ComboFix 11-12-28.03 - Icikle 28/12/2011  19:16:22.1.6 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3326.2215 [GMT 0:00]
Running from: c:\users\Icikle\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-28 to 2011-12-28  )))))))))))))))))))))))))))))))
.
.
2011-12-28 19:21 . 2011-12-28 19:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-28 14:54 . 2011-12-28 14:54	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCE4CB42-2C16-45E0-8EBC-17632E55EE93}\offreg.dll
2011-12-27 22:36 . 2011-12-27 22:36	--------	d-----w-	C:\_OTL
2011-12-27 12:33 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCE4CB42-2C16-45E0-8EBC-17632E55EE93}\mpengine.dll
2011-12-27 12:28 . 2011-12-27 12:29	--------	d-----w-	c:\users\1cikle
2011-12-21 17:46 . 2011-12-21 17:46	388096	----a-r-	c:\users\Icikle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-20 15:53 . 2011-12-20 15:53	--------	d-----w-	c:\users\Icikle\AppData\Roaming\Malwarebytes
2011-12-20 15:53 . 2011-12-20 15:53	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-20 15:53 . 2011-12-20 15:53	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-20 15:53 . 2011-08-31 17:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-19 23:35 . 2011-12-19 23:35	--------	d-----w-	c:\program files\Educational Simulations
2011-12-19 22:21 . 2011-12-19 22:21	--------	d-----w-	c:\users\Icikle\AppData\Roaming\PerformerSoft
2011-12-19 22:20 . 2011-12-02 18:04	17464	----a-w-	c:\windows\system32\roboot.exe
2011-12-19 22:20 . 2011-12-20 14:53	748544	----a-w-	c:\windows\system32\protector.dll
2011-12-19 22:16 . 1999-03-23 09:12	299520	----a-w-	c:\windows\uninst.exe
2011-12-15 15:45 . 2011-12-15 15:46	--------	d-----w-	c:\users\Icikle\FrostWire
2011-12-15 15:45 . 2011-12-15 15:49	--------	d-----w-	c:\users\Icikle\.frostwire5
2011-12-14 19:08 . 2011-11-24 04:25	2342912	----a-w-	c:\windows\system32\win32k.sys
2011-12-14 19:05 . 2011-10-15 05:38	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-12-14 19:04 . 2011-10-26 04:28	38912	----a-w-	c:\windows\system32\csrsrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 12:04 . 2011-06-13 23:00	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-20 22:00 . 2011-10-28 21:13	140072	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2011-12-20 22:00 . 2011-10-28 21:39	280904	----a-w-	c:\windows\system32\PnkBstrB.xtr
2011-12-20 22:00 . 2011-10-28 21:12	280904	----a-w-	c:\windows\system32\PnkBstrB.exe
2011-12-20 21:58 . 2011-10-28 21:12	280904	----a-w-	c:\windows\system32\PnkBstrB.ex0
2011-12-06 23:56 . 2011-10-28 21:13	138056	----a-w-	c:\users\Icikle\AppData\Roaming\PnkBstrK.sys
2011-12-06 23:56 . 2011-10-28 21:12	75136	----a-w-	c:\windows\system32\PnkBstrA.exe
2011-11-28 18:01 . 2010-12-17 21:45	41184	----a-w-	c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-12-17 21:45	199816	----a-w-	c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-06-07 20:54	435032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-12-17 21:45	314456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-12-17 21:45	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-12-17 21:45	52952	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-12-17 21:45	55128	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2010-12-17 21:45	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-10-26 03:03 . 2011-10-26 03:03	8853504	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-10-26 02:06 . 2011-10-26 02:06	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2011-10-26 02:05 . 2010-11-26 02:58	748544	----a-w-	c:\windows\system32\aticfx32.dll
2011-10-26 02:01 . 2011-07-28 21:36	466944	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:01 . 2011-10-26 02:01	417792	----a-w-	c:\windows\system32\atieclxx.exe
2011-10-26 02:00 . 2011-10-26 02:00	176128	----a-w-	c:\windows\system32\atiesrxx.exe
2011-10-26 01:59 . 2011-10-26 01:59	18757120	----a-w-	c:\windows\system32\atioglxx.dll
2011-10-26 01:59 . 2011-10-26 01:59	159744	----a-w-	c:\windows\system32\atitmmxx.dll
2011-10-26 01:59 . 2011-10-26 01:59	356352	----a-w-	c:\windows\system32\atipdlxx.dll
2011-10-26 01:59 . 2011-10-26 01:59	278528	----a-w-	c:\windows\system32\Oemdspif.dll
2011-10-26 01:58 . 2011-10-26 01:58	20992	----a-w-	c:\windows\system32\atimuixx.dll
2011-10-26 01:58 . 2011-10-26 01:58	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2011-10-26 01:55 . 2010-11-26 02:49	4292096	----a-w-	c:\windows\system32\atidxx32.dll
2011-10-26 01:43 . 2011-10-26 01:43	1828864	----a-w-	c:\windows\system32\atiumdmv.dll
2011-10-26 01:38 . 2011-10-26 01:38	46080	----a-w-	c:\windows\system32\aticalrt.dll
2011-10-26 01:38 . 2011-10-26 01:38	44032	----a-w-	c:\windows\system32\aticalcl.dll
2011-10-26 01:35 . 2011-05-25 02:39	4353536	----a-w-	c:\windows\system32\atiumdag.dll
2011-10-26 01:34 . 2011-10-26 01:34	8449024	----a-w-	c:\windows\system32\aticaldd.dll
2011-10-26 01:32 . 2011-05-25 02:50	4189184	----a-w-	c:\windows\system32\atiumdva.dll
2011-10-26 01:29 . 2010-11-26 02:24	52736	----a-w-	c:\windows\system32\coinst.dll
2011-10-26 01:22 . 2011-07-28 20:54	339968	----a-w-	c:\windows\system32\atiadlxx.dll
2011-10-26 01:22 . 2011-10-26 01:22	14336	----a-w-	c:\windows\system32\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22	32768	----a-w-	c:\windows\system32\atigktxx.dll
2011-10-26 01:21 . 2011-10-26 01:21	264192	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-10-26 01:21 . 2010-11-26 02:15	31744	----a-w-	c:\windows\system32\atiuxpag.dll
2011-10-26 01:20 . 2011-05-25 02:24	29184	----a-w-	c:\windows\system32\atiu9pag.dll
2011-10-26 01:20 . 2011-10-26 01:20	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:15 . 2011-10-26 01:15	53760	----a-w-	c:\windows\system32\atimpc32.dll
2011-10-26 01:15 . 2011-10-26 01:15	53760	----a-w-	c:\windows\system32\amdpcom32.dll
2011-10-25 21:21 . 2011-10-25 21:21	56832	----a-w-	c:\windows\system32\OpenVideo.dll
2011-10-25 21:21 . 2011-10-25 21:21	56832	----a-w-	c:\windows\system32\OVDecoder.dll
2011-10-25 21:20 . 2011-10-25 21:20	13950464	----a-w-	c:\windows\system32\amdocl.dll
2011-10-11 17:03 . 2011-10-11 17:03	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2011-10-11 17:03 . 2011-10-11 17:03	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2011-11-10 00:02 . 2011-06-07 20:57	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Icikle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Icikle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Icikle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Icikle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arvo]
2009-09-01 15:23	172032	----a-w-	c:\program files\ROCCAT\Arvo Keyboard\ArvoHID.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2010-02-10 06:52	1713152	----a-r-	c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 16:51	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-15 16:18	1955208	----a-w-	c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 17:00	449608	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROCCAT Pyra Mouse]
2009-12-07 21:54	528384	----a-w-	c:\program files\ROCCAT\Pyra Mouse\PyraMonitor.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-10-25 22:05	343168	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-04 18:51	1242448	----a-w-	c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 11:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33	89456	----a-w-	c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALSysIO;ALSysIO;c:\users\Icikle\AppData\Local\Temp\ALSysIO.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 117584]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 8853504]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 264192]
S3 ArvoFltr;ROCCAT Arvo;c:\windows\system32\drivers\ArvoFltr.sys [2009-05-06 12928]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-11 1119232]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com/?l=dis&o=14196
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{B6595905-E595-4BF5-AA22-B6ED642245EC}: NameServer = 213.120.234.6,217.32.171.22
FF - ProfilePath - c:\users\Icikle\AppData\Roaming\Mozilla\Firefox\Profiles\mxws1nhw.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.url - hxxp://www.google.com/search?ie=utf-8&oe=utf-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-702871813-579512193-3235239441-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Users\\Icikle\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\Icikle\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\Icikle\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Icikle\\Documents\\Sports Interactive\\Football Manager 2011\\games\\liverpool single.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f8d
"VersionOf"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="34-FCB5-2AF3"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:0000000b
"StaffSearchFeatureNum"=dword:00000007
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:0000000e
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
.
[HKEY_USERS\S-1-5-21-702871813-579512193-3235239441-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,af,fd,20,ec,7f,6b,02,ec,f2,5f,c0,e5,4d,47,8d,7a,07,aa,d3,c8,
   4f,74,d1,87,8f,f9,a0,fd,57,ae,f2,69,7c,82,5a,48,64,7b,21,7a,3c,95,0d,7d,c5,\
"rkeysecu"=hex:d5,74,c3,c1,b3,0d,9f,78,f1,65,9b,b6,e2,d8,b4,56
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-28  19:22:52
ComboFix-quarantined-files.txt  2011-12-28 19:22
.
Pre-Run: 781,790,699,520 bytes free
Post-Run: 781,468,233,728 bytes free
.
- - End Of File - - 4D064513340CB56DDA0DA1B3120A07E6