Jump to content

kermpro1

Honorary Members
  • Posts

    30
  • Joined

  • Last visited

Everything posted by kermpro1

  1. Gringo, I seems like everything is working fine now. I scanned with ad-aware, mbam, super anti-spyware, and windows defender. No malicious software detected. Is there any way to double check just to be sure??
  2. Gringo, No issues with the rootkit tool. Windows update is installing new updates now. Need to restart, so will be off the net for a few. I'll let you know how it goes. Everything else seems to be running well otherwise though.
  3. Gringo, I ran Combofix one more time and posted the log above. MBAM doesn't seem to be picking up any more malicious software, but I am still having trouble with the computer restarting properly. Especially when I windows tries to update the system automatically. Also, when the computer hibernates, it doesn't wake-up properly. I have had to restart a couple of times.
  4. ComboFix 13-01-31.03 - Swimming12 01/31/2013 20:58:44.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.2173 [GMT -6:00] Running from: c:\users\Swimming12\Desktop\ComboFix.exe Command switches used :: c:\users\Swimming12\Desktop\CFScript.txt.txt AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\msxml4-KB954430-enu.LOG c:\windows\msxml4-KB973688-enu.LOG . . ((((((((((((((((((((((((( Files Created from 2013-01-01 to 2013-02-01 ))))))))))))))))))))))))))))))) . . 2013-02-01 03:02 . 2013-02-01 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-31 05:31 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-01-31 05:31 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2013-01-31 05:31 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-01-31 05:31 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-01-31 05:30 . 2012-12-16 23:31 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-31 05:20 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-01-31 05:20 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-01-31 05:20 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-01-31 05:20 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-01-31 05:20 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll 2013-01-31 05:20 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2013-01-31 05:19 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-01-31 05:19 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-01-31 05:19 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-01-31 05:19 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-01-31 05:19 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2013-01-31 05:19 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2013-01-31 05:19 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-01-31 05:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-01-31 05:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2013-01-31 05:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2013-01-31 05:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-01-31 05:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2013-01-31 03:57 . 2013-01-31 03:57 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-31 03:39 . 2013-01-15 08:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57261EBA-2FE8-4199-AF62-FBABA7AF1A3D}\mpengine.dll 2013-01-31 02:56 . 2013-01-31 02:56 -------- d-----w- c:\program files\CCleaner 2013-01-31 02:50 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe 2013-01-31 02:49 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2013-01-31 02:47 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2013-01-31 02:46 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll 2013-01-31 02:45 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2013-01-31 02:44 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2013-01-31 02:34 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-31 02:34 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2013-01-31 02:34 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2013-01-31 02:34 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2013-01-31 02:34 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll 2013-01-31 02:34 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2013-01-31 02:32 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-01-31 02:32 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2013-01-31 02:32 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-01-31 02:32 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-01-31 02:32 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-01-31 02:32 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-01-31 02:32 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2013-01-31 02:32 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2013-01-31 02:29 . 2013-01-31 02:29 -------- d-----w- c:\program files (x86)\Microsoft.NET 2013-01-30 13:59 . 2013-01-30 13:59 -------- d-----w- c:\program files (x86)\MSXML 4.0 2013-01-30 06:13 . 2013-01-31 05:48 -------- d-----w- c:\windows\SysWow64\Wat 2013-01-30 06:13 . 2013-01-31 05:48 -------- d-----w- c:\windows\system32\Wat 2013-01-30 06:11 . 2013-01-30 06:11 -------- d-----w- C:\_OTL 2013-01-30 02:05 . 2013-01-31 04:09 -------- d-----w- c:\programdata\WeCareReminder 2013-01-30 02:05 . 2013-01-30 02:05 -------- d-----w- c:\programdata\Symantec 2013-01-30 02:05 . 2013-01-31 04:09 -------- d-----w- c:\program files (x86)\Norton Security Scan 2013-01-30 02:05 . 2013-01-31 04:09 -------- d-----w- c:\programdata\Norton 2013-01-30 02:05 . 2013-01-30 02:05 -------- d-----w- c:\program files (x86)\NortonInstaller 2013-01-30 02:03 . 2013-01-31 04:09 -------- d-----w- c:\program files (x86)\DefaultTab 2013-01-30 02:02 . 2013-01-30 02:02 -------- d-----w- c:\programdata\APN 2013-01-22 04:58 . 2013-01-22 04:58 -------- d-----w- c:\programdata\Malwarebytes 2013-01-22 04:58 . 2013-01-22 04:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-22 04:58 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-22 04:12 . 2012-12-17 12:43 38096 ----a-w- c:\windows\system32\drivers\gfiark.sys 2013-01-22 04:09 . 2013-01-22 04:09 -------- d-----w- c:\program files (x86)\GUM687.tmp 2013-01-22 04:07 . 2013-01-22 04:07 -------- d-----w- c:\program files\Google 2013-01-22 04:07 . 2013-01-22 04:08 -------- d-----w- c:\program files (x86)\Google 2013-01-22 04:06 . 2013-01-22 04:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-01-22 03:07 . 2013-01-31 02:57 -------- d-----w- c:\windows\Panther 2013-01-22 03:06 . 2013-01-22 03:19 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2013-01-22 02:44 . 2013-01-22 02:44 -------- d-----w- c:\programdata\Lavasoft 2013-01-22 02:44 . 2013-01-31 04:09 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2013-01-22 02:44 . 2013-01-22 02:44 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-01-22 02:44 . 2012-09-20 11:40 47496 ----a-w- c:\windows\system32\sbbd.exe 2013-01-22 02:42 . 2013-01-22 02:42 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2013-01-22 02:42 . 2013-01-22 02:42 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-01-22 02:33 . 2013-01-31 02:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-01-22 02:33 . 2013-01-22 04:30 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2013-01-22 02:30 . 2013-01-22 02:30 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-01-22 02:30 . 2013-01-22 02:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-22 02:28 . 2013-01-22 02:49 -------- d-----w- c:\program files (x86)\SpywareBlaster 2013-01-22 02:28 . 2010-01-11 00:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2013-01-22 02:12 . 2013-01-31 04:09 -------- d-----w- c:\program files (x86)\7-Zip 2013-01-22 02:12 . 2013-01-22 02:14 -------- d-----w- c:\programdata\Strongvault Online Backup 2013-01-22 02:12 . 2013-01-22 02:12 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2013-01-22 02:12 . 2013-01-22 02:12 -------- d-----w- c:\program files (x86)\Strongvault Online Backup 2013-01-22 02:12 . 2013-01-22 02:12 -------- d-----w- C:\AI_RecycleBin 2013-01-22 02:11 . 2013-01-31 03:06 -------- d-----w- c:\program files (x86)\Shop to Win 27 2013-01-22 02:10 . 2013-01-22 02:10 -------- d-----w- c:\programdata\Yahoo! 2013-01-22 02:10 . 2013-01-22 02:44 -------- d-----w- c:\programdata\Yahoo! Companion 2013-01-22 02:10 . 2013-01-22 02:10 -------- d-----w- c:\program files (x86)\Yahoo! 2013-01-22 02:06 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2013-01-22 02:06 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2013-01-22 02:06 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2013-01-22 02:02 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2013-01-22 02:02 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2013-01-22 02:02 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2013-01-22 02:02 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2013-01-22 02:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2013-01-22 02:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2013-01-22 02:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2013-01-22 02:02 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2013-01-22 02:02 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2013-01-22 01:50 . 2010-11-06 05:45 438808 ----a-w- c:\windows\system32\drivers\iaStor.sys 2013-01-22 01:49 . 2010-10-26 03:08 406632 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2013-01-22 01:49 . 2010-01-05 16:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2013-01-22 01:49 . 2009-12-03 09:27 74272 ----a-w- c:\windows\system32\RtNicProp64.dll 2013-01-22 01:49 . 2013-01-22 01:49 -------- d-----w- c:\program files (x86)\Realtek 2013-01-22 01:45 . 2013-01-22 01:45 -------- d-----w- c:\users\Public\Roaming 2013-01-22 01:45 . 2013-01-22 01:45 -------- d-----w- c:\users\Default\Roaming 2013-01-22 01:43 . 2013-01-22 01:57 -------- d-----w- c:\programdata\Intel 2013-01-22 01:43 . 2013-01-22 01:52 -------- d-----w- c:\program files\Common Files\Intel 2013-01-22 01:43 . 2013-01-22 01:43 -------- d-----w- c:\program files (x86)\Cisco 2013-01-22 01:43 . 2013-01-22 01:43 -------- d-----w- c:\program files\Intel 2013-01-22 01:42 . 2013-01-22 01:42 -------- d-----w- c:\program files (x86)\Renesas Electronics 2013-01-22 01:41 . 2010-10-06 02:50 8192 ----a-w- c:\windows\SysWow64\drivers\IntelMEFWVer.dll 2013-01-22 01:41 . 2010-10-06 02:50 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll 2013-01-22 01:41 . 2013-01-22 01:41 -------- d-----w- c:\program files (x86)\Common Files\postureAgent 2013-01-22 01:40 . 2010-09-21 15:59 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys 2013-01-22 01:39 . 2013-01-22 01:52 -------- d-----w- c:\program files (x86)\Intel 2013-01-22 01:39 . 2010-12-15 08:10 53248 ----a-r- c:\windows\SysWow64\CSVer.dll 2013-01-22 01:37 . 2010-10-14 17:56 390656 ----a-w- c:\windows\system32\imthx64.dll 2013-01-22 01:37 . 2010-09-30 15:17 732672 ----a-w- c:\windows\system32\imapo32.dll 2013-01-22 01:37 . 2011-01-24 17:57 4637184 ----a-w- c:\windows\system32\stlang64.dll 2013-01-22 01:37 . 2011-01-24 17:57 438784 ----a-w- c:\windows\system32\IDTNC64.cpl 2013-01-22 01:37 . 2011-01-21 00:15 449024 ----a-w- c:\windows\system32\slapoi64.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-30 04:45 . 2013-01-31 02:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-06-11 1524056] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}] c:\users\Swimming12\AppData\Roaming\Qwiklinx\Qwiklinx.dll [bU] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-01-22 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-12-17 38096] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-31 1255736] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-22 14456] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-15 1236968] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-13 82872] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-30 01:48 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22 04:07] . 2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22 04:07] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-24 525312] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 416024] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 . - - - - ORPHANS REMOVED - - - - . AddRemove-adawaretb - c:\program files (x86)\adawaretb\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-31 21:05:08 ComboFix-quarantined-files.txt 2013-02-01 03:05 ComboFix2.txt 2013-01-31 04:42 ComboFix3.txt 2013-01-31 03:31 ComboFix4.txt 2012-12-18 03:58 ComboFix5.txt 2013-02-01 02:57 . Pre-Run: 450,983,198,720 bytes free Post-Run: 451,120,947,200 bytes free . - - End Of File - - B6482113CD19346842C9DD53CFA6A972
  5. Gringo, I ran a scan with MBAM and no threats were detected. What else should I check?
  6. ComboFix 13-01-30.04 - Swimming12 01/30/2013 22:38:17.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.2511 [GMT -6:00] Running from: c:\users\Swimming12\Desktop\ComboFix.exe Command switches used :: c:\users\Swimming12\Desktop\CFScript.txt.txt AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 ))))))))))))))))))))))))))))))) . . 2013-01-31 04:41 . 2013-01-31 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-31 03:57 . 2013-01-31 03:57 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-31 03:39 . 2013-01-15 08:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57261EBA-2FE8-4199-AF62-FBABA7AF1A3D}\mpengine.dll 2013-01-31 02:56 . 2013-01-31 02:56 -------- d-----w- c:\program files\CCleaner 2013-01-31 02:48 . 2009-12-30 17:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2013-01-31 02:47 . 2013-01-31 02:47 -------- d-----w- c:\program files\VS Revo Group 2013-01-31 02:29 . 2013-01-31 02:29 -------- d-----w- c:\program files (x86)\Microsoft.NET 2013-01-30 13:59 . 2013-01-30 13:59 -------- d-----w- c:\program files (x86)\MSXML 4.0 2013-01-30 06:13 . 2013-01-31 04:09 -------- d-----w- c:\windows\SysWow64\Wat 2013-01-30 06:13 . 2013-01-31 04:09 -------- d-----w- c:\windows\system32\Wat 2013-01-30 06:11 . 2013-01-30 06:11 -------- d-----w- C:\_OTL 2013-01-30 02:05 . 2013-01-31 04:09 -------- d-----w- c:\programdata\WeCareReminder 2013-01-30 02:05 . 2013-01-30 02:05 -------- d-----w- c:\programdata\Symantec 2013-01-30 02:05 . 2013-01-31 04:09 -------- d-----w- c:\program files (x86)\Norton Security Scan 2013-01-30 02:05 . 2013-01-31 04:09 -------- d-----w- c:\programdata\Norton 2013-01-30 02:05 . 2013-01-30 02:05 -------- d-----w- c:\program files (x86)\NortonInstaller 2013-01-30 02:03 . 2013-01-31 04:09 -------- d-----w- c:\program files (x86)\DefaultTab 2013-01-30 02:02 . 2013-01-30 02:02 -------- d-----w- c:\programdata\APN 2013-01-22 04:58 . 2013-01-22 04:58 -------- d-----w- c:\programdata\Malwarebytes 2013-01-22 04:58 . 2013-01-22 04:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-22 04:58 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-22 04:12 . 2012-12-17 12:43 38096 ----a-w- c:\windows\system32\drivers\gfiark.sys 2013-01-22 04:09 . 2013-01-22 04:09 -------- d-----w- c:\program files (x86)\GUM687.tmp 2013-01-22 04:07 . 2013-01-22 04:07 -------- d-----w- c:\program files\Google 2013-01-22 04:07 . 2013-01-22 04:08 -------- d-----w- c:\program files (x86)\Google 2013-01-22 04:06 . 2013-01-22 04:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-01-22 03:07 . 2013-01-31 02:57 -------- d-----w- c:\windows\Panther 2013-01-22 03:06 . 2013-01-22 03:19 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2013-01-22 02:44 . 2013-01-22 02:44 -------- d-----w- c:\programdata\Lavasoft 2013-01-22 02:44 . 2013-01-31 04:09 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2013-01-22 02:44 . 2013-01-22 02:44 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-01-22 02:44 . 2012-09-20 11:40 47496 ----a-w- c:\windows\system32\sbbd.exe 2013-01-22 02:42 . 2013-01-22 02:42 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2013-01-22 02:42 . 2013-01-22 02:42 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-01-22 02:33 . 2013-01-31 02:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-01-22 02:33 . 2013-01-22 04:30 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2013-01-22 02:30 . 2013-01-22 02:30 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-01-22 02:30 . 2013-01-22 02:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-22 02:28 . 2013-01-22 02:49 -------- d-----w- c:\program files (x86)\SpywareBlaster 2013-01-22 02:28 . 2010-01-11 00:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2013-01-22 02:12 . 2013-01-31 04:09 -------- d-----w- c:\program files (x86)\7-Zip 2013-01-22 02:12 . 2013-01-22 02:14 -------- d-----w- c:\programdata\Strongvault Online Backup 2013-01-22 02:12 . 2013-01-22 02:12 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2013-01-22 02:12 . 2013-01-22 02:12 -------- d-----w- c:\program files (x86)\Strongvault Online Backup 2013-01-22 02:12 . 2013-01-22 02:12 -------- d-----w- C:\AI_RecycleBin 2013-01-22 02:11 . 2013-01-31 03:06 -------- d-----w- c:\program files (x86)\Shop to Win 27 2013-01-22 02:10 . 2013-01-22 02:10 -------- d-----w- c:\programdata\Yahoo! 2013-01-22 02:10 . 2013-01-22 02:44 -------- d-----w- c:\programdata\Yahoo! Companion 2013-01-22 02:10 . 2013-01-22 02:10 -------- d-----w- c:\program files (x86)\Yahoo! 2013-01-22 02:06 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2013-01-22 02:06 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2013-01-22 02:06 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2013-01-22 02:06 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2013-01-22 02:02 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2013-01-22 02:02 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2013-01-22 02:02 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2013-01-22 02:02 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2013-01-22 02:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2013-01-22 02:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2013-01-22 02:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2013-01-22 02:02 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2013-01-22 02:02 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2013-01-22 01:50 . 2010-11-06 05:45 438808 ----a-w- c:\windows\system32\drivers\iaStor.sys 2013-01-22 01:49 . 2010-10-26 03:08 406632 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2013-01-22 01:49 . 2010-01-05 16:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2013-01-22 01:49 . 2009-12-03 09:27 74272 ----a-w- c:\windows\system32\RtNicProp64.dll 2013-01-22 01:49 . 2013-01-22 01:49 -------- d-----w- c:\program files (x86)\Realtek 2013-01-22 01:45 . 2013-01-22 01:45 -------- d-----w- c:\users\Public\Roaming 2013-01-22 01:45 . 2013-01-22 01:45 -------- d-----w- c:\users\Default\Roaming 2013-01-22 01:43 . 2013-01-22 01:57 -------- d-----w- c:\programdata\Intel 2013-01-22 01:43 . 2013-01-22 01:52 -------- d-----w- c:\program files\Common Files\Intel 2013-01-22 01:43 . 2013-01-22 01:43 -------- d-----w- c:\program files (x86)\Cisco 2013-01-22 01:43 . 2013-01-22 01:43 -------- d-----w- c:\program files\Intel 2013-01-22 01:42 . 2013-01-22 01:42 -------- d-----w- c:\program files (x86)\Renesas Electronics 2013-01-22 01:41 . 2010-10-06 02:50 8192 ----a-w- c:\windows\SysWow64\drivers\IntelMEFWVer.dll 2013-01-22 01:41 . 2010-10-06 02:50 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll 2013-01-22 01:41 . 2013-01-22 01:41 -------- d-----w- c:\program files (x86)\Common Files\postureAgent 2013-01-22 01:40 . 2010-09-21 15:59 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys 2013-01-22 01:39 . 2013-01-22 01:52 -------- d-----w- c:\program files (x86)\Intel 2013-01-22 01:39 . 2010-12-15 08:10 53248 ----a-r- c:\windows\SysWow64\CSVer.dll 2013-01-22 01:37 . 2010-10-14 17:56 390656 ----a-w- c:\windows\system32\imthx64.dll 2013-01-22 01:37 . 2010-09-30 15:17 732672 ----a-w- c:\windows\system32\imapo32.dll 2013-01-22 01:37 . 2011-01-24 17:57 4637184 ----a-w- c:\windows\system32\stlang64.dll 2013-01-22 01:37 . 2011-01-24 17:57 438784 ----a-w- c:\windows\system32\IDTNC64.cpl 2013-01-22 01:37 . 2011-01-21 00:15 449024 ----a-w- c:\windows\system32\slapoi64.dll 2013-01-22 01:37 . 2010-09-30 15:18 866304 ----a-w- c:\windows\system32\imapo64.dll 2013-01-22 01:36 . 2013-01-22 01:49 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2013-01-22 01:33 . 2013-01-22 01:34 -------- d-----w- c:\windows\SysWow64\vmm32 2013-01-22 01:33 . 2013-01-22 01:33 -------- d-----w- c:\program files (x86)\Dell 2013-01-22 01:33 . 2013-01-31 02:34 -------- d-sh--w- c:\windows\Installer 2013-01-22 01:24 . 2013-01-31 02:21 -------- d-----w- c:\users\Swimming12 2013-01-21 21:02 . 2013-01-21 21:02 -------- d-----w- C:\$AVG . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-06-11 1524056] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}] c:\users\Swimming12\AppData\Roaming\Qwiklinx\Qwiklinx.dll [bU] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-01-22 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-12-17 38096] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-22 14456] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-15 1236968] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-13 82872] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632] . . --- Other Services/Drivers In Memory --- . *Deregistered* - aswMBR . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-30 01:48 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22 04:07] . 2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22 04:07] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-24 525312] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 416024] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 . - - - - ORPHANS REMOVED - - - - . SafeBoot-32851603.sys SafeBoot-61782764.sys AddRemove-adawaretb - c:\program files (x86)\adawaretb\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-30 22:42:53 ComboFix-quarantined-files.txt 2013-01-31 04:42 ComboFix2.txt 2013-01-31 03:31 ComboFix3.txt 2012-12-18 03:58 ComboFix4.txt 2012-12-15 22:34 . Pre-Run: 451,890,032,640 bytes free Post-Run: 451,981,668,352 bytes free . - - End Of File - - 3B970F88445492C52F2117520FB7EA0A
  7. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-01-30 22:24:07 ----------------------------- 22:24:07.505 OS Version: Windows x64 6.1.7601 Service Pack 1 22:24:07.505 Number of processors: 4 586 0x2A07 22:24:07.507 ComputerName: SANDY UserName: 22:24:08.782 Initialize success 22:24:21.046 AVAST engine defs: 13013000 22:24:43.431 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:24:43.436 Disk 0 Vendor: TOSHIBA_ GS00 Size: 476940MB BusType: 3 22:24:43.462 Disk 0 MBR read successfully 22:24:43.468 Disk 0 MBR scan 22:24:43.478 Disk 0 Windows 7 default MBR code 22:24:43.496 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048 22:24:43.513 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848 22:24:43.533 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848 22:24:43.555 Disk 0 scanning C:\Windows\system32\drivers 22:24:52.987 Service scanning 22:25:28.714 Modules scanning 22:25:28.731 Disk 0 trace - called modules: 22:25:28.777 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 22:25:28.791 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004706060] 22:25:28.802 3 CLASSPNP.SYS[fffff88001b8d43f] -> nt!IofCallDriver -> [0xfffffa8003707e40] 22:25:28.813 5 ACPI.sys[fffff88000f2b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040be050] 22:25:29.968 AVAST engine scan C:\Windows 22:25:32.691 AVAST engine scan C:\Windows\system32 22:28:19.052 AVAST engine scan C:\Windows\system32\drivers 22:28:29.030 AVAST engine scan C:\Users\Swimming12 22:29:51.327 AVAST engine scan C:\ProgramData 22:30:59.761 Scan finished successfully 22:32:48.244 Disk 0 MBR has been saved successfully to "C:\Users\Swimming12\Desktop\MBR.dat" 22:32:48.250 The log file has been saved successfully to "C:\Users\Swimming12\Desktop\aswMBR.txt"
  8. Gringo, Was having trouble with IE refreshing. I see the post now. Here is the TDS Killer log. 21:58:37.0094 1152 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 21:58:37.0562 1152 ============================================================ 21:58:37.0562 1152 Current date / time: 2013/01/30 21:58:37.0562 21:58:37.0562 1152 SystemInfo: 21:58:37.0562 1152 21:58:37.0562 1152 OS Version: 6.1.7601 ServicePack: 1.0 21:58:37.0562 1152 Product type: Workstation 21:58:37.0562 1152 ComputerName: SANDY 21:58:37.0562 1152 UserName: Swimming12 21:58:37.0562 1152 Windows directory: C:\Windows 21:58:37.0562 1152 System windows directory: C:\Windows 21:58:37.0562 1152 Running under WOW64 21:58:37.0562 1152 Processor architecture: Intel x64 21:58:37.0562 1152 Number of processors: 4 21:58:37.0562 1152 Page size: 0x1000 21:58:37.0562 1152 Boot type: Normal boot 21:58:37.0562 1152 ============================================================ 21:58:37.0640 1152 BG loaded 21:58:38.0046 1152 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:58:38.0077 1152 ============================================================ 21:58:38.0077 1152 \Device\Harddisk0\DR0: 21:58:38.0077 1152 MBR partitions: 21:58:38.0077 1152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000 21:58:38.0077 1152 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030 21:58:38.0077 1152 ============================================================ 21:58:38.0186 1152 C: <-> \Device\Harddisk0\DR0\Partition2 21:58:38.0186 1152 ============================================================ 21:58:38.0186 1152 Initialize success 21:58:38.0186 1152 ============================================================ 22:05:38.0876 2804 Deinitialize success
  9. 21:58:37.0094 1152 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 21:58:37.0562 1152 ============================================================ 21:58:37.0562 1152 Current date / time: 2013/01/30 21:58:37.0562 21:58:37.0562 1152 SystemInfo: 21:58:37.0562 1152 21:58:37.0562 1152 OS Version: 6.1.7601 ServicePack: 1.0 21:58:37.0562 1152 Product type: Workstation 21:58:37.0562 1152 ComputerName: SANDY 21:58:37.0562 1152 UserName: Swimming12 21:58:37.0562 1152 Windows directory: C:\Windows 21:58:37.0562 1152 System windows directory: C:\Windows 21:58:37.0562 1152 Running under WOW64 21:58:37.0562 1152 Processor architecture: Intel x64 21:58:37.0562 1152 Number of processors: 4 21:58:37.0562 1152 Page size: 0x1000 21:58:37.0562 1152 Boot type: Normal boot 21:58:37.0562 1152 ============================================================ 21:58:37.0640 1152 BG loaded 21:58:38.0046 1152 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:58:38.0077 1152 ============================================================ 21:58:38.0077 1152 \Device\Harddisk0\DR0: 21:58:38.0077 1152 MBR partitions: 21:58:38.0077 1152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000 21:58:38.0077 1152 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030 21:58:38.0077 1152 ============================================================ 21:58:38.0186 1152 C: <-> \Device\Harddisk0\DR0\Partition2 21:58:38.0186 1152 ============================================================ 21:58:38.0186 1152 Initialize success 21:58:38.0186 1152 ============================================================
  10. Gringo, Ran TDS Killer. Looking for the log file now.
  11. Your post came back. Continuing with TDS Killer.
  12. Gringo, You removed the post. Did you change your mind? I was in the middle of tds killer and came back to your post to finish the instructions after the reboot.
  13. Gringo, Posted the Combofix file. Turned-on Windows Defender and MBAM, but was not able to turn Ad-Aware back on.
  14. ComboFix 13-01-30.04 - Swimming12 01/30/2013 21:23:55.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.2646 [GMT -6:00] Running from: c:\users\Swimming12\Desktop\ComboFix.exe AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\windows\svchost.exe c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 ))))))))))))))))))))))))))))))) . . 2013-01-31 03:29 . 2013-01-31 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-31 02:56 . 2013-01-31 02:56 -------- d-----w- c:\program files\CCleaner 2013-01-31 02:48 . 2009-12-30 17:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2013-01-31 02:47 . 2013-01-31 02:47 -------- d-----w- c:\program files\VS Revo Group 2013-01-31 02:29 . 2013-01-31 02:29 -------- d-----w- c:\program files (x86)\Microsoft.NET 2013-01-30 13:59 . 2013-01-30 13:59 -------- d-----w- c:\program files (x86)\MSXML 4.0 2013-01-30 06:13 . 2013-01-31 04:09 -------- d-----w- c:\windows\SysWow64\Wat 2013-01-30 06:13 . 2013-01-31 04:09 -------- d-----w- c:\windows\system32\Wat 2013-01-30 06:11 . 2013-01-30 06:11 -------- d-----w- C:\_OTL 2013-01-30 02:05 . 2013-01-31 04:09 -------- d-----w- c:\programdata\WeCareReminder 2013-01-30 02:05 . 2013-01-30 02:05 -------- d-----w- c:\programdata\Symantec 2013-01-30 02:05 . 2013-01-31 04:09 -------- d-----w- c:\program files (x86)\Norton Security Scan 2013-01-30 02:05 . 2013-01-31 04:09 -------- d-----w- c:\programdata\Norton 2013-01-30 02:05 . 2013-01-30 02:05 -------- d-----w- c:\program files (x86)\NortonInstaller 2013-01-30 02:03 . 2013-01-31 04:09 -------- d-----w- c:\program files (x86)\DefaultTab 2013-01-30 02:02 . 2013-01-30 02:02 -------- d-----w- c:\programdata\APN 2013-01-22 04:58 . 2013-01-22 04:58 -------- d-----w- c:\programdata\Malwarebytes 2013-01-22 04:58 . 2013-01-22 04:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-22 04:58 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-22 04:12 . 2012-12-17 12:43 38096 ----a-w- c:\windows\system32\drivers\gfiark.sys 2013-01-22 04:09 . 2013-01-22 04:09 -------- d-----w- c:\program files (x86)\GUM687.tmp 2013-01-22 04:07 . 2013-01-22 04:07 -------- d-----w- c:\program files\Google 2013-01-22 04:07 . 2013-01-22 04:08 -------- d-----w- c:\program files (x86)\Google 2013-01-22 04:06 . 2013-01-22 04:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-01-22 03:07 . 2013-01-31 02:57 -------- d-----w- c:\windows\Panther 2013-01-22 03:06 . 2013-01-22 03:19 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2013-01-22 02:44 . 2013-01-22 02:44 -------- d-----w- c:\programdata\Lavasoft 2013-01-22 02:44 . 2013-01-31 04:09 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2013-01-22 02:44 . 2013-01-22 02:44 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-01-22 02:44 . 2012-09-20 11:40 47496 ----a-w- c:\windows\system32\sbbd.exe 2013-01-22 02:42 . 2013-01-22 02:42 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2013-01-22 02:42 . 2013-01-22 02:42 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-01-22 02:33 . 2013-01-31 02:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-01-22 02:33 . 2013-01-22 04:30 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2013-01-22 02:30 . 2013-01-22 02:30 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-01-22 02:30 . 2013-01-22 02:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-22 02:28 . 2013-01-22 02:49 -------- d-----w- c:\program files (x86)\SpywareBlaster 2013-01-22 02:28 . 2010-01-11 00:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2013-01-22 02:12 . 2013-01-31 04:09 -------- d-----w- c:\program files (x86)\7-Zip 2013-01-22 02:12 . 2013-01-22 02:14 -------- d-----w- c:\programdata\Strongvault Online Backup 2013-01-22 02:12 . 2013-01-22 02:12 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2013-01-22 02:12 . 2013-01-22 02:12 -------- d-----w- c:\program files (x86)\Strongvault Online Backup 2013-01-22 02:12 . 2013-01-22 02:12 -------- d-----w- C:\AI_RecycleBin 2013-01-22 02:11 . 2013-01-31 03:06 -------- d-----w- c:\program files (x86)\Shop to Win 27 2013-01-22 02:10 . 2013-01-22 02:10 -------- d-----w- c:\programdata\Yahoo! 2013-01-22 02:10 . 2013-01-22 02:44 -------- d-----w- c:\programdata\Yahoo! Companion 2013-01-22 02:10 . 2013-01-22 02:10 -------- d-----w- c:\program files (x86)\Yahoo! 2013-01-22 02:06 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2013-01-22 02:06 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2013-01-22 02:06 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2013-01-22 02:06 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2013-01-22 02:02 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2013-01-22 02:02 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2013-01-22 02:02 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2013-01-22 02:02 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2013-01-22 02:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2013-01-22 02:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2013-01-22 02:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2013-01-22 02:02 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2013-01-22 02:02 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2013-01-22 01:50 . 2010-11-06 05:45 438808 ----a-w- c:\windows\system32\drivers\iaStor.sys 2013-01-22 01:49 . 2010-10-26 03:08 406632 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2013-01-22 01:49 . 2010-01-05 16:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2013-01-22 01:49 . 2009-12-03 09:27 74272 ----a-w- c:\windows\system32\RtNicProp64.dll 2013-01-22 01:49 . 2013-01-22 01:49 -------- d-----w- c:\program files (x86)\Realtek 2013-01-22 01:45 . 2013-01-22 01:45 -------- d-----w- c:\users\Public\Roaming 2013-01-22 01:45 . 2013-01-22 01:45 -------- d-----w- c:\users\Default\Roaming 2013-01-22 01:43 . 2013-01-22 01:57 -------- d-----w- c:\programdata\Intel 2013-01-22 01:43 . 2013-01-22 01:52 -------- d-----w- c:\program files\Common Files\Intel 2013-01-22 01:43 . 2013-01-22 01:43 -------- d-----w- c:\program files (x86)\Cisco 2013-01-22 01:43 . 2013-01-22 01:43 -------- d-----w- c:\program files\Intel 2013-01-22 01:42 . 2013-01-22 01:42 -------- d-----w- c:\program files (x86)\Renesas Electronics 2013-01-22 01:41 . 2010-10-06 02:50 8192 ----a-w- c:\windows\SysWow64\drivers\IntelMEFWVer.dll 2013-01-22 01:41 . 2010-10-06 02:50 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll 2013-01-22 01:41 . 2013-01-22 01:41 -------- d-----w- c:\program files (x86)\Common Files\postureAgent 2013-01-22 01:40 . 2010-09-21 15:59 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys 2013-01-22 01:39 . 2013-01-22 01:52 -------- d-----w- c:\program files (x86)\Intel 2013-01-22 01:39 . 2010-12-15 08:10 53248 ----a-r- c:\windows\SysWow64\CSVer.dll 2013-01-22 01:37 . 2010-10-14 17:56 390656 ----a-w- c:\windows\system32\imthx64.dll 2013-01-22 01:37 . 2010-09-30 15:17 732672 ----a-w- c:\windows\system32\imapo32.dll 2013-01-22 01:37 . 2011-01-24 17:57 4637184 ----a-w- c:\windows\system32\stlang64.dll 2013-01-22 01:37 . 2011-01-24 17:57 438784 ----a-w- c:\windows\system32\IDTNC64.cpl 2013-01-22 01:37 . 2011-01-21 00:15 449024 ----a-w- c:\windows\system32\slapoi64.dll 2013-01-22 01:37 . 2010-09-30 15:18 866304 ----a-w- c:\windows\system32\imapo64.dll 2013-01-22 01:36 . 2013-01-22 01:49 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2013-01-22 01:33 . 2013-01-22 01:34 -------- d-----w- c:\windows\SysWow64\vmm32 2013-01-22 01:33 . 2013-01-22 01:33 -------- d-----w- c:\program files (x86)\Dell 2013-01-22 01:33 . 2013-01-31 02:34 -------- d-sh--w- c:\windows\Installer 2013-01-22 01:24 . 2013-01-31 02:21 -------- d-----w- c:\users\Swimming12 2013-01-21 21:02 . 2013-01-21 21:02 -------- d-----w- C:\$AVG . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-06-11 1524056] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-01-22 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-12-17 38096] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-22 14456] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-15 1236968] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-13 82872] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-30 01:48 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22 04:07] . 2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22 04:07] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-24 525312] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 416024] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 . - - - - ORPHANS REMOVED - - - - . BHO-{3E7C8B5A-96AB-438F-BF9B-782400655440} - c:\users\Swimming12\AppData\Roaming\Qwiklinx\Qwiklinx.dll AddRemove-adawaretb - c:\program files (x86)\adawaretb\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-30 21:31:38 ComboFix-quarantined-files.txt 2013-01-31 03:31 ComboFix2.txt 2012-12-18 03:58 ComboFix3.txt 2012-12-15 22:34 . Pre-Run: 452,920,082,432 bytes free Post-Run: 452,691,374,080 bytes free . - - End Of File - - 5F89BA75D988E4D27B18749FE05208F4
  15. Gringo, Still have a Trojan.Agent popping up in MBAM. Otherwise, computer seems to be operating relatively normally. I follow your next steps now.
  16. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:12:31 PM, on 1/30/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Strongvault Online Backup\ClientMessenger.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Swimming12\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Swimming12\AppData\Roaming\Qwiklinx\Qwiklinx.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\ClientMessenger.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9863 bytes
  17. Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.31.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Swimming12 :: SANDY [administrator] Protection: Enabled 1/30/2013 9:01:50 PM mbam-log-2013-01-30 (21-01-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 205387 Time elapsed: 1 minute(s), 13 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 6740 -> Delete on reboot. Memory Modules Detected: 3 C:\Program Files (x86)\Shop to Win 27\Shop to Win 27.dll (PUP.ShopToWin) -> Delete on reboot. C:\Users\Swimming12\AppData\LocalLow\FCTB000100565\Toolbar\Toolbar.dll (PUP.ShopToWin) -> Delete on reboot. C:\Program Files (x86)\Shop to Win 27\Helper.dll (PUP.ShopToWin) -> Delete on reboot. Registry Keys Detected: 11 HKCR\CLSID\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> Quarantined and deleted successfully. HKCR\TypeLib\{7BCF5449-286E-27B4-F9D4-B26439725A44} (PUP.ShopToWin) -> Delete on reboot. HKCR\Interface\{611BBA16-61FE-D4D3-8DC8-87D0396B18B9} (PUP.ShopToWin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE146ACC-D881-1414-2148-B1D008B47ADB} (PUP.ShopToWin) -> Quarantined and deleted successfully. HKCR\CLSID\{F122B94E-0C50-13C4-C9D3-893FAEFAD90B} (PUP.ShopToWin) -> Quarantined and deleted successfully. HKCR\TypeLib\{1E04D1F8-15C9-DFA4-B131-886A302975E3} (PUP.ShopToWin) -> Quarantined and deleted successfully. HKCR\Interface\{8DD78B0D-BFC4-0951-A445-1985F07F3BAB} (PUP.ShopToWin) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F122B94E-0C50-13C4-C9D3-893FAEFAD90B} (PUP.ShopToWin) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{F122B94E-0C50-13C4-C9D3-893FAEFAD90B} (PUP.ShopToWin) -> Data: -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{f122b94e-0c50-13c4-c9d3-893faefad90b} (PUP.ShopToWin) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Program Files (x86)\Shop to Win 27\Shop to Win 27.dll (PUP.ShopToWin) -> Delete on reboot. C:\Users\Swimming12\AppData\LocalLow\FCTB000100565\Toolbar\Toolbar.dll (PUP.ShopToWin) -> Delete on reboot. C:\Program Files (x86)\Shop to Win 27\Helper.dll (PUP.ShopToWin) -> Delete on reboot. C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end)
  18. Gringo, Computer seems to be working better now. I'll check again later tonight to see if all is well.
  19. ========== OTL ========== ADS C:\ProgramData\TEMP:5C321E34 deleted successfully. Registry value HKEY_USERS\S-1-5-21-3719879613-4176528961-3434360997-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f122b94e-0c50-13c4-c9d3-893faefad90b} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f122b94e-0c50-13c4-c9d3-893faefad90b}\ deleted successfully. C:\Program Files (x86)\Shop to Win 27\Helper.dll moved successfully. Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\ not found. C:\Program Files (x86)\PriceGong\2.6.8\FF\plugins folder moved successfully. C:\Program Files (x86)\PriceGong\2.6.8\FF\modules folder moved successfully. C:\Program Files (x86)\PriceGong\2.6.8\FF\chrome\skin folder moved successfully. C:\Program Files (x86)\PriceGong\2.6.8\FF\chrome\locale\en-US folder moved successfully. C:\Program Files (x86)\PriceGong\2.6.8\FF\chrome\locale folder moved successfully. C:\Program Files (x86)\PriceGong\2.6.8\FF\chrome\content folder moved successfully. C:\Program Files (x86)\PriceGong\2.6.8\FF\chrome folder moved successfully. C:\Program Files (x86)\PriceGong\2.6.8\FF folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully. C:\Program Files (x86)\PriceGong\2.6.8\PriceGongIE.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E7C8B5A-96AB-438F-BF9B-782400655440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE146ACC-D881-1414-2148-B1D008B47ADB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE146ACC-D881-1414-2148-B1D008B47ADB}\ deleted successfully. C:\Program Files (x86)\Shop to Win 27\Shop to Win 27.dll moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong folder moved successfully. C:\Program Files (x86)\PriceGong\2.6.8 folder moved successfully. C:\Program Files (x86)\PriceGong folder moved successfully. C:\Program Files (x86)\Yontoo folder moved successfully. C:\Users\Swimming12\AppData\Roaming\DefaultTab\DefaultTab folder moved successfully. C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache folder moved successfully. Folder move failed. C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} scheduled to be moved on reboot. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache folder moved successfully. Folder move failed. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} scheduled to be moved on reboot. Folder move failed. C:\ProgramData\Tarma Installer scheduled to be moved on reboot. C:\Users\Swimming12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 27 folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\util folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\weatherplugin\proppage folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\weatherplugin folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\searchcomponent folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\rssreader\proppage\images folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\rssreader\proppage folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\rssreader folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\radioplugin\proppage\widgets folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\radioplugin\proppage\images folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\radioplugin\proppage folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\radioplugin\js folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\radioplugin\images folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\radioplugin\css folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\radioplugin folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\msgboxplugin folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\emailchecker\proppage\widgets folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\emailchecker\proppage folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\emailchecker folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\common\proppage folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\common folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\bookmarksplugin\proppage\images folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\bookmarksplugin\proppage folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res\bookmarksplugin folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components\res folder moved successfully. C:\Program Files (x86)\Shop to Win 27\js_components folder moved successfully. C:\Program Files (x86)\Shop to Win 27\images\weather\png folder moved successfully. C:\Program Files (x86)\Shop to Win 27\images\weather folder moved successfully. C:\Program Files (x86)\Shop to Win 27\images\ticker folder moved successfully. C:\Program Files (x86)\Shop to Win 27\images\msgbox folder moved successfully. C:\Program Files (x86)\Shop to Win 27\images folder moved successfully. C:\Program Files (x86)\Shop to Win 27 folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Swimming12\Desktop\cmd.bat deleted successfully. C:\Users\Swimming12\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: Swimming12 Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Swimming12 Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01302013_001125 Files\Folders moved on Reboot... C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} folder moved successfully. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} folder moved successfully. C:\ProgramData\Tarma Installer folder moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  20. Gringo, Posted the OTL file as requested. What next?
  21. OTL logfile created on: 1/29/2013 8:40:21 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Swimming12\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.91 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 24.07% Memory free 7.82 Gb Paging File | 4.10 Gb Available in Paging File | 52.39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.01 Gb Total Space | 423.87 Gb Free Space | 93.98% Space Free | Partition Type: NTFS Computer Name: SANDY | User Name: Swimming12 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Swimming12\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Strongvault Online Backup\ClientMessenger.exe (Stronghold LLC) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\ProgramData\WeCareReminder\ReminderHelper.exe (We-Care.com) PRC - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe () PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Swimming12\AppData\LocalLow\FCTB000100565\Toolbar\Toolbar.dll () MOD - C:\Program Files (x86)\Shop to Win 27\Toolbar.dll () MOD - C:\Users\Swimming12\AppData\LocalLow\FCTB000100565\Toolbar\Helper.dll () MOD - C:\Program Files (x86)\Shop to Win 27\Helper.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\30a8c29a4e9807d25f7148ba4adbe7b9\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3956b6af532aee63d53f0c15d071b14b\IAStorCommon.ni.dll () MOD - C:\Program Files (x86)\Strongvault Online Backup\Infrastructure.Metadata.dll () MOD - C:\Program Files (x86)\Strongvault Online Backup\Infrastructure.Helpers.dll () MOD - C:\Program Files (x86)\Strongvault Online Backup\Environment.Identification.dll () MOD - C:\Program Files (x86)\Yontoo\YontooIEClient.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll () ========== Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (DefaultTabUpdate) -- C:\Users\Swimming12\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (DefaultTabSearch) -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe () SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (GFI Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3719879613-4176528961-3434360997-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3719879613-4176528961-3434360997-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-3719879613-4176528961-3434360997-1000\..\URLSearchHook: {f122b94e-0c50-13c4-c9d3-893faefad90b} - C:\Program Files (x86)\Shop to Win 27\Helper.dll () IE - HKU\S-1-5-21-3719879613-4176528961-3434360997-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3719879613-4176528961-3434360997-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3719879613-4176528961-3434360997-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WQIB_enUS520 IE - HKU\S-1-5-21-3719879613-4176528961-3434360997-1000\..\SearchScopes\{DD7C8690-90FC-4E70-AD91-BC66811F1E03}: "URL" = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms} IE - HKU\S-1-5-21-3719879613-4176528961-3434360997-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.6.8\FF [2013/01/29 20:05:17 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Swimming12\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Swimming12\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Safe Search = C:\Users\Swimming12\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik\1.0.0.0_0\ CHR - Extension: Gmail = C:\Users\Swimming12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.8\PriceGongIE.dll (PriceGong) O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Swimming12\AppData\Roaming\Qwiklinx\Qwiklinx.dll File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Swimming12\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com) O2 - BHO: (Shop to Win) - {EE146ACC-D881-1414-2148-B1D008B47ADB} - C:\Program Files (x86)\Shop to Win 27\Shop to Win 27.dll (Shop To Win, LLC) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3:64bit: - HKU\S-1-5-21-3719879613-4176528961-3434360997-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sBRegRebootCleaner] C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe (GFI Software) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-21-3719879613-4176528961-3434360997-1000..\Run: [Messenger] C:\Program Files (x86)\Strongvault Online Backup\ClientMessenger.exe (Stronghold LLC) O4 - HKU\S-1-5-21-3719879613-4176528961-3434360997-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-3719879613-4176528961-3434360997-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{151F5EF4-B59D-4B5E-A58B-5550B6BF0B0D}: DhcpNameServer = 75.75.76.76 75.75.75.75 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ead442c8-6440-11e2-a40f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ead442c8-6440-11e2-a40f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume3\Program Files (x86)\Ad-Aware Antivirus\Definitions) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/29 20:36:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Swimming12\Desktop\OTL.exe [2013/01/29 20:28:52 | 000,000,000 | --SD | C] -- C:\ComboFix [2013/01/29 20:27:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/01/29 20:27:20 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2013/01/29 20:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder [2013/01/29 20:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2013/01/29 20:05:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan [2013/01/29 20:05:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64 [2013/01/29 20:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan [2013/01/29 20:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013/01/29 20:05:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307060.005 [2013/01/29 20:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013/01/29 20:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013/01/29 20:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong [2013/01/29 20:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PriceGong [2013/01/29 20:05:17 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\mozilla [2013/01/29 20:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-zip [2013/01/29 20:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab [2013/01/29 20:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2013/01/29 20:03:18 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\DefaultTab [2013/01/29 20:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013/01/29 20:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013/01/28 22:38:17 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2013/01/28 22:38:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2013/01/22 00:20:57 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\Desktop\RK_Quarantine [2013/01/21 22:58:34 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\Malwarebytes [2013/01/21 22:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/21 22:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/21 22:58:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/01/21 22:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/01/21 22:58:11 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Local\Programs [2013/01/21 22:30:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013/01/21 22:12:37 | 000,038,096 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfiark.sys [2013/01/21 22:09:08 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\Google [2013/01/21 22:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/01/21 22:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013/01/21 22:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2013/01/21 22:07:31 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Local\Google [2013/01/21 22:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013/01/21 22:07:05 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\Adobe [2013/01/21 22:07:05 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Local\Adobe [2013/01/21 22:06:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013/01/21 22:06:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013/01/21 22:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013/01/21 21:11:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013/01/21 21:09:00 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013/01/21 21:07:38 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013/01/21 21:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013/01/21 20:54:26 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\LavasoftStatistics [2013/01/21 20:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2013/01/21 20:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013/01/21 20:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2013/01/21 20:44:12 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Local\Downloaded Installations [2013/01/21 20:44:07 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013/01/21 20:44:07 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013/01/21 20:42:50 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Local\adawarebp [2013/01/21 20:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2013/01/21 20:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2013/01/21 20:42:39 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\blekko [2013/01/21 20:40:58 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\Ad-Aware Antivirus [2013/01/21 20:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2013/01/21 20:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/01/21 20:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2013/01/21 20:30:17 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\SUPERAntiSpyware.com [2013/01/21 20:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013/01/21 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013/01/21 20:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/01/21 20:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013/01/21 20:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster [2013/01/21 20:28:12 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL [2013/01/21 20:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster [2013/01/21 20:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap [2013/01/21 20:12:44 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip [2013/01/21 20:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013/01/21 20:12:43 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Local\Strongvault Online Backup [2013/01/21 20:12:40 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2013/01/21 20:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup [2013/01/21 20:12:40 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Local\Strongvault [2013/01/21 20:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup [2013/01/21 20:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strongvault Online Backup [2013/01/21 20:12:36 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin [2013/01/21 20:11:21 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 27 [2013/01/21 20:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shop to Win 27 [2013/01/21 20:10:28 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetAssistant [2013/01/21 20:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2013/01/21 20:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion [2013/01/21 20:10:20 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\Yahoo! [2013/01/21 20:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo! [2013/01/21 20:06:19 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2013/01/21 20:06:19 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2013/01/21 20:02:50 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013/01/21 20:02:50 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013/01/21 20:02:50 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2013/01/21 20:02:43 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013/01/21 20:02:43 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013/01/21 20:02:43 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013/01/21 20:02:37 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013/01/21 20:02:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013/01/21 19:57:45 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\Intel Corporation [2013/01/21 19:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2013/01/21 19:52:42 | 000,317,440 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys [2013/01/21 19:52:42 | 000,014,848 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\IntcDAuC.dll [2013/01/21 19:52:16 | 017,896,960 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig4icd64.dll [2013/01/21 19:52:16 | 014,511,104 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll [2013/01/21 19:52:16 | 012,289,536 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll [2013/01/21 19:52:16 | 012,223,936 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys [2013/01/21 19:52:16 | 009,014,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll [2013/01/21 19:52:16 | 008,238,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll [2013/01/21 19:52:16 | 006,275,072 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll [2013/01/21 19:52:16 | 004,378,392 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe [2013/01/21 19:52:16 | 000,577,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll [2013/01/21 19:52:16 | 000,510,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe [2013/01/21 19:52:16 | 000,416,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe [2013/01/21 19:52:16 | 000,392,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe [2013/01/21 19:52:16 | 000,385,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll [2013/01/21 19:52:16 | 000,378,368 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll [2013/01/21 19:52:16 | 000,376,832 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll [2013/01/21 19:52:16 | 000,376,832 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll [2013/01/21 19:52:16 | 000,335,872 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll [2013/01/21 19:52:16 | 000,288,768 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll [2013/01/21 19:52:16 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc [2013/01/21 19:52:16 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc [2013/01/21 19:52:16 | 000,287,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc [2013/01/21 19:52:16 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc [2013/01/21 19:52:16 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc [2013/01/21 19:52:16 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc [2013/01/21 19:52:16 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc [2013/01/21 19:52:16 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc [2013/01/21 19:52:16 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc [2013/01/21 19:52:16 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc [2013/01/21 19:52:16 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc [2013/01/21 19:52:16 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc [2013/01/21 19:52:16 | 000,286,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc [2013/01/21 19:52:16 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc [2013/01/21 19:52:16 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc [2013/01/21 19:52:16 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc [2013/01/21 19:52:16 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc [2013/01/21 19:52:16 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc [2013/01/21 19:52:16 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc [2013/01/21 19:52:16 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc [2013/01/21 19:52:16 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc [2013/01/21 19:52:16 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc [2013/01/21 19:52:16 | 000,285,696 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc [2013/01/21 19:52:16 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc [2013/01/21 19:52:16 | 000,285,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc [2013/01/21 19:52:16 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc [2013/01/21 19:52:16 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc [2013/01/21 19:52:16 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc [2013/01/21 19:52:16 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc [2013/01/21 19:52:16 | 000,239,384 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe [2013/01/21 19:52:16 | 000,168,216 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe [2013/01/21 19:52:16 | 000,158,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll [2013/01/21 19:52:16 | 000,146,432 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll [2013/01/21 19:52:16 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll [2013/01/21 19:52:16 | 000,136,704 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll [2013/01/21 19:52:16 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl [2013/01/21 19:52:16 | 000,109,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll [2013/01/21 19:52:16 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll [2013/01/21 19:52:16 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll [2013/01/21 19:52:16 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2361.dll [2013/01/21 19:52:16 | 000,062,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll [2013/01/21 19:52:16 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll [2013/01/21 19:52:16 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll [2013/01/21 19:50:24 | 000,438,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys [2013/01/21 19:49:10 | 000,406,632 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013/01/21 19:49:09 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll [2013/01/21 19:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013/01/21 19:45:15 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\Intel [2013/01/21 19:45:08 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\Roaming [2013/01/21 19:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming [2013/01/21 19:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless [2013/01/21 19:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013/01/21 19:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013/01/21 19:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2013/01/21 19:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2013/01/21 19:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics [2013/01/21 19:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics [2013/01/21 19:41:08 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013/01/21 19:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013/01/21 19:40:46 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys [2013/01/21 19:40:44 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\InstallShield [2013/01/21 19:39:46 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013/01/21 19:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013/01/21 19:37:03 | 000,732,672 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\imapo32.dll [2013/01/21 19:37:03 | 000,390,656 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\imthx64.dll [2013/01/21 19:37:02 | 004,637,184 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll [2013/01/21 19:37:02 | 000,866,304 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\imapo64.dll [2013/01/21 19:37:02 | 000,449,024 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slapoi64.dll [2013/01/21 19:37:02 | 000,442,368 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTEC64.dll [2013/01/21 19:37:02 | 000,438,784 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl [2013/01/21 19:37:02 | 000,162,304 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAC64.dll [2013/01/21 19:37:02 | 000,090,624 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTCo64.dll [2013/01/21 19:37:02 | 000,068,608 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAR64.dll [2013/01/21 19:37:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs [2013/01/21 19:36:33 | 001,499,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll [2013/01/21 19:36:33 | 000,732,672 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\IMAPO32.dll [2013/01/21 19:36:33 | 000,651,776 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll [2013/01/21 19:36:33 | 000,520,192 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys [2013/01/21 19:36:33 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll [2013/01/21 19:36:33 | 000,334,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO3064.dll [2013/01/21 19:36:33 | 000,220,160 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\st646324.dll [2013/01/21 19:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\IDT [2013/01/21 19:36:15 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013/01/21 19:33:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vmm32 [2013/01/21 19:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell [2013/01/21 19:33:33 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013/01/21 19:24:53 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013/01/21 19:24:53 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\Searches [2013/01/21 19:24:53 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013/01/21 19:24:52 | 000,000,000 | -H-D | C] -- C:\Users\Swimming12\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2013/01/21 19:24:42 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\Identities [2013/01/21 19:24:39 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\Contacts [2013/01/21 19:24:36 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Local\VirtualStore [2013/01/21 19:24:25 | 000,000,000 | --SD | C] -- C:\Users\Swimming12\AppData\Roaming\Microsoft [2013/01/21 19:24:25 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\Videos [2013/01/21 19:24:25 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\Saved Games [2013/01/21 19:24:25 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\Pictures [2013/01/21 19:24:25 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\Music [2013/01/21 19:24:25 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013/01/21 19:24:25 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\Links [2013/01/21 19:24:25 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\Favorites [2013/01/21 19:24:25 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\Downloads [2013/01/21 19:24:25 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\Documents [2013/01/21 19:24:25 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\Desktop [2013/01/21 19:24:25 | 000,000,000 | R--D | C] -- C:\Users\Swimming12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\AppData\Local\Temporary Internet Files [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\Templates [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\Start Menu [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\SendTo [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\Recent [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\PrintHood [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\NetHood [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\Documents\My Videos [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\Documents\My Pictures [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\Documents\My Music [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\My Documents [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\Local Settings [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\AppData\Local\History [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\Cookies [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\Application Data [2013/01/21 19:24:25 | 000,000,000 | -HSD | C] -- C:\Users\Swimming12\AppData\Local\Application Data [2013/01/21 19:24:25 | 000,000,000 | -H-D | C] -- C:\Users\Swimming12\AppData [2013/01/21 19:24:25 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Local\Temp [2013/01/21 19:24:25 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Local\Microsoft [2013/01/21 19:24:25 | 000,000,000 | ---D | C] -- C:\Users\Swimming12\AppData\Roaming\Media Center Programs [2013/01/21 15:02:33 | 000,000,000 | -H-D | C] -- C:\$AVG [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/29 20:40:56 | 000,000,104 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat [2013/01/29 20:37:39 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013/01/29 20:36:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Swimming12\Desktop\OTL.exe [2013/01/29 20:18:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/29 20:05:33 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\7-zip.lnk [2013/01/29 20:05:30 | 000,000,458 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Swimming12.job [2013/01/29 20:05:28 | 000,001,345 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2013/01/29 19:51:17 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/29 19:51:17 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/29 19:51:16 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/29 19:45:55 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/29 19:45:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/29 19:45:38 | 3148,222,464 | -HS- | M] () -- C:\hiberfil.sys [2013/01/28 23:05:37 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/28 23:05:37 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/28 22:50:24 | 000,768,512 | ---- | M] () -- C:\Users\Swimming12\Desktop\RogueKiller.exe [2013/01/28 22:40:29 | 000,580,235 | ---- | M] () -- C:\Users\Swimming12\Desktop\adwcleaner.exe [2013/01/28 22:33:29 | 000,000,212 | ---- | M] () -- C:\Users\Swimming12\Desktop\Trojan.Agent infected my system - Malwarebytes Forum.url [2013/01/28 22:27:46 | 000,881,914 | ---- | M] () -- C:\Users\Swimming12\Desktop\SecurityCheck.exe [2013/01/28 22:22:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013/01/21 22:58:28 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/21 22:31:26 | 000,002,285 | ---- | M] () -- C:\Users\Swimming12\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/21 22:30:43 | 414,990,141 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/01/21 22:08:40 | 000,002,295 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/21 22:06:45 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/01/21 21:22:43 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/21 21:12:15 | 000,115,640 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013/01/21 21:12:15 | 000,115,640 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013/01/21 20:47:35 | 000,000,515 | ---- | M] () -- C:\Windows\wininit.ini [2013/01/21 20:44:07 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013/01/21 20:33:32 | 000,001,288 | ---- | M] () -- C:\Users\Swimming12\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2013/01/21 20:33:32 | 000,001,264 | ---- | M] () -- C:\Users\Swimming12\Desktop\Spybot - Search & Destroy.lnk [2013/01/21 20:30:16 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/01/21 20:28:13 | 000,001,085 | ---- | M] () -- C:\Users\Swimming12\Desktop\SpywareBlaster.lnk [2013/01/21 20:12:40 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Shortcut to Strongvault.lnk [2013/01/21 19:57:21 | 000,015,376 | ---- | M] () -- C:\Windows\SysNative\results.xml [2013/01/21 19:27:05 | 000,001,443 | ---- | M] () -- C:\Users\Swimming12\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/29 20:40:53 | 000,000,104 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat [2013/01/29 20:05:30 | 000,000,458 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Swimming12.job [2013/01/29 20:05:28 | 000,001,345 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2013/01/29 20:05:25 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307060.005\isolate.ini [2013/01/29 20:03:26 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\7-zip.lnk [2013/01/28 22:40:24 | 000,580,235 | ---- | C] () -- C:\Users\Swimming12\Desktop\adwcleaner.exe [2013/01/28 22:33:29 | 000,000,212 | ---- | C] () -- C:\Users\Swimming12\Desktop\Trojan.Agent infected my system - Malwarebytes Forum.url [2013/01/28 22:27:46 | 000,881,914 | ---- | C] () -- C:\Users\Swimming12\Desktop\SecurityCheck.exe [2013/01/28 22:22:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013/01/22 00:21:47 | 000,768,512 | ---- | C] () -- C:\Users\Swimming12\Desktop\RogueKiller.exe [2013/01/21 22:58:28 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/21 22:30:43 | 414,990,141 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013/01/21 22:08:40 | 000,002,295 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/21 22:08:40 | 000,002,285 | ---- | C] () -- C:\Users\Swimming12\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/21 22:07:36 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/21 22:07:35 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/21 22:06:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/01/21 22:06:45 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/01/21 21:11:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013/01/21 21:11:47 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013/01/21 20:47:34 | 000,000,515 | ---- | C] () -- C:\Windows\wininit.ini [2013/01/21 20:44:28 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013/01/21 20:33:32 | 000,001,288 | ---- | C] () -- C:\Users\Swimming12\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2013/01/21 20:33:32 | 000,001,264 | ---- | C] () -- C:\Users\Swimming12\Desktop\Spybot - Search & Destroy.lnk [2013/01/21 20:30:16 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/01/21 20:28:13 | 000,001,085 | ---- | C] () -- C:\Users\Swimming12\Desktop\SpywareBlaster.lnk [2013/01/21 20:12:40 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Shortcut to Strongvault.lnk [2013/01/21 19:57:21 | 000,015,376 | ---- | C] () -- C:\Windows\SysNative\results.xml [2013/01/21 19:52:16 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2013/01/21 19:52:16 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2013/01/21 19:52:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2013/01/21 19:52:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin [2013/01/21 19:52:16 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2013/01/21 19:52:16 | 000,218,304 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin [2013/01/21 19:52:16 | 000,211,082 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources [2013/01/21 19:52:16 | 000,197,902 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources [2013/01/21 19:52:16 | 000,182,514 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources [2013/01/21 19:52:16 | 000,179,992 | ---- | C] () -- C:\Windows\SysNative\difx64.exe [2013/01/21 19:52:16 | 000,156,057 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources [2013/01/21 19:52:16 | 000,152,994 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources [2013/01/21 19:52:16 | 000,148,846 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources [2013/01/21 19:52:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2013/01/21 19:52:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin [2013/01/21 19:52:16 | 000,140,077 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources [2013/01/21 19:52:16 | 000,138,572 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources [2013/01/21 19:52:16 | 000,137,705 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources [2013/01/21 19:52:16 | 000,137,506 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources [2013/01/21 19:52:16 | 000,136,449 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources [2013/01/21 19:52:16 | 000,135,519 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources [2013/01/21 19:52:16 | 000,135,222 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources [2013/01/21 19:52:16 | 000,134,686 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources [2013/01/21 19:52:16 | 000,134,272 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources [2013/01/21 19:52:16 | 000,134,238 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources [2013/01/21 19:52:16 | 000,133,706 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources [2013/01/21 19:52:16 | 000,133,548 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources [2013/01/21 19:52:16 | 000,133,246 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources [2013/01/21 19:52:16 | 000,133,014 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources [2013/01/21 19:52:16 | 000,132,752 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources [2013/01/21 19:52:16 | 000,132,650 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources [2013/01/21 19:52:16 | 000,131,705 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources [2013/01/21 19:52:16 | 000,128,863 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources [2013/01/21 19:52:16 | 000,128,667 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources [2013/01/21 19:52:16 | 000,128,407 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources [2013/01/21 19:52:16 | 000,123,921 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources [2013/01/21 19:52:16 | 000,117,522 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources [2013/01/21 19:52:16 | 000,116,233 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources [2013/01/21 19:52:16 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll [2013/01/21 19:52:16 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll [2013/01/21 19:52:16 | 000,059,243 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2013/01/21 19:52:16 | 000,059,174 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2013/01/21 19:52:16 | 000,059,062 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2013/01/21 19:52:16 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013/01/21 19:52:16 | 000,017,272 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp [2013/01/21 19:52:16 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll [2013/01/21 19:52:16 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config [2013/01/21 19:49:09 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2013/01/21 19:41:08 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2013/01/21 19:41:08 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2013/01/21 19:37:02 | 000,015,610 | ---- | C] () -- C:\Windows\SysNative\W92HDM59.xml [2013/01/21 19:27:05 | 000,001,443 | ---- | C] () -- C:\Users\Swimming12\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/01/21 19:25:03 | 000,001,415 | ---- | C] () -- C:\Users\Swimming12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013/01/21 19:24:56 | 000,001,449 | ---- | C] () -- C:\Users\Swimming12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013/01/21 19:24:25 | 000,000,290 | ---- | C] () -- C:\Users\Swimming12\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2013/01/21 19:24:25 | 000,000,272 | ---- | C] () -- C:\Users\Swimming12\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 21:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report >
  22. Maurice, Thanks for the heads-up, though I already had downloaded a version from CNET and attempted to run. It said that it was out of date and would not work. I did delete and remove it from the recycle bin. Hope I didn't add to the problem?? Running OTL now.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.