00:42 AM

Application Version : 5.6.1012

Core Rules Database Version : 9460
Trace Rules Database Version: 7272

Scan type       : Quick Scan
Total Scan Time : 00:03:22

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 719
Memory threats detected   : 0
Registry items scanned    : 60753
Registry threats detected : 9
File items scanned        : 10715
File threats detected     : 0

PUP.bProtector
   (x86) HKU\S-1-5-21-2918905874-742345790-4161696009-1001\Software\Microsoft\Internet Explorer\Main#bProtector Start Page [ http://www.google.lt/ ]
   (x86) HKU\S-1-5-21-2918905874-742345790-4161696009-1001\Software\Microsoft\Internet Explorer\SearchScopes#bProtectorDefaultScope [ {0633EE93-D776-472f-A0FF-E1416B8B2E3A} ]
   (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}
   (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#DisplayName
   (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#UninstallString
   (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#UninstalLinkPath
   (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#Publisher
   (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#URLInfoAbout
   (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#HelpLink

[Jonas]

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by jonas at 13:00:27 on 2012-10-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8126.5643 [GMT 3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
C:\windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\sppsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\taskhost.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.lt/
uDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mWinlogon: Userinit = userinit.exe,
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {CAC42510-9B41-42c1-9DCD-7282A2D07C61} - <orphaned>
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{47BF68B4-8B35-4E94-A1D6-B8BD5E07952C} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  DPPassFilter EpePcNp64 scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\j5iomlh8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.lt/
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-10-14 10:27; [email protected]; C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF - ExtSQL: 2012-10-23 19:45; {e968fc70-8f95-4ab9-9e79-304de2a71ee1}; C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\j5iomlh8.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
FF - ExtSQL: 2012-10-23 19:48; jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack; C:\Users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\j5iomlh8.default\extensions\jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack
.
============= SERVICES / DRIVERS ===============
.
R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2012-4-5 100808]
R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2012-4-5 158920]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-9-15 283200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-10-14 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-7-4 204288]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-1-7 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-1-7 53920]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-7-15 137272]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-4-25 197504]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-2-7 320000]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-1-29 281656]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-2-28 31000]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-4 13336]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-23 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-23 676936]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-4-5 1323008]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-12-22 1128952]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-10-7 113264]
R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2012-7-4 502464]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-4 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2012-2-15 2602576]
R3 amdkmdag;amdkmdag;C:\windows\System32\drivers\atikmdag.sys [2012-7-4 10496000]
R3 amdkmdap;amdkmdap;C:\windows\System32\drivers\atikmpag.sys [2012-7-4 326656]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2012-7-4 32192]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-1-7 28832]
R3 intelkmd;intelkmd;C:\windows\System32\drivers\igdpmd64.sys [2012-7-4 12306848]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2012-10-14 173656]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-10-23 25928]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-10-20 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-11 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-11 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 SPUVCbv;SPUVCb Driver Service;C:\windows\System32\drivers\SPUVCBv_x64.sys [2012-7-4 2612728]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-3-7 62184]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-17 250808]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-1-7 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-1-7 298144]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-1-7 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-1-7 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-1-7 154272]
S3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-1-7 279200]
S3 C7xxUSB;Samsung CMC7xx USB Network Driver;C:\windows\System32\drivers\C7xUSBV6.sys [2009-5-19 52224]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-5-10 64312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-9-5 476728]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-23 115168]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-9-18 1255736]
.
=============== Created Last 30 ================
.
2012-10-24 09:57:15   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71234E7A-14A0-4517-BA53-4CA6AD33FE08}\offreg.dll
2012-10-23 20:29:30   --------   d-----w-   C:\Users\jonas\AppData\Roaming\Malwarebytes
2012-10-23 20:29:23   --------   d-----w-   C:\ProgramData\Malwarebytes
2012-10-23 20:29:22   25928   ----a-w-   C:\windows\System32\drivers\mbam.sys
2012-10-23 20:29:22   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-23 20:09:37   --------   d-----w-   C:\Users\jonas\AppData\Roaming\SUPERAntiSpyware.com
2012-10-23 20:09:33   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-10-23 20:09:33   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-10-23 16:47:04   --------   d-----w-   C:\Program Files (x86)\TimeLineRemove
2012-10-23 14:13:38   --------   d-----w-   C:\Program Files (x86)\AMD APP
2012-10-23 14:13:37   --------   d-----w-   C:\Program Files\Common Files\ATI Technologies
2012-10-23 14:13:37   --------   d-----w-   C:\Program Files (x86)\Common Files\ATI Technologies
2012-10-23 14:12:01   --------   d-----w-   C:\Program Files\ATI Technologies
2012-10-23 14:03:33   --------   d-----w-   C:\Users\jonas\AppData\Roaming\DRPSu
2012-10-23 13:18:19   9291768   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71234E7A-14A0-4517-BA53-4CA6AD33FE08}\mpengine.dll
2012-10-23 13:10:26   --------   d-----w-   C:\Intel
2012-10-23 13:00:32   --------   d-----w-   C:\Program Files\ATI
2012-10-23 11:43:25   --------   d-----w-   C:\AMD
2012-10-23 11:30:01   --------   d-----w-   C:\windows\SysWow64\searchplugins
2012-10-23 11:30:01   --------   d-----w-   C:\windows\SysWow64\Extensions
2012-10-21 21:21:01   --------   d-----w-   C:\Users\jonas\AppData\Local\Geckofx
2012-10-21 21:21:01   --------   d-----w-   C:\ProgramData\Graboid Inc
2012-10-21 21:20:08   --------   d-----w-   C:\Program Files (x86)\Graboid
2012-10-17 18:00:30   --------   d-----w-   C:\Users\jonas\AppData\Local\DirectDownloader
2012-10-15 20:07:14   --------   d-----w-   C:\NTTGame
2012-10-14 07:30:58   --------   d-----w-   C:\Users\jonas\AppData\Local\Downloaded Installations
2012-10-14 07:29:00   38400   ----a-w-   C:\windows\System32\suhlp64.exe
2012-10-14 07:27:39   443760   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2012-10-14 07:27:36   --------   d-----w-   C:\Users\jonas\AppData\Roaming\Macrovision
2012-10-14 07:27:34   --------   d-----w-   C:\Users\jonas\AppData\Roaming\FLEXnet
2012-10-14 07:27:22   --------   d-----w-   C:\windows\DPDrv
2012-10-14 07:27:12   --------   d-----w-   C:\Users\jonas\AppData\Local\Programs
2012-10-14 07:25:19   99328   ----a-w-   C:\windows\System32\drivers\usbccgp.sys
2012-10-14 07:25:19   7936   ----a-w-   C:\windows\System32\drivers\usbd.sys
2012-10-14 07:25:19   52736   ----a-w-   C:\windows\System32\drivers\usbehci.sys
2012-10-14 07:25:19   343040   ----a-w-   C:\windows\System32\drivers\usbhub.sys
2012-10-14 07:25:19   325120   ----a-w-   C:\windows\System32\drivers\usbport.sys
2012-10-14 07:25:19   30720   ----a-w-   C:\windows\System32\drivers\usbuhci.sys
2012-10-14 07:25:19   25600   ----a-w-   C:\windows\System32\drivers\usbohci.sys
2012-10-14 07:24:43   48640   ----a-w-   C:\windows\System32\wwanprotdim.dll
2012-10-14 07:24:43   229888   ----a-w-   C:\windows\System32\wwansvc.dll
2012-10-14 07:24:11   983936   ----a-w-   C:\windows\System32\drivers\dxgkrnl.sys
2012-10-14 07:24:11   265088   ----a-w-   C:\windows\System32\drivers\dxgmms1.sys
2012-10-14 07:22:32   296320   ----a-w-   C:\windows\System32\drivers\volsnap.sys
2012-10-14 07:21:42   163840   ----a-w-   C:\windows\System32\umpo.dll
2012-10-10 23:43:23   --------   d-----w-   C:\Program Files (x86)\Skype
2012-10-10 04:56:54   1659760   ----a-w-   C:\windows\System32\drivers\ntfs.sys
2012-10-10 04:56:09   5559664   ----a-w-   C:\windows\System32\ntoskrnl.exe
2012-10-10 04:56:09   3968880   ----a-w-   C:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 04:56:09   3914096   ----a-w-   C:\windows\SysWow64\ntoskrnl.exe
2012-10-10 04:54:31   220160   ----a-w-   C:\windows\System32\wintrust.dll
2012-10-10 04:54:31   172544   ----a-w-   C:\windows\SysWow64\wintrust.dll
2012-10-10 04:54:28   2048   ----a-w-   C:\windows\SysWow64\tzres.dll
2012-10-10 04:54:28   2048   ----a-w-   C:\windows\System32\tzres.dll
2012-10-10 04:54:25   715776   ----a-w-   C:\windows\System32\kerberos.dll
2012-10-10 04:54:25   542208   ----a-w-   C:\windows\SysWow64\kerberos.dll
2012-10-10 04:54:21   184320   ----a-w-   C:\windows\System32\cryptsvc.dll
2012-10-10 04:54:21   1464320   ----a-w-   C:\windows\System32\crypt32.dll
2012-10-10 04:54:21   140288   ----a-w-   C:\windows\SysWow64\cryptsvc.dll
2012-10-10 04:54:21   140288   ----a-w-   C:\windows\System32\cryptnet.dll
2012-10-10 04:54:21   1159680   ----a-w-   C:\windows\SysWow64\crypt32.dll
2012-10-10 04:54:21   103936   ----a-w-   C:\windows\SysWow64\cryptnet.dll
2012-10-07 11:07:50   --------   d-sh--w-   C:\Users\jonas\AppData\Local\.#
2012-10-07 10:58:07   --------   d-----w-   C:\Users\jonas\AppData\Roaming\Hewlett-Packard Company
2012-10-07 10:54:50   --------   d-----w-   C:\Program Files (x86)\Common Files\Telespree
2012-10-04 19:26:56   --------   d-----w-   C:\Users\jonas\AppData\Roaming\Bug Doctor
2012-10-04 19:26:48   --------   d--h--w-   C:\ProgramData\Common Files
2012-10-04 18:45:15   --------   d-----w-   C:\Users\jonas\AppData\Roaming\RegistryTool
2012-10-04 11:08:01   7680   ----a-w-   C:\windows\System32\drivers\en-US\bthport.sys.mui
2012-10-04 11:08:01   44032   ----a-w-   C:\windows\System32\drivers\en-US\tcpip.sys.mui
2012-10-04 11:08:01   3584   ----a-w-   C:\windows\System32\drivers\en-US\portcls.sys.mui
2012-10-04 11:08:01   3072   ----a-w-   C:\windows\System32\drivers\en-US\hidbth.sys.mui
2012-10-04 11:08:01   3072   ----a-w-   C:\windows\System32\drivers\en-US\ataport.sys.mui
2012-10-04 11:08:01   2560   ----a-w-   C:\windows\System32\drivers\en-US\serscan.sys.mui
2012-10-04 11:08:01   2560   ----a-w-   C:\windows\System32\drivers\en-US\BTHUSB.SYS.mui
2012-10-04 11:08:01   2048   ----a-w-   C:\windows\System32\drivers\en-US\bthenum.sys.mui
2012-10-04 11:08:01   2048   ----a-w-   C:\windows\System32\drivers\en-US\amdide.sys.mui
2012-10-04 11:07:52   2560   ----a-w-   C:\windows\System32\drivers\en-US\scfilter.sys.mui
2012-10-04 10:46:25   --------   d-----w-   C:\windows\System32\EventProviders
2012-10-04 05:45:25   514560   ----a-w-   C:\windows\SysWow64\qdvd.dll
2012-10-04 05:45:25   366592   ----a-w-   C:\windows\System32\qdvd.dll
2012-10-03 15:15:55   --------   d-----w-   C:\Fraps
2012-09-29 17:43:57   224016   ----a-w-   C:\windows\System32\TABCTL32.OCX
2012-09-28 12:37:02   221696   ----a-w-   C:\windows\System32\clinfo.exe
2012-09-28 12:36:44   75776   ----a-w-   C:\windows\System32\OpenVideo64.dll
2012-09-28 12:36:40   65536   ----a-w-   C:\windows\SysWow64\OpenVideo.dll
2012-09-28 12:36:36   63488   ----a-w-   C:\windows\System32\OVDecode64.dll
2012-09-28 12:36:34   56320   ----a-w-   C:\windows\SysWow64\OVDecode.dll
2012-09-28 12:36:24   32635904   ----a-w-   C:\windows\System32\amdocl64.dll
2012-09-28 12:32:16   27341824   ----a-w-   C:\windows\SysWow64\amdocl.dll
2012-09-28 12:28:46   54784   ----a-w-   C:\windows\System32\OpenCL.dll
2012-09-28 12:28:42   50176   ----a-w-   C:\windows\SysWow64\OpenCL.dll
2012-09-28 10:19:50   --------   d-----w-   C:\Users\jonas\AppData\Local\ArcSoft
2012-09-27 20:56:55   --------   d-----w-   C:\Users\jonas\AppData\Roaming\Free MP3 WMA Cutter
2012-09-27 20:53:56   23   ----a-w-   C:\windows\SysWow64\sysmwwod.dll
2012-09-27 20:45:43   344064   ----a-w-   C:\windows\SysWow64\msvcr70.dll
2012-09-27 20:45:08   360448   ----a-w-   C:\windows\SysWow64\NCTWMAFile.dll
2012-09-27 20:45:08   209608   ----a-w-   C:\windows\SysWow64\Tabctl32.ocx
2012-09-27 20:45:07   233472   ----a-w-   C:\windows\SysWow64\lame_enc.dll
2012-09-27 20:45:07   1703936   ----a-w-   C:\windows\SysWow64\NCTAudioFile.dll
2012-09-27 20:45:07   1388544   ----a-w-   C:\windows\SysWow64\temp.001
2012-09-27 20:45:07   1066176   ----a-w-   C:\windows\SysWow64\Mscomctl.ocx
2012-09-27 20:45:06   73785   ----a-w-   C:\windows\SysWow64\temp.000
2012-09-27 20:45:06   40960   ----a-w-   C:\windows\SysWow64\DGPNorm.ocx
2012-09-27 20:45:06   140288   ----a-w-   C:\windows\SysWow64\Comdlg32.ocx
2012-09-27 20:45:06   --------   d-----w-   C:\Program Files (x86)\ACE-HIGH MP3 WAV WMA OGG Converter
2012-09-27 10:05:22   --------   d-----w-   C:\windows\ShellNew
2012-09-27 10:05:22   --------   d-----w-   C:\Program Files\Windows Journal
2012-09-27 10:05:22   --------   d-----w-   C:\Program Files\Microsoft Games
2012-09-27 10:00:00   --------   d-----w-   C:\windows\SysWow64\BestPractices
2012-09-27 09:59:59   --------   d-----w-   C:\windows\System32\BestPractices
2012-09-27 09:59:58   --------   d-----w-   C:\inetpub
2012-09-26 07:28:17   245760   ----a-w-   C:\windows\System32\OxpsConverter.exe
.
==================== Find3M  ====================
.
2012-10-23 12:02:01   73656   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-04 11:07:55   2560   ----a-w-   C:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2012-10-04 11:07:52   44032   ----a-w-   C:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2012-09-15 16:14:44   283200   ----a-w-   C:\windows\System32\drivers\dtsoftbus01.sys
2012-08-30 13:46:46   71680   ----a-w-   C:\windows\System32\frapsv64.dll
2012-08-30 13:46:44   65536   ----a-w-   C:\windows\SysWow64\frapsvid.dll
2012-08-24 10:31:32   2312704   ----a-w-   C:\windows\System32\jscript9.dll
2012-08-24 10:21:18   1392128   ----a-w-   C:\windows\System32\wininet.dll
2012-08-24 10:20:11   1494528   ----a-w-   C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45   173056   ----a-w-   C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29   599040   ----a-w-   C:\windows\System32\vbscript.dll
2012-08-24 10:09:42   2382848   ----a-w-   C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17   1800704   ----a-w-   C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27   1129472   ----a-w-   C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02   1427968   ----a-w-   C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26   142848   ----a-w-   C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12   420864   ----a-w-   C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58   2382848   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50   1913200   ----a-w-   C:\windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40   950128   ----a-w-   C:\windows\System32\drivers\ndis.sys
2012-08-22 18:12:40   376688   ----a-w-   C:\windows\System32\drivers\netio.sys
2012-08-22 18:12:33   288624   ----a-w-   C:\windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44   362496   ----a-w-   C:\windows\System32\wow64win.dll
2012-08-20 18:48:44   243200   ----a-w-   C:\windows\System32\wow64.dll
2012-08-20 18:48:44   13312   ----a-w-   C:\windows\System32\wow64cpu.dll
2012-08-20 18:48:43   215040   ----a-w-   C:\windows\System32\winsrv.dll
2012-08-20 18:48:37   16384   ----a-w-   C:\windows\System32\ntvdm64.dll
2012-08-20 18:48:35   424448   ----a-w-   C:\windows\System32\KernelBase.dll
2012-08-20 18:46:22   338432   ----a-w-   C:\windows\System32\conhost.exe
2012-08-20 17:40:21   14336   ----a-w-   C:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44   44032   ----a-w-   C:\windows\apppatch\acwow64.dll
2012-08-20 17:38:26   25600   ----a-w-   C:\windows\SysWow64\setup16.exe
2012-08-20 17:37:19   5120   ----a-w-   C:\windows\SysWow64\wow32.dll
2012-08-20 17:37:18   274944   ----a-w-   C:\windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21   7680   ----a-w-   C:\windows\SysWow64\instnm.exe
2012-08-20 15:38:20   2048   ----a-w-   C:\windows\SysWow64\user.exe
2012-08-20 15:33:28   6144   ---ha-w-   C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28   4608   ---ha-w-   C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28   3584   ---ha-w-   C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28   3072   ---ha-w-   C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52   574464   ----a-w-   C:\windows\System32\d3d10level9.dll
2012-08-02 16:57:20   490496   ----a-w-   C:\windows\SysWow64\d3d10level9.dll
.
============= FINISH: 13:00:37,87 ===============

[Jonas]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2012.09.15 16:27:03
System Uptime: 2012.10.24 12:52:52 (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 167C
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 575 GiB total, 412,417 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 16 GiB total, 2,414 GiB free.
F: is FIXED (FAT32) - 5 GiB total, 4,976 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Atheros AR3011 Bluetooth 3.0 + HS Adapter
Device ID: USB\VID_03F0&PID_311D\6&16282E6E&0&6
Manufacturer: Atheros Communications
Name: Atheros AR3011 Bluetooth 3.0 + HS Adapter
PNP Device ID: USB\VID_03F0&PID_311D\6&16282E6E&0&6
Service: BTHUSB
.
==== System Restore Points ===================
.
RP89: 2012.10.21 09:08:10 - HPSF Applying updates
RP90: 2012.10.21 19:00:09 - Windows Backup
RP91: 2012.10.23 16:17:50 - Windows Update
RP92: 2012.10.23 20:00:06 - Removed Nitro Reader 2
RP93: 2012.10.23 22:53:03 - Windows Backup
.
==== Installed Programs ======================
.
?? ?? Windows Live
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
ArcSoft TotalMedia
ArcSoft Webcam Sharing Manager
„Windows Live Essentials“
„Windows Live“ fotogalerija
Bluetooth Win7 Suite (64)
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
DAEMON Tools Lite
Device Access Manager for HP ProtectTools
Drive Encryption For HP ProtectTools
Energy Star Digital Logo
Evernote v. 4.2.2
Face Recognition for HP ProtectTools
File Sanitizer For HP ProtectTools
Fraps
Galerie foto Windows Live
Haali Media Splitter
Hewlett-Packard ACLM.NET v1.1.2.0
HP 3D DriveGuard
HP Auto
HP Connection Manager
HP Customer Experience Enhancements
HP DayStarter
HP Documentation
HP ESU for Microsoft Windows 7
HP HotKey Support
HP Power Assistant
HP ProtectTools Security Manager
HP QuickWeb
HP System Default Settings
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Support Assistant
HP Wallpaper
Intel(R) Identity Protection Technology 1.0.71.0
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC90_CRT_x86
Mozilla Firefox 16.0.1 (x86 lt)
Mozilla Maintenance Service
MSVCRT
NVIDIA PhysX
Privacy Manager for HP ProtectTools
PX Profile Update
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Synaptics Pointing Device Driver
Skype™ 3.6
SUPERAntiSpyware
Theft Recovery for HP ProtectTools
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Validity Fingerprint Sensor Driver
Ventrilo Client
VIP Access SDK x64(1.0.0.50)
VLC media player 2.0.4
Winamp Detector Plug-in
Windows Live'i fotogalerii
Windows Live Communications Platform
Windows Live Essentials
Windows Live fotoattelu galerija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
WinZip 14.5
Xobni Core
zMule
.
==== Event Viewer Messages From Past Week ========
.
2012.10.24 12:52:17, Error: Service Control Manager [7031]  - The Browser Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
2012.10.24 12:40:32, Error: Microsoft-Windows-IIS-W3SVC [1004]  - The World Wide Web Publishing Service (WWW Service) did not register the URL prefix http://*:80/ for site 1. The site has been disabled. The data field contains the error number.
2012.10.24 12:40:32, Error: Microsoft-Windows-HttpEvent [15005]  - Unable to bind to the underlying transport for [::]:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine.  The data field contains the error number.
2012.10.23 23:17:09, Error: Service Control Manager [7034]  - The Power Manager service terminated unexpectedly.  It has done this 1 time(s).
2012.10.23 15:17:45, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the XobniService service to connect.
2012.10.23 15:17:45, Error: Service Control Manager [7000]  - The XobniService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2012.10.19 14:01:38, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0).
.
==== End Of File ===========================

[Dr Jay]

Hi there!

ComboFix scan
 
Please download ComboFix by sUBs
From BleepingComputer.com
 
Please save the file to your Desktop.
 
Important information about ComboFix
 

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
  
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix
 
Safe Mode:
 
If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.
 
(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")
 
Re-downloading:
 
If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.
 
Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[Jonas]

ComboFix 12-10-25.01 - jonas 2012.10.25  12:44:11.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8126.5631 [GMT 3:00]
Running from: c:\users\jonas\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jonas\AppData\Local\.#
c:\users\jonas\AppData\Local\.#\MBX@1038@23F2020.###
c:\users\jonas\AppData\Local\.#\MBX@1038@2722020.###
c:\users\jonas\AppData\Local\.#\MBX@1180@302020.###
c:\users\jonas\AppData\Local\.#\MBX@1188@24B2020.###
c:\users\jonas\AppData\Local\.#\MBX@123C@2872020.###
c:\users\jonas\AppData\Local\.#\MBX@135C@25A2020.###
c:\users\jonas\AppData\Local\.#\MBX@161C@3A2020.###
c:\users\jonas\AppData\Local\.#\MBX@1704@24F2020.###
c:\users\jonas\AppData\Local\.#\MBX@198C@2A12020.###
c:\users\jonas\AppData\Local\.#\MBX@19D8@8A2020.###
c:\users\jonas\AppData\Local\.#\MBX@1B84@8F2020.###
c:\users\jonas\AppData\Local\.#\MBX@1E00@3F2020.###
c:\users\jonas\AppData\Local\.#\MBX@2018@23A2020.###
c:\users\jonas\AppData\Local\.#\MBX@274@2322020.###
c:\users\jonas\AppData\Local\.#\MBX@28AC@1002020.###
c:\users\jonas\AppData\Local\.#\MBX@2908@2852020.###
c:\users\jonas\AppData\Local\.#\MBX@2970@F02020.###
c:\users\jonas\AppData\Local\.#\MBX@298C@21A2020.###
c:\users\jonas\AppData\Local\.#\MBX@384@2E2020.###
c:\users\jonas\AppData\Local\.#\MBX@3B54@332020.###
c:\users\jonas\AppData\Local\.#\MBX@6FC@2812020.###
c:\users\jonas\AppData\Local\.#\MBX@888@312020.###
c:\users\jonas\AppData\Local\.#\MBX@898@25D2020.###
c:\users\jonas\AppData\Local\.#\MBX@BB0@892020.###
c:\users\jonas\AppData\Local\.#\MBX@BE0@3F2020.###
c:\users\jonas\AppData\Local\.#\MBX@C80@2892020.###
c:\users\jonas\AppData\Local\.#\MBX@D50@26E2020.###
c:\users\jonas\AppData\Local\.#\MBX@E0C@21C2020.###
c:\users\jonas\AppData\Local\.#\MBX@E18@892020.###
c:\users\jonas\AppData\Local\.#\MBX@F3C@8D2020.###
c:\users\jonas\AppData\Local\.#\MBX@F78@2372020.###
c:\windows\SysWow64\sysmwwod.dll
.
.
(((((((((((((((((((((((((   Files Created from 2012-09-25 to 2012-10-25  )))))))))))))))))))))))))))))))
.
.
2012-10-25 09:48 . 2012-10-25 09:48   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-10-24 13:57 . 2012-10-24 13:57   --------   d-----w-   c:\program files\Ventrilo
2012-10-24 13:13 . 2012-10-24 13:13   --------   d-----w-   c:\program files (x86)\Mozilla Maintenance Service
2012-10-24 12:27 . 2012-10-24 13:18   696760   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-23 20:29 . 2012-10-23 20:29   --------   d-----w-   c:\users\jonas\AppData\Roaming\Malwarebytes
2012-10-23 20:29 . 2012-10-23 20:29   --------   d-----w-   c:\programdata\Malwarebytes
2012-10-23 20:29 . 2012-10-23 20:29   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-23 20:29 . 2012-09-29 16:54   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-10-23 20:09 . 2012-10-23 20:09   --------   d-----w-   c:\users\jonas\AppData\Roaming\SUPERAntiSpyware.com
2012-10-23 20:09 . 2012-10-23 20:27   --------   d-----w-   c:\program files (x86)\Google
2012-10-23 20:09 . 2012-10-23 20:09   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-10-23 20:09 . 2012-10-23 20:09   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2012-10-23 14:21 . 2012-10-23 14:21   --------   d-----w-   c:\programdata\ATI
2012-10-23 14:13 . 2012-10-23 14:13   --------   d-----w-   c:\program files (x86)\AMD APP
2012-10-23 14:13 . 2012-10-23 14:13   --------   d-----w-   c:\program files\Common Files\ATI Technologies
2012-10-23 14:13 . 2012-10-23 14:13   --------   d-----w-   c:\program files (x86)\Common Files\ATI Technologies
2012-10-23 14:12 . 2012-10-23 14:13   --------   d-----w-   c:\program files\ATI Technologies
2012-10-23 14:04 . 2012-10-23 14:04   --------   d-----w-   c:\users\jonas\AppData\Roaming\Nitro PDF
2012-10-23 14:03 . 2012-10-23 14:03   --------   d-----w-   c:\programdata\Nitro PDF
2012-10-23 14:03 . 2012-10-23 14:07   --------   d-----w-   c:\users\jonas\AppData\Roaming\DRPSu
2012-10-23 13:18 . 2012-10-12 07:19   9291768   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{71234E7A-14A0-4517-BA53-4CA6AD33FE08}\mpengine.dll
2012-10-23 13:10 . 2012-10-23 13:10   --------   d-----w-   C:\Intel
2012-10-23 13:00 . 2012-10-23 13:00   --------   d-----w-   c:\program files\ATI
2012-10-23 11:43 . 2012-10-23 12:59   --------   d-----w-   C:\AMD
2012-10-23 11:30 . 2012-10-23 11:30   --------   d-----w-   c:\windows\SysWow64\searchplugins
2012-10-23 11:30 . 2012-10-23 11:30   --------   d-----w-   c:\windows\SysWow64\Extensions
2012-10-21 21:48 . 2012-10-24 23:56   --------   d-----w-   c:\users\jonas\AppData\Roaming\vlc
2012-10-21 21:21 . 2012-10-21 21:21   --------   d-----w-   c:\users\jonas\AppData\Local\Geckofx
2012-10-21 21:21 . 2012-10-21 21:21   --------   d-----w-   c:\programdata\Graboid Inc
2012-10-21 21:20 . 2012-10-21 21:47   --------   d-----w-   c:\program files (x86)\Graboid
2012-10-17 18:00 . 2012-10-17 20:11   --------   d-----w-   c:\users\jonas\AppData\Local\DirectDownloader
2012-10-15 20:07 . 2012-10-24 13:23   --------   d-----w-   C:\NTTGame
2012-10-14 07:30 . 2012-10-14 07:30   --------   d-----w-   c:\users\jonas\AppData\Local\Downloaded Installations
2012-10-14 07:29 . 2012-10-14 07:28   38400   ----a-w-   c:\windows\system32\suhlp64.exe
2012-10-14 07:27 . 2012-10-14 07:27   443760   ----a-w-   c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2012-10-14 07:27 . 2012-10-14 07:27   --------   d-----w-   c:\users\jonas\AppData\Roaming\Macrovision
2012-10-14 07:27 . 2012-10-14 07:27   --------   d-----w-   c:\users\jonas\AppData\Roaming\FLEXnet
2012-10-14 07:27 . 2012-10-14 07:27   --------   d-----w-   c:\windows\DPDrv
2012-10-14 07:27 . 2012-10-14 07:27   --------   d-----w-   c:\users\jonas\AppData\Local\Programs
2012-10-14 07:25 . 2011-11-05 03:44   343040   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2012-10-14 07:25 . 2011-11-05 03:44   99328   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2012-10-14 07:25 . 2011-11-05 03:44   325120   ----a-w-   c:\windows\system32\drivers\usbport.sys
2012-10-14 07:25 . 2011-11-05 03:43   30720   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2012-10-14 07:25 . 2011-11-05 03:43   52736   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2012-10-14 07:25 . 2011-11-05 03:43   25600   ----a-w-   c:\windows\system32\drivers\usbohci.sys
2012-10-14 07:25 . 2011-11-05 03:43   7936   ----a-w-   c:\windows\system32\drivers\usbd.sys
2012-10-14 07:24 . 2011-09-18 01:59   48640   ----a-w-   c:\windows\system32\wwanprotdim.dll
2012-10-14 07:24 . 2011-09-18 01:59   229888   ----a-w-   c:\windows\system32\wwansvc.dll
2012-10-14 07:24 . 2011-07-15 05:24   983936   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2012-10-14 07:24 . 2011-07-15 05:24   265088   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
2012-10-14 07:22 . 2011-02-25 06:25   296320   ----a-w-   c:\windows\system32\drivers\volsnap.sys
2012-10-14 07:21 . 2011-01-14 06:23   163840   ----a-w-   c:\windows\system32\umpo.dll
2012-10-10 23:43 . 2012-10-10 23:43   --------   d-----w-   c:\program files (x86)\Skype
2012-10-10 23:43 . 2012-10-10 23:43   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2012-10-10 04:56 . 2012-08-31 18:19   1659760   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2012-10-10 04:56 . 2012-08-30 18:03   5559664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-10-10 04:56 . 2012-08-30 17:12   3968880   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 04:56 . 2012-08-30 17:12   3914096   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 04:54 . 2012-08-24 18:05   220160   ----a-w-   c:\windows\system32\wintrust.dll
2012-10-10 04:54 . 2012-08-24 16:57   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-10-10 04:54 . 2012-09-14 19:19   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-10-10 04:54 . 2012-09-14 18:28   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2012-10-10 04:54 . 2012-08-11 00:56   715776   ----a-w-   c:\windows\system32\kerberos.dll
2012-10-10 04:54 . 2012-08-10 23:56   542208   ----a-w-   c:\windows\SysWow64\kerberos.dll
2012-10-10 04:54 . 2012-06-02 05:41   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-10-10 04:54 . 2012-06-02 05:41   140288   ----a-w-   c:\windows\system32\cryptnet.dll
2012-10-10 04:54 . 2012-06-02 05:41   1464320   ----a-w-   c:\windows\system32\crypt32.dll
2012-10-10 04:54 . 2012-06-02 04:36   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2012-10-10 04:54 . 2012-06-02 04:36   1159680   ----a-w-   c:\windows\SysWow64\crypt32.dll
2012-10-10 04:54 . 2012-06-02 04:36   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2012-10-07 10:58 . 2012-10-07 10:58   --------   d-----w-   c:\users\jonas\AppData\Roaming\Hewlett-Packard Company
2012-10-07 10:54 . 2012-10-07 10:54   --------   d-----w-   c:\program files (x86)\Common Files\Telespree
2012-10-04 19:26 . 2012-10-04 19:28   --------   d-----w-   c:\users\jonas\AppData\Roaming\Bug Doctor
2012-10-04 19:26 . 2012-10-04 19:26   --------   d--h--w-   c:\programdata\Common Files
2012-10-04 18:45 . 2012-10-04 19:08   --------   d-----w-   c:\users\jonas\AppData\Roaming\RegistryTool
2012-10-04 11:08 . 2012-10-04 11:08   7680   ----a-w-   c:\windows\system32\drivers\en-US\bthport.sys.mui
2012-10-04 11:08 . 2012-10-04 11:08   44032   ----a-w-   c:\windows\system32\drivers\en-US\tcpip.sys.mui
2012-10-04 11:08 . 2012-10-04 11:08   3584   ----a-w-   c:\windows\system32\drivers\en-US\portcls.sys.mui
2012-10-04 11:08 . 2012-10-04 11:08   3072   ----a-w-   c:\windows\system32\drivers\en-US\hidbth.sys.mui
2012-10-04 11:08 . 2012-10-04 11:08   3072   ----a-w-   c:\windows\system32\drivers\en-US\ataport.sys.mui
2012-10-04 11:08 . 2012-10-04 11:08   2560   ----a-w-   c:\windows\system32\drivers\en-US\serscan.sys.mui
2012-10-04 11:08 . 2012-10-04 11:08   2560   ----a-w-   c:\windows\system32\drivers\en-US\BTHUSB.SYS.mui
2012-10-04 11:08 . 2012-10-04 11:08   2048   ----a-w-   c:\windows\system32\drivers\en-US\bthenum.sys.mui
2012-10-04 11:08 . 2012-10-04 11:08   2048   ----a-w-   c:\windows\system32\drivers\en-US\amdide.sys.mui
2012-10-04 11:07 . 2012-10-04 11:07   2560   ----a-w-   c:\windows\system32\drivers\en-US\scfilter.sys.mui
2012-10-04 10:46 . 2012-10-04 10:46   --------   d-----w-   c:\windows\system32\EventProviders
2012-10-04 05:45 . 2012-05-04 11:00   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-10-04 05:45 . 2012-05-04 09:59   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2012-10-03 15:15 . 2012-10-06 22:29   --------   d-----w-   C:\Fraps
2012-09-29 17:43 . 2012-09-29 17:44   224016   ----a-w-   c:\windows\system32\TABCTL32.OCX
2012-09-28 12:37 . 2012-09-28 12:37   221696   ----a-w-   c:\windows\system32\clinfo.exe
2012-09-28 12:36 . 2012-09-28 12:36   75776   ----a-w-   c:\windows\system32\OpenVideo64.dll
2012-09-28 12:36 . 2012-09-28 12:36   65536   ----a-w-   c:\windows\SysWow64\OpenVideo.dll
2012-09-28 12:36 . 2012-09-28 12:36   63488   ----a-w-   c:\windows\system32\OVDecode64.dll
2012-09-28 12:36 . 2012-09-28 12:36   56320   ----a-w-   c:\windows\SysWow64\OVDecode.dll
2012-09-28 12:36 . 2012-09-28 12:36   32635904   ----a-w-   c:\windows\system32\amdocl64.dll
2012-09-28 12:32 . 2012-09-28 12:32   27341824   ----a-w-   c:\windows\SysWow64\amdocl.dll
2012-09-28 12:28 . 2012-09-28 12:28   54784   ----a-w-   c:\windows\system32\OpenCL.dll
2012-09-28 12:28 . 2012-09-28 12:28   50176   ----a-w-   c:\windows\SysWow64\OpenCL.dll
2012-09-28 10:19 . 2012-09-28 10:19   --------   d-----w-   c:\users\jonas\AppData\Local\ArcSoft
2012-09-27 20:56 . 2012-09-27 20:56   --------   d-----w-   c:\users\jonas\AppData\Roaming\Free MP3 WMA Cutter
2012-09-27 20:45 . 2002-01-05 13:37   344064   ----a-w-   c:\windows\SysWow64\msvcr70.dll
2012-09-27 20:45 . 2002-11-06 12:12   360448   ----a-w-   c:\windows\SysWow64\NCTWMAFile.dll
2012-09-27 20:45 . 2000-12-05 21:00   209608   ----a-w-   c:\windows\SysWow64\Tabctl32.ocx
2012-09-27 20:45 . 2002-11-13 08:14   1703936   ----a-w-   c:\windows\SysWow64\NCTAudioFile.dll
2012-09-27 20:45 . 2002-09-06 08:36   233472   ----a-w-   c:\windows\SysWow64\lame_enc.dll
2012-09-27 20:45 . 2001-03-13 10:51   1066176   ----a-w-   c:\windows\SysWow64\Mscomctl.ocx
2012-09-27 20:45 . 2000-08-21 08:22   1388544   ----a-w-   c:\windows\SysWow64\temp.001
2012-09-27 20:45 . 2012-10-23 14:07   --------   d-----w-   c:\program files (x86)\ACE-HIGH MP3 WAV WMA OGG Converter
2012-09-27 20:45 . 2002-07-09 19:42   140288   ----a-w-   c:\windows\SysWow64\Comdlg32.ocx
2012-09-27 20:45 . 2002-06-13 10:50   376832   ----a-w-   c:\windows\SysWow64\actskin4.ocx
2012-09-27 20:45 . 2001-08-08 18:00   40960   ----a-w-   c:\windows\SysWow64\DGPNorm.ocx
2012-09-27 20:45 . 2000-06-08 14:00   73785   ----a-w-   c:\windows\SysWow64\temp.000
2012-09-27 10:05 . 2012-10-04 11:08   --------   d-----w-   c:\program files\Windows Journal
2012-09-27 10:05 . 2012-09-27 10:05   --------   d-----w-   c:\windows\ShellNew
2012-09-27 10:05 . 2012-09-27 10:05   --------   d-----w-   c:\program files\Microsoft Games
2012-09-27 10:00 . 2012-09-27 10:00   --------   d-----w-   c:\windows\SysWow64\BestPractices
2012-09-27 09:59 . 2012-09-27 09:59   --------   d-----w-   c:\windows\system32\BestPractices
2012-09-27 09:59 . 2012-09-27 09:59   --------   d-----w-   C:\inetpub
2012-09-26 07:28 . 2012-08-21 21:01   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 09:50 . 2012-10-25 09:50   69000   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{71234E7A-14A0-4517-BA53-4CA6AD33FE08}\offreg.dll
2012-10-24 13:18 . 2012-09-17 17:42   73656   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-14 07:28 . 2012-07-04 12:22   1424896   ----a-w-   c:\windows\sttray64.exe
2012-10-14 07:28 . 2012-07-04 12:22   442368   ----a-w-   c:\windows\system32\AESTEC64.dll
2012-10-14 07:28 . 2012-07-04 12:22   90624   ----a-w-   c:\windows\system32\AESTCo64.dll
2012-10-14 07:28 . 2012-07-04 12:21   255488   ----a-w-   c:\windows\system32\staco64.dll
2012-10-04 11:07 . 2012-10-04 11:07   2560   ----a-w-   c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2012-10-04 11:07 . 2012-10-04 11:07   44032   ----a-w-   c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2012-09-15 16:14 . 2012-09-15 16:13   283200   ----a-w-   c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-15 13:27 . 2010-06-24 19:33   19720   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-30 21:43 . 2012-09-18 22:50   64462936   ----a-w-   c:\windows\system32\MRT.exe
2012-08-30 13:46 . 2012-08-30 13:46   71680   ----a-w-   c:\windows\system32\frapsv64.dll
2012-08-30 13:46 . 2012-08-30 13:46   65536   ----a-w-   c:\windows\SysWow64\frapsvid.dll
2012-08-24 11:15 . 2012-09-22 20:21   17810944   ----a-w-   c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 20:21   10925568   ----a-w-   c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 20:21   2312704   ----a-w-   c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 20:21   1346048   ----a-w-   c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 20:21   1392128   ----a-w-   c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 20:21   1494528   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 20:21   237056   ----a-w-   c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 20:21   85504   ----a-w-   c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 20:21   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 20:21   816640   ----a-w-   c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 20:21   599040   ----a-w-   c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 20:21   2144768   ----a-w-   c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 20:21   729088   ----a-w-   c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 20:21   96768   ----a-w-   c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 20:21   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 20:21   248320   ----a-w-   c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 20:21   1800704   ----a-w-   c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 20:21   1129472   ----a-w-   c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 20:21   1427968   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 20:21   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 20:21   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 20:21   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-18 22:13   1913200   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-18 22:13   950128   ----a-w-   c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-18 22:13   376688   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-18 22:13   288624   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 04:55   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-18 22:13   574464   ----a-w-   c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-18 22:13   490496   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 5628800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-11-10 169528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-05-09 23:43   75320   ----a-w-   c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      DPPassFilter scecli
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-07-15 137272]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-03-07 62184]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 250808]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-07 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-07 298144]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-07 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-07 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-07 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-07 279200]
R3 C7xxUSB;Samsung CMC7xx USB Network Driver;c:\windows\system32\DRIVERS\C7xUSBV6.sys [2009-05-19 52224]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-05-09 64312]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys

R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-09-05 476728]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-18 1255736]
S0 MfeEpeOpal;MfeEpeOpal;

S0 MfeEpePc;MfeEpePc;

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-15 283200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-10-14 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 204288]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-04-25 197504]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-02-28 31000]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-04-05 1323008]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-11 1128952]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2012-02-15 2602576]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-13 10496000]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-13 326656]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-07 28832]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-31 12306848]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2012-10-14 173656]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-02-12 2612728]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs   REG_MULTI_SZ      w3svc was
apphost   REG_MULTI_SZ      apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 13:18]
.
2012-10-17 c:\windows\Tasks\HPCeeScheduleForJONAS-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-10-21 c:\windows\Tasks\HPCeeScheduleForjonas.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-10-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 34f5d4cb-a0db-470e-ac8f-c8fdb51475ea.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-10-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task fa39b443-6477-4257-a185-89b358166e7a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2012-04-05 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-10-14 1424896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\jonas\AppData\Roaming\Mozilla\Firefox\Profiles\jx645sye.default\
FF - prefs.js: browser.startup.homepage - www.google.lt
FF - ExtSQL: 2012-10-14 10:27; [email protected]; c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{CAC42510-9B41-42c1-9DCD-7282A2D07C61} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@=" v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@=" v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-10-25  12:53:31 - machine was rebooted
ComboFix-quarantined-files.txt  2012-10-25 09:53
.
Pre-Run: 479.570.817.024 bytes free
Post-Run: 479.021.948.928 bytes free
.
- - End Of File - - 41E9DD8293D46640D823BFAD0C35D972

[Dr Jay]

ESET Online Scan
 
Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
  
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

[Jonas]

C:\AMD\Support\12-10_vista_win7_win8_64_dd_ccc_whql_net4\Packages\Apps\DotNet4Client\dotnet40Client\dotNetFx40_Client_x86_x64.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\swsetup\BtoothR2\BluetoothSetup.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\swsetup\Gobi3K1\HPun2430Setup.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\swsetup\PTFACE2\x64\setup.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\swsetup\PTFACE2\x86\setup.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\swsetup\RealtekB\BluetoothSetup.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\swsetup\SP54620\msiinstaller.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\swsetup\sp55182\x64\setup.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\swsetup\sp55182\x86\setup.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\swsetup\sp56247\Setup.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\swsetup\Symantec\src\Setup.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\swsetup\xvHPTCA\msiinstaller.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\Users\jonas\Downloads\175.19 Geforce win xp.exe   Win32/Jeefo.A virus   cleaned - quarantined
C:\Users\jonas\Downloads\LAN ALLOS 11.2 PV TL3 132319 FULL.EXE   Win32/Jeefo.A virus   cleaned - quarantined
C:\Users\jonas\Downloads\Xtcs Counter-Strike 1.6 Final Release.exe   Win32/Jeefo.A virus   cleaned - quarantined

[Dr Jay]

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

[Jonas]

Gues so at the moment no, was problem before we fixed that, was when i open firefox and go to fb/youtube firefox crash... but i think it fixed

[Dr Jay]

Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore
 
Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
 
To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name I.e. Clean
• Select Create
  

Now we can purge the infected ones

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:

• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

Run OTC to remove our tools
 
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
 
Purge old temporary files
 
Download CCleaner Slim and save it to your Desktop - Alternate download link
 
When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.
 
* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner
 
Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.
 
Security Check
 
Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[Jonas]

 Results of screen317's Security Check version 0.99.53 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.65.1.1000 
 Adobe Flash Player 11.4.402.287 
 Mozilla Firefox (16.0.1)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````[/u]

[Dr Jay]

Personal Tips on Preventing Malware
 
See this page for more info about malware and prevention.

 
Any other questions before I mark this topic solved?

[Jonas]

Yea u did it ! Thanks bro. its sloved !