bulldog2772
-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by bulldog2772
-
-
Disabled and the uninstalled AVG. No change. This sounds crazy but it almost seems like after a certain number of mouse clicks while online is what does it. If you are doing something requiring alot of clicking it seems to make IE shut down. Very weird.
-
Finally got IE9 re-installed. Computer didn't want to install IE9 the first five times I tried. Did some windows updates and I guess that allowed it to install. Once installed went to addictinggames.com and played a game to see if IE9 would close and restart and it did. It lasted longer than normal but still closed. Im wondering if my AVG anti virus is causing this because of cookies that it is not accepting. What do you think? Thanks again for all of your help.
-
Reset IE it seemed to help for a few minutes. Then while running a program on the internet that requires alot of mouse clicking it closed and re-opened. It also seems to do this when more than one window is open. Sometimes it will close after a few minutes sometimes a little longer. Also my AVG anti-virus pops up alot notifying me of cookies asking me what I want to do. Most of the time if you try and click on allow and dont ask me again it will not execute and you just click ignore and keep on going. This also seems to affect the IE closing unexpectedly. Thanks for you help.
-
Thanks. Start menu restored. Now back to having issues with IE closing unexpectedly and then re-opening. Its not a huge deal until you are in the middle of soemthing on the internet and it decides to close and re-open. Can't figure out what is causing this. Thanks
-
Resetting IE settings seemed to help that issue.
I have noticed something else though. Today I went to scan a document into my computer and my scanner wasnt working. Printer works but scanner side not recognized. Went to start menu to open up Brother program and all of the files in my Windows Start menu say they are empty as they did in the beginning. Is this malware still affecting my computer?? I ran MBAM scan and it did not find any threats.
-
Dont seem to be having any issues virus related, which is great. Having an issue with Interent Explorer unexpectedly shutting down. I think it might have something to do with AVG Anti-virus blocking cookies or allowing too many? Any ideas??? Never had this issue before. Thanks for all of your help
-
Kaspersky log as requested. 2 threats found
Status: Deleted (events: 2)
7/3/2012 8:19:41 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\Qoobox\Quarantine\C\Windows\Installer\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@.vir High
7/3/2012 9:01:27 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\_OTL\MovedFiles\07012012_211132\C_Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ High
-
ESET Log as requested. I dont think this is the right log for some reason. There is no extended log on program files. This log is in x86 files. The ESET found 3 threats and deleted them on the first scan. I am running the scan again.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
-
ComboFix Log as requested
ComboFix 12-07-02.01 - Georgia 07/02/2012 15:56:35.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3943.2709 [GMT -4:00]
Running from: c:\users\Georgia\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 20:02 . 2012-07-02 20:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-02 20:02 . 2012-07-02 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 18:04 . 2012-07-01 18:04 -------- d-----w- C:\_OTL
2012-07-01 01:27 . 2012-07-01 01:27 -------- d-----w- c:\users\Georgia\AppData\Local\ElevatedDiagnostics
2012-06-30 23:21 . 2012-06-30 23:21 -------- d-----w- c:\program files\ESET
2012-06-30 22:42 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-06-30 21:43 . 2012-06-30 21:43 -------- d-----w- C:\$AVG
2012-06-25 23:39 . 2012-06-30 21:56 -------- d-----w- C:\sh4ldr
2012-06-25 23:39 . 2012-06-25 23:39 -------- d-----w- c:\program files\Enigma Software Group
2012-06-25 23:39 . 2012-06-25 23:39 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-25 22:06 . 2012-06-25 22:06 -------- d-----w- c:\users\Georgia\AppData\Local\Symantec
2012-06-25 20:33 . 2012-06-25 20:33 -------- d-----w- C:\e
2012-06-25 20:29 . 2012-06-25 20:29 -------- d-----w- c:\windows\SysWow64\%APPDATA%
2012-06-25 20:06 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BBC96EE-FA5E-42E7-87B5-8C6ADA3ACC60}\mpengine.dll
2012-06-25 20:06 . 2012-06-25 20:06 -------- d-----w- c:\users\Georgia\AppData\Roaming\Malwarebytes
2012-06-25 20:05 . 2012-06-25 20:05 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 20:05 . 2012-06-25 20:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-25 19:06 . 2012-06-25 19:06 -------- d-----w- c:\users\Georgia\AppData\Local\Macromedia
2012-06-24 02:10 . 2012-06-25 22:40 -------- d-----w- c:\program files (x86)\PC Tools
2012-06-24 02:03 . 2012-06-25 22:40 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-06-24 02:03 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-06-24 02:02 . 2012-06-25 22:23 -------- d-----w- c:\programdata\PC Tools
2012-06-24 02:02 . 2012-06-24 02:02 -------- d-----w- c:\users\Georgia\AppData\Roaming\TestApp
2012-06-21 20:18 . 2012-06-21 20:18 -------- d-----w- c:\users\Georgia\AppData\Roaming\AVG
2012-06-20 21:52 . 2012-06-20 21:52 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4ea5b291cd4f2e02\MeshBetaRemover.exe
2012-06-20 21:52 . 2012-06-20 21:52 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4a553411cd4f2e01\DSETUP.dll
2012-06-20 21:52 . 2012-06-20 21:52 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4a553411cd4f2e01\DXSETUP.exe
2012-06-20 21:52 . 2012-06-20 21:52 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4a553411cd4f2e01\dsetup32.dll
2012-06-15 03:57 . 2012-06-15 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-13 23:23 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-10 19:01 . 2012-06-10 19:01 -------- d-----w- c:\program files (x86)\NovaLogic
2012-06-10 02:34 . 2012-06-24 04:34 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-09 05:17 . 2012-06-09 05:17 -------- d-----w- c:\program files\DIFX
2012-06-09 05:16 . 2012-06-09 05:17 -------- d-----w- c:\program files (x86)\Garmin
2012-06-09 05:16 . 2012-06-09 05:27 -------- d-----w- c:\users\Georgia\AppData\Roaming\Garmin
2012-06-08 23:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-08 23:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-08 23:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-08 23:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 23:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-08 23:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-08 23:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-08 23:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 23:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 04:34 . 2012-04-17 03:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 04:34 . 2011-08-05 01:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-01_02.22.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-02 01:19 . 2012-07-02 02:30 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-02 01:19 . 2012-07-02 02:30 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2012-07-02 01:19 . 2012-07-02 02:30 16384 c:\windows\temp\Cookies\index.dat
+ 2010-11-21 03:09 . 2012-07-02 01:15 59794 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-02 01:15 37050 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-04 19:26 . 2012-07-02 01:15 12986 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-372996367-75289682-3332733727-1005_UserData.bin
+ 2011-08-11 07:14 . 2012-07-02 01:13 3330 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-08-11 07:14 . 2012-06-29 16:33 3330 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-02 01:14 . 2012-07-02 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-01 02:10 . 2012-07-01 02:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-01 02:10 . 2012-07-01 02:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-02 01:14 . 2012-07-02 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-17 20:58 . 2012-07-02 19:52 286874 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-08-05 03:05 . 2012-07-02 16:48 314386 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-07-02 01:19 660280 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-01 02:14 660280 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-02 01:19 121208 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-01 02:14 121208 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-02 01:13 343424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-01 02:09 343424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-28 07:28 . 2012-07-01 02:09 1434712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-28 07:28 . 2012-07-02 01:13 1434712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-02 15:52 . 2012-07-02 15:52 8451584 c:\windows\Installer\324d2c2.msi
+ 2011-08-04 19:23 . 2012-07-02 01:13 18705832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-372996367-75289682-3332733727-1005-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
"Facebook Update"="c:\users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-27 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-06-13 5161080]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-09 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [2011-02-12 14400]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 652016]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-29 91296]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-11-10 517632]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-09 53248]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2011-02-10 102400]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [2011-02-10 98816]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-15 550080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-04-29 36000]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-04-29 259232]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-04-29 109216]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-04-29 29344]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-04-29 166048]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-04-29 59040]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-04-29 283296]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-04-29 288416]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-04-01 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-02-14 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]
S3 NWLowRider;NextWindow LowRider Touch Screen;c:\windows\system32\drivers\NWLowRider.sys [2011-02-12 26176]
S3 NWWakeFilterLR;NextWindow Remote Wake Blocker;c:\windows\system32\drivers\NWWakeFilterLR.sys [2011-02-12 14400]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-13 413800]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 04:34]
.
2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005Core.job
- c:\users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-27 04:49]
.
2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005UA.job
- c:\users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-27 04:49]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 03:13]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 03:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-03 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-03 2188904]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-29 790688]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-29 657568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 419096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo Search
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-02 16:04:26
ComboFix-quarantined-files.txt 2012-07-02 20:04
ComboFix2.txt 2012-07-01 02:25
.
Pre-Run: 443,097,640,960 bytes free
Post-Run: 443,054,604,288 bytes free
.
- - End Of File - - 72C8398A601942DFBF96F6C800740CA5
-
MBAM log as requested
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.07.01.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Georgia :: HOUSECOMPUTER [administrator]
7/1/2012 9:15:49 PM
mbam-log-2012-07-01 (21-15-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211721
Time elapsed: 3 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
OTL log as requested.
All processes killed
========== OTL ==========
C:\Users\Georgia\AppData\Roaming\Yrkeos folder moved successfully.
C:\Users\Georgia\AppData\Roaming\Oqdu folder moved successfully.
C:\Users\Georgia\AppData\Roaming\Iwovla folder moved successfully.
C:\Users\Georgia\AppData\Roaming\Etixwa folder moved successfully.
Folder C:\Users\Georgia\AppData\Roaming\Oqdu\ not found.
C:\Users\Georgia\AppData\Roaming\Tific folder moved successfully.
C:\Users\Georgia\AppData\Roaming\Udcuu folder moved successfully.
Folder C:\Users\Georgia\AppData\Roaming\Yrkeos\ not found.
C:\Users\Georgia\AppData\Roaming\Zonie folder moved successfully.
C:\ProgramData\-X4V4pVXxJCY4NRr moved successfully.
C:\ProgramData\-X4V4pVXxJCY4NR moved successfully.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@ moved successfully.
File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@ not found.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@ moved successfully.
File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@ not found.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@ moved successfully.
File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@ not found.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ moved successfully.
File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ not found.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@ moved successfully.
File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@ not found.
========== FILES ==========
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U folder moved successfully.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L folder moved successfully.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2} folder moved successfully.
File\Folder C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2} not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Georgia\Desktop\cmd.bat deleted successfully.
C:\Users\Georgia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Georgia
->Temp folder emptied: 1355329 bytes
->Temporary Internet Files folder emptied: 8729589 bytes
->Java cache emptied: 1180862 bytes
->FireFox cache emptied: 61884517 bytes
->Flash cache emptied: 2438 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1714045 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69192 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 61679954 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 130.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.53.1 log created on 07012012_211132
Files\Folders moved on Reboot...
C:\Users\Georgia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Georgia\AppData\Local\Temp\~DFFB76382BF503C00D.TMP moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\fastbutton[10].htm moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\gossip-us-fp[2].js moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\index[2].htm moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\rsa[1].htm moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
PendingFileRenameOperations files...
File C:\Users\Georgia\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Georgia\AppData\Local\Temp\~DFFB76382BF503C00D.TMP not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\fastbutton[10].htm not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\gossip-us-fp[2].js not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\index[2].htm not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\rsa[1].htm not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!
Registry entries deleted on Reboot...
-
MBAM Log.
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.07.01.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Georgia :: HOUSECOMPUTER [administrator]
7/1/2012 2:08:22 PM
mbam-log-2012-07-01 (14-08-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212058
Time elapsed: 3 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
OTL Log after reboot.
All processes killed
Error: Unable to interpret <:OTL[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Yrkeos[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Oqdu[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Iwovla[2012/06/30 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Etixwa[2012/06/30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Oqdu[2012/06/25 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Tific[2011/10/24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Udcuu[2012/06/25 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Yrkeos[2011/10/24 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Zonie[2012/06/20 17:51:12 | 000,000,112 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NRr[2012/06/20 17:51:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NR[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Use> in the current context!
Error: Unable to interpret <rs\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.> in the current context!
Error: Unable to interpret <@[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@:filesC:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}ipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context!
OTL by OldTimer - Version 3.2.53.1 log created on 07012012_140452
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Here is OTL Log. Only got the one log???
OTL logfile created on: 7/1/2012 1:43:01 PM - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Georgia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.85 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 57.24% Memory free
7.70 Gb Paging File | 5.23 Gb Available in Paging File | 67.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.66 Gb Total Space | 412.61 Gb Free Space | 90.75% Space Free | Partition Type: NTFS
Computer Name: HOUSECOMPUTER | User Name: Georgia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/01 13:42:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Georgia\Desktop\OTL.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/08 00:10:34 | 001,320,392 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/09 19:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/04/26 15:08:30 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/04/26 15:08:30 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/23 17:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011/02/14 17:45:08 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/14 17:44:56 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/01/12 21:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 21:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/27 03:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 03:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/02/24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (No Company Name) ==========
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/08/12 17:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011/07/19 05:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV:64bit: - [2011/05/24 09:00:00 | 000,652,016 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/02/19 01:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011/02/19 01:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011/02/14 20:54:50 | 000,550,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/20 15:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/24 00:34:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/01 11:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/09 19:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/04/29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/04/26 15:08:30 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/23 17:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011/02/21 15:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011/02/21 15:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011/02/14 17:45:08 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/14 17:44:56 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/01/20 15:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011/01/12 21:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/11/27 03:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/06/21 02:26:44 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/21 02:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/04/29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/04/29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/04/29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/04/29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/04/29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/04/29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/04/29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/04/29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/04/01 16:10:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 08:47:16 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/08 23:16:12 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011/02/14 17:44:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2011/02/12 22:10:55 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/12 16:19:28 | 000,014,400 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2011/02/12 16:19:25 | 000,026,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWLowRider.sys -- (NWLowRider)
DRV:64bit: - [2011/02/12 16:19:25 | 000,014,400 | ---- | M] (n/a) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWWakeFilterLR.sys -- (NWWakeFilterLR)
DRV:64bit: - [2011/02/10 03:41:47 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2011/02/10 03:41:45 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe)
DRV:64bit: - [2010/12/10 16:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 16:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/26 16:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2006/12/12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9/
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes,DefaultScope = {99D2F1F7-1CF5-47D2-8B81-B47A2514F5E6}
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{1D1DE4DB-F69B-415B-9B37-DD7720CE8C6C}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{6EAFAC85-4814-41D9-8E37-5EE5A96113A4}: "URL" = http://search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{99D2F1F7-1CF5-47D2-8B81-B47A2514F5E6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{D198D09C-96D5-4A6F-A3C1-75237DC665BF}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Yahoo Search"
FF - prefs.js..browser.startup.homepage: "http://yahoo.com/?ilc=10&fr=ydwnld-home"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/04/28 03:43:30 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/04/28 03:43:30 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Georgia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Georgia\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/30 17:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 14:38:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/25 15:03:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/06/25 15:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgia\AppData\Roaming\Mozilla\Extensions
[2012/06/27 18:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\extensions
[2012/06/25 15:03:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/30 22:59:45 | 000,000,942 | ---- | M] () -- C:\Users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\searchplugins\yahoo.xml
[2012/06/25 15:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/25 15:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/06/25 15:03:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/01 11:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/06/30 22:22:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-372996367-75289682-3332733727-1005..\Run: [Facebook Update] C:\Users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-372996367-75289682-3332733727-1005..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F747C83-41C4-47E8-9CF0-8BBA4962DDBC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1B8362-52EB-4CE4-8682-12BD09942A38}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/01 13:42:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Georgia\Desktop\OTL.exe
[2012/06/30 22:38:32 | 000,000,000 | R--D | C] -- C:\Users\Georgia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/06/30 22:25:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/30 22:22:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/30 21:36:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/30 21:36:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/30 21:36:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/30 21:33:57 | 004,567,958 | R--- | C] (Swearware) -- C:\Users\Georgia\Desktop\ComboFix.exe
[2012/06/30 21:27:08 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\ElevatedDiagnostics
[2012/06/30 21:15:18 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DD35D6C9-E818-47FC-A3E5-5ED2A015020B}
[2012/06/30 21:15:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{99AF37E3-F247-4DD5-B7C4-C43095AC0D0D}
[2012/06/30 20:15:38 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B17272A4-1910-43A3-A08E-6197DDBF8F2E}
[2012/06/30 20:15:17 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{8C5569CA-52AB-4154-86F6-0B93B9AEBF8E}
[2012/06/30 20:07:32 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A206F70F-2782-428F-8D42-40196D514901}
[2012/06/30 20:07:21 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B440D4AE-39F0-4E45-9896-0B8F5CC46464}
[2012/06/30 19:26:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/30 19:26:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/30 19:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/06/30 19:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/30 18:48:08 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B88508F5-ACCF-41B1-AE52-7EBEA54B6E32}
[2012/06/30 18:47:57 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C140465A-581E-4887-A690-0EF014ED1F2C}
[2012/06/30 18:42:26 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/06/30 18:31:07 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{42C71202-B1C7-43A0-984E-9F53E8385AAA}
[2012/06/30 18:30:57 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B41E90D0-6ABD-4966-8D1F-18C0E92B97F3}
[2012/06/30 17:43:55 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/06/30 17:28:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B9F4775E-37A2-4DEC-9399-7BA10522C53B}
[2012/06/30 17:28:49 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{30B824A1-26BD-4CF1-A886-64B6B35A779E}
[2012/06/30 17:19:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{97FDD83A-6C08-4990-8B74-C8EAAB591085}
[2012/06/30 17:18:58 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C2041F5C-3B1F-4DB3-80ED-47ADEB186F7E}
[2012/06/30 17:08:11 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D553BE55-BF39-4D80-8DA1-9B915F6B99E1}
[2012/06/30 17:08:01 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{67B31042-C7EF-46BA-A1C5-E5A831A1AF7F}
[2012/06/30 16:58:49 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{487224C1-A5D9-4970-98DE-E1961A64067F}
[2012/06/30 16:58:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{39913C38-5A63-4001-A417-FAF68539402C}
[2012/06/30 16:39:15 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A0760D26-FE35-4FFB-9229-154999A245CD}
[2012/06/30 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A2AB4E60-A285-4B24-8D8A-B070BBD79B50}
[2012/06/30 16:37:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/30 16:28:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{608E690E-623E-4F8D-9A76-795B67737F95}
[2012/06/30 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C2D9B6F1-D038-4BFF-9171-772E54773EC7}
[2012/06/30 16:11:36 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C409BA3C-0EA8-47CF-BCC2-12F15A034323}
[2012/06/30 16:11:24 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{72EC475C-4931-4B9C-BDE5-1B21CBE2B4C3}
[2012/06/30 14:49:42 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A6A0472F-C213-4E9F-8C5F-C708080CF43B}
[2012/06/30 14:49:32 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2756344B-945F-4FF9-A3E9-04F3682DED7F}
[2012/06/30 12:04:16 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0CF98CF1-5D92-4C12-A1AB-6DE35CD8FB9E}
[2012/06/30 12:04:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DA219C1F-C850-4B44-AB05-61B1246FAB63}
[2012/06/29 12:35:17 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{EDC74718-DC08-46F0-8793-5CEE2758FFF1}
[2012/06/29 12:35:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2A25F897-20DB-439A-AFCB-AEF796E9B357}
[2012/06/27 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{65163763-309F-4E62-B37B-900781AABB37}
[2012/06/27 18:26:04 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{7365B2DD-9D77-46BC-B523-AE60F9FF087C}
[2012/06/25 20:40:25 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{E48E48DE-1A34-40B4-82D8-3072928C9D5D}
[2012/06/25 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{3437557B-DE80-49CF-8F41-35769E32671D}
[2012/06/25 20:10:44 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2834282B-14A5-4C60-BD05-33846E44DA2B}
[2012/06/25 20:10:32 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D2173043-718C-4930-ADC7-2A0C42F0C5A9}
[2012/06/25 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\AVG2012
[2012/06/25 19:39:56 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/06/25 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/06/25 19:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/06/25 19:29:34 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0485867A-9EF7-4A45-A1F1-3316D226CE89}
[2012/06/25 19:29:24 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0B3BFFBB-246D-4E49-BE1A-481E1041C89E}
[2012/06/25 19:27:38 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Etixwa
[2012/06/25 18:47:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DE202C5E-253F-4354-8DC8-C49C01BDCF7A}
[2012/06/25 18:46:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0254B1CC-58C5-47E7-85FF-07AE4B0F43C3}
[2012/06/25 18:22:48 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{621552B7-1466-4050-955D-73137457008B}
[2012/06/25 18:22:38 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{05C45DBF-CC73-42F2-83F5-B34F3E57EC55}
[2012/06/25 18:06:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Tific
[2012/06/25 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\Symantec
[2012/06/25 17:47:37 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{FB965743-37E8-4BA8-981C-D157BAD0C0D7}
[2012/06/25 17:47:27 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{EADAD49B-F55C-4C50-8C06-CFC42F44C756}
[2012/06/25 16:57:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{1CCF73F8-3622-4480-8082-2D59E31EB4D7}
[2012/06/25 16:57:44 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F13AC287-9ED8-429F-A715-B5A5E6E20F0D}
[2012/06/25 16:33:52 | 000,000,000 | ---D | C] -- C:\e
[2012/06/25 16:29:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Yrkeos
[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Oqdu
[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Iwovla
[2012/06/25 16:06:03 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Malwarebytes
[2012/06/25 16:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/25 16:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/25 16:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/25 16:01:43 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D75E117F-C593-4A86-863C-1C1959AFD0CD}
[2012/06/25 16:01:33 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{53CBE0F6-8002-4CF5-8168-B08878E7F151}
[2012/06/25 15:25:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{E75EEA4A-F11D-442E-9537-B31C286B190F}
[2012/06/25 15:25:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F1E27BF4-774C-485D-9196-6BFB4221A5C4}
[2012/06/25 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\Macromedia
[2012/06/25 15:03:28 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Mozilla
[2012/06/25 15:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/25 14:51:52 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F280C57E-3992-4680-A7AF-ADE521520DB5}
[2012/06/25 14:50:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A3140AA2-FDF5-42CE-B533-ADE27B603557}
[2012/06/24 20:57:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{58736806-88B5-4909-9BDF-F8BB3CC43563}
[2012/06/24 20:57:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{BB3BEDB7-8337-408C-9C18-8DDB6C8198D6}
[2012/06/24 18:54:47 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D62F7BDD-4EDF-4EBB-8B42-BFE650261F78}
[2012/06/24 18:54:37 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{48E76DB1-B07E-44F2-8E56-6F62EA856862}
[2012/06/24 00:39:23 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{7821C117-5711-4444-9BE3-5998A43E9918}
[2012/06/24 00:39:14 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{429DA954-13D1-4D4C-A109-3EC58450BD47}
[2012/06/23 22:46:19 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{3721BA9C-48E7-4822-9295-88744B7EBB73}
[2012/06/23 22:46:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{466CD0F5-21C2-40C7-9090-0B1AF6DF8A59}
[2012/06/23 22:28:34 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C7DCADBD-4853-464D-9D8F-29E31DC97CAB}
[2012/06/23 22:28:23 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2813E064-0DE2-433D-A49D-9734700F83CB}
[2012/06/23 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/06/23 22:03:53 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/06/23 22:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/23 22:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/23 22:02:57 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\TestApp
[2012/06/23 21:55:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{AA0896D2-6D2D-427C-B598-FC9C0689586C}
[2012/06/23 21:54:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0D8E4ADC-8FD8-4798-8C4F-7F5DF150511D}
[2012/06/21 16:47:01 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{6FD9EB6B-644C-454E-A88B-2ACA9C043A51}
[2012/06/21 16:46:51 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{6A43593B-CD73-4ABB-A598-EB56A762B467}
[2012/06/21 16:18:25 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\AVG
[2012/06/21 16:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/21 16:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/06/21 16:09:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C7B5DFEB-27C7-4622-A617-83300704CAEC}
[2012/06/21 16:09:20 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{9BDF31BF-ABC6-49B8-B095-78F9B8C24372}
[2012/06/21 15:46:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F3ABFEEE-FB7D-4023-94D9-11480FECBB50}
[2012/06/21 15:45:46 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{EB0E3716-AA87-405A-922F-E14A9E0E249D}
[2012/06/20 20:13:16 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{3BB46D06-D76B-4B95-8CE8-9A01742BC39B}
[2012/06/20 20:13:07 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C9456345-7CBE-4899-9164-506B1CCF0CE7}
[2012/06/20 19:49:55 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{FE4CAE30-42C4-4221-A620-EBF1EB025810}
[2012/06/20 19:49:43 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{49B236A5-CA3E-4707-82A6-99E600762E69}
[2012/06/20 18:23:17 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{42A2101A-5D18-4E82-B03F-B92C8F1D2B82}
[2012/06/20 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F5189B83-75E0-463B-AB33-5A29F0E67ECF}
[2012/06/20 17:50:34 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{065C42CA-F192-4519-AAB0-846B2BC62404}
[2012/06/20 17:50:24 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2F37B95A-990E-495E-8F5E-F7B44D29701D}
[2012/06/19 21:35:33 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A30F0356-39FB-4958-A621-D23439A9E6EF}
[2012/06/19 21:35:23 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B40CEEF0-DF4C-43FE-961C-BD1407971E95}
[2012/06/19 10:35:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A1AD6097-DDB2-4DF1-B8C2-17CCAF619A29}
[2012/06/19 10:35:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DECE9A8C-357A-40A1-B978-A5EE1349CF3D}
[2012/06/15 01:25:19 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\virtualfieldtripinternetrubrickformummificationprocess_files
[2012/06/14 23:56:12 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{5314EFC4-FB13-4C1E-8ACF-D5D667A24F88}
[2012/06/14 16:45:39 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{242733BB-732E-4E0B-A75B-494DD79C5712}
[2012/06/14 16:45:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{9D87F153-1876-4F44-8665-4EC26FBE1748}
[2012/06/14 14:11:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\Ancient Chinese Dynasties - Free Powerpoints, Games, Activities_files
[2012/06/14 14:11:16 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\Great Wall of China, China Great Wall Facts, Maps, Tours_files
[2012/06/14 14:09:03 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\The Badaling Great Wall, Beijing, Great Wall, Badaling Section, Information and Tours_files
[2012/06/14 11:37:51 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0E957ED2-2219-4895-ADAB-BC7CDDD83BE6}
[2012/06/14 11:37:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{804E7D8D-AAB2-4A62-8A55-B2B848917F8D}
[2012/06/13 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\Egyptvoyager_com The Pyramid of Khafre at the Giza Plateau - Egypt_files
[2012/06/13 11:56:04 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{08E006C9-2F17-482F-B711-033E5BD901AF}
[2012/06/11 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{5F30AD1E-9B03-48EC-909F-0B35BAD7C503}
[2012/06/10 15:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NovaLogic
[2012/06/09 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{1DF829F0-760E-4A9E-B18A-3DB35080853B}
[2012/06/09 13:06:11 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{65F32C56-94FA-48F2-80BA-9D57D73C382C}
[2012/06/09 01:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/06/09 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/06/09 01:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2012/06/09 01:16:35 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Garmin
[2012/06/04 19:07:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C5ABA278-C382-4175-AB7B-67B907EDED83}
[2012/06/04 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{10564C20-C19E-45F1-9F75-12CB5B6FC717}
[2012/06/01 16:28:00 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{07DFEBC7-D300-4BA4-96E6-2946BA184FDA}
[2012/06/01 16:27:49 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C2F52875-38A1-4A9E-BB82-26C4BA863EFE}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/01 13:42:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Georgia\Desktop\OTL.exe
[2012/07/01 13:34:00 | 100,891,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/01 13:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 13:28:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/01 13:28:55 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/01 13:28:39 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005UA.job
[2012/07/01 13:28:12 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 07:14:34 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005Core.job
[2012/06/30 22:45:38 | 000,020,928 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 22:45:38 | 000,020,928 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 22:42:34 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/30 22:42:34 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/30 22:42:34 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/30 22:38:19 | 3101,081,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 22:22:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/30 21:34:03 | 004,567,958 | R--- | M] (Swearware) -- C:\Users\Georgia\Desktop\ComboFix.exe
[2012/06/30 21:17:34 | 000,001,544 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/06/30 17:44:11 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/25 20:33:22 | 000,000,074 | ---- | M] () -- C:\Users\Georgia\AppData\Roaming\mbam.context.scan
[2012/06/25 20:27:53 | 000,001,399 | ---- | M] () -- C:\Users\Georgia\Desktop\Internet Explorer.lnk
[2012/06/25 16:05:46 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/25 15:03:24 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/23 22:04:18 | 001,635,777 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/20 17:51:12 | 000,000,112 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NRr
[2012/06/20 17:51:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NR
[2012/06/20 17:05:16 | 000,359,081 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/17 13:57:24 | 001,499,130 | ---- | M] () -- C:\Users\Georgia\Documents\1 Bedroom Apt_ - Condo Rental in Holmes Beach, Florida, USA - Holmes Beach Condo.mht
[2012/06/15 01:26:39 | 000,023,880 | ---- | M] () -- C:\Users\Georgia\Documents\rubric for Egyptian Mummification process using Virtual Field Trip_php.mht
[2012/06/15 01:25:57 | 000,023,880 | ---- | M] () -- C:\Users\Georgia\Documents\Your Rubric Collaborative Work Skills Egyptian Mummification process using Virtual Field Trip_php.mht
[2012/06/15 01:25:19 | 000,010,177 | ---- | M] () -- C:\Users\Georgia\Documents\virtualfieldtripinternetrubrickformummificationprocess.htm
[2012/06/15 01:02:41 | 000,014,522 | ---- | M] () -- C:\Users\Georgia\Documents\Learning Log Rubric.htm
[2012/06/14 16:43:08 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/06/14 16:43:08 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2012/06/14 14:11:31 | 000,012,428 | ---- | M] () -- C:\Users\Georgia\Documents\Ancient Chinese Dynasties - Free Powerpoints, Games, Activities.html
[2012/06/14 14:11:17 | 000,026,025 | ---- | M] () -- C:\Users\Georgia\Documents\Great Wall of China, China Great Wall Facts, Maps, Tours.htm
[2012/06/14 14:09:06 | 000,028,083 | ---- | M] () -- C:\Users\Georgia\Documents\The Badaling Great Wall, Beijing, Great Wall, Badaling Section, Information and Tours.htm
[2012/06/14 11:36:48 | 000,370,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 19:26:12 | 000,103,306 | ---- | M] () -- C:\Users\Georgia\Documents\china-complete.pdf
[2012/06/13 17:42:53 | 000,017,869 | ---- | M] () -- C:\Users\Georgia\Documents\Egyptvoyager_com The Pyramid of Khafre at the Giza Plateau - Egypt.htm
[2012/06/11 15:59:16 | 000,001,884 | ---- | M] () -- C:\test.xml
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/30 21:36:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/30 21:16:06 | 000,001,544 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/06/30 19:30:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/30 19:30:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/30 19:30:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/30 19:30:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/30 17:44:11 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@
[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@
[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@
[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@
[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@
[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@
[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@
[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@
[2012/06/25 20:27:53 | 000,001,399 | ---- | C] () -- C:\Users\Georgia\Desktop\Internet Explorer.lnk
[2012/06/25 20:01:41 | 000,000,074 | ---- | C] () -- C:\Users\Georgia\AppData\Roaming\mbam.context.scan
[2012/06/25 16:05:46 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/25 15:03:24 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/25 15:03:23 | 000,001,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/23 22:04:01 | 001,635,777 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/20 17:47:35 | 000,000,112 | ---- | C] () -- C:\ProgramData\-X4V4pVXxJCY4NRr
[2012/06/20 17:47:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\-X4V4pVXxJCY4NR
[2012/06/17 13:57:22 | 001,499,130 | ---- | C] () -- C:\Users\Georgia\Documents\1 Bedroom Apt_ - Condo Rental in Holmes Beach, Florida, USA - Holmes Beach Condo.mht
[2012/06/15 01:26:38 | 000,023,880 | ---- | C] () -- C:\Users\Georgia\Documents\rubric for Egyptian Mummification process using Virtual Field Trip_php.mht
[2012/06/15 01:25:57 | 000,023,880 | ---- | C] () -- C:\Users\Georgia\Documents\Your Rubric Collaborative Work Skills Egyptian Mummification process using Virtual Field Trip_php.mht
[2012/06/15 01:25:12 | 000,010,177 | ---- | C] () -- C:\Users\Georgia\Documents\virtualfieldtripinternetrubrickformummificationprocess.htm
[2012/06/15 01:02:41 | 000,014,522 | ---- | C] () -- C:\Users\Georgia\Documents\Learning Log Rubric.htm
[2012/06/14 14:11:30 | 000,012,428 | ---- | C] () -- C:\Users\Georgia\Documents\Ancient Chinese Dynasties - Free Powerpoints, Games, Activities.html
[2012/06/14 14:11:16 | 000,026,025 | ---- | C] () -- C:\Users\Georgia\Documents\Great Wall of China, China Great Wall Facts, Maps, Tours.htm
[2012/06/14 14:09:06 | 000,028,083 | ---- | C] () -- C:\Users\Georgia\Documents\The Badaling Great Wall, Beijing, Great Wall, Badaling Section, Information and Tours.htm
[2012/06/13 19:26:07 | 000,103,306 | ---- | C] () -- C:\Users\Georgia\Documents\china-complete.pdf
[2012/06/13 17:42:53 | 000,017,869 | ---- | C] () -- C:\Users\Georgia\Documents\Egyptvoyager_com The Pyramid of Khafre at the Giza Plateau - Egypt.htm
[2012/05/12 15:03:11 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@
[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@
[2011/10/27 19:06:13 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/10/27 19:06:13 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/10/27 19:00:45 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/10/27 19:00:45 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/10/27 19:00:10 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/10/27 19:00:10 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/10/27 19:00:10 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/10/24 00:54:45 | 000,007,610 | ---- | C] () -- C:\Users\Georgia\AppData\Local\Resmon.ResmonCfg
[2011/06/21 02:26:46 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/06/21 02:26:44 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/28 03:31:59 | 000,333,824 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll
[2011/04/28 02:52:13 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/01 21:19:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 19:03:27 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== LOP Check ==========
[2011/12/26 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Avery
[2012/06/21 16:18:45 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\AVG
[2012/06/25 20:03:47 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\AVG2012
[2012/05/12 15:47:40 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Clip Art Collection
[2012/06/30 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Etixwa
[2012/06/09 01:27:20 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Garmin
[2012/06/30 16:11:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Iwovla
[2012/06/30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Oqdu
[2012/06/23 22:02:57 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\TestApp
[2012/06/25 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Tific
[2011/10/24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Udcuu
[2011/10/24 01:53:48 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Windows Live Writer
[2012/06/25 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Yrkeos
[2011/10/24 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Zonie
[2012/07/01 07:14:34 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005Core.job
[2012/07/01 13:28:39 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005UA.job
[2012/06/23 21:54:41 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
-
Rebooted and ran MB again. Trojan.Ransom was the only thing found. Log for last scan is below. Thanks
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.30.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Georgia :: HOUSECOMPUTER [administrator]
6/30/2012 5:08:29 PM
mbam-log-2012-06-30 (17-08-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217880
Time elapsed: 5 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Georgia\LOCALS~1\Temp\msmnqa.cmd -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Having issues with internet redirecting. Have ran malwarebytes numerous times with different things being found each time. Here is a log of the latest scan and then I rebooted. Please Help. Thanks
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.30.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Georgia :: HOUSECOMPUTER [administrator]
6/30/2012 4:44:03 PM
mbam-log-2012-06-30 (16-44-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231817
Time elapsed: 10 minute(s), 22 second(s)
Memory Processes Detected: 1
C:\Users\Georgia\AppData\Roaming\Oqdu\aqhun.exe (Spyware.Zbot) -> 3756 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Vuirgelao (Spyware.Zbot) -> Data: C:\Users\Georgia\AppData\Roaming\Oqdu\aqhun.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Georgia\LOCALS~1\Temp\msmnqa.cmd -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 16
C:\Users\Georgia\AppData\Roaming\Oqdu\aqhun.exe (Spyware.Zbot) -> Delete on reboot.
C:\Users\Georgia\AppData\Local\Temp\000e3523.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\000e5206.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\000eae29.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\0_0u_l.exe (Spyware.Zeus) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\2F88.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\gwtlvigrjescwsh.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\jyvqvyshixxg.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\mstxcubvd.pif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\tmpc28aa76f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\vtpatovublnwaanldf.exe (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\tmp62fcc75d\volumeup.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\tmpc59f8eb9\volumeup.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\tmpc7699065\volumeup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Installer\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\msmnqa.cmd (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
(end)
-
Having malware issues with computer. Mainly affecting internet and trying to hide files. Got the hidden files thing fixed. Any help is greatly apperciated. Below is the malwarebytes log that I just ran .
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.30.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Georgia :: HOUSECOMPUTER [administrator]
6/30/2012 4:44:03 PM
mbam-log-2012-06-30 (16-44-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231817
Time elapsed: 10 minute(s), 22 second(s)
Memory Processes Detected: 1
C:\Users\Georgia\AppData\Roaming\Oqdu\aqhun.exe (Spyware.Zbot) -> 3756 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Vuirgelao (Spyware.Zbot) -> Data: C:\Users\Georgia\AppData\Roaming\Oqdu\aqhun.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Georgia\LOCALS~1\Temp\msmnqa.cmd -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 16
C:\Users\Georgia\AppData\Roaming\Oqdu\aqhun.exe (Spyware.Zbot) -> Delete on reboot.
C:\Users\Georgia\AppData\Local\Temp\000e3523.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\000e5206.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\000eae29.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\0_0u_l.exe (Spyware.Zeus) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\2F88.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\gwtlvigrjescwsh.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\jyvqvyshixxg.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\mstxcubvd.pif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\tmpc28aa76f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\vtpatovublnwaanldf.exe (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\tmp62fcc75d\volumeup.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\tmpc59f8eb9\volumeup.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\tmpc7699065\volumeup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Installer\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\msmnqa.cmd (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
(end)
trojan malware problems affecting internet.
in Resolved Malware Removal Logs
Posted
Everything is up to date. When i re-intalled IE9 I did a few updates. Maybe my computer is posessed. LOL