jjsomer

Junkware Removal Tool log... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.2 (02.02.2013:2) OS: Windows 7 Home Premium x64 Ran by roxane on Sat 02/09/2013 at 21:15:43.14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 02/09/2013 at 21:35:02.89 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner log... # AdwCleaner v2.109 - Logfile created 01/29/2013 at 06:30:11 # Updated 26/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : roxane - ROXANE-PC # Boot Mode : Normal # Running from : C:\Users\roxane\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\AppGraffiti Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti Folder Deleted : C:\Users\roxane\AppData\LocalLow\AppGraffiti ***** [Registry] ***** Key Deleted : HKCU\Software\AppGraffiti Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKLM\Software\AppGraffiti Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [3679 octets] - [29/01/2013 06:30:11] ########## EOF - C:\AdwCleaner[s1].txt - [3739 octets] ########## AdwCleaner #2... # AdwCleaner v2.111 - Logfile created 02/09/2013 at 21:36:12 # Updated 05/02/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : roxane - ROXANE-PC # Boot Mode : Normal # Running from : C:\Users\roxane\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v24.0.1312.57 File : C:\Users\roxane\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [3806 octets] - [29/01/2013 06:30:11] AdwCleaner[s2].txt - [720 octets] - [09/02/2013 21:36:12] ########## EOF - C:\AdwCleaner[s2].txt - [779 octets] ########## MBAM results... Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.09.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 roxane :: ROXANE-PC [administrator] Protection: Enabled 2/9/2013 9:42:53 PM mbam-log-2013-02-09 (21-42-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212142 Time elapsed: 4 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Results from ComboFix... ComboFix 13-02-07.02 - roxane 02/09/2013 13:06:13.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2925.1654 [GMT -5:00] Running from: c:\users\roxane\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-01-09 to 2013-02-09 ))))))))))))))))))))))))))))))) . . 2013-02-09 18:16 . 2013-02-09 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-08 18:28 . 2013-01-15 07:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42AAE5CF-B014-4098-B85A-8E3C5A50D36F}\mpengine.dll 2013-01-30 01:03 . 2013-01-30 01:03 1036 ----a-w- C:\FixitRegBackup.reg 2013-01-28 20:54 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-28 20:54 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-28 20:54 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-28 20:54 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-28 12:46 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-01-28 12:46 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-01-28 12:46 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-01-28 12:46 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-01-27 23:13 . 2013-01-27 23:13 -------- d-----w- c:\users\roxane\AppData\Local\Google 2013-01-27 23:13 . 2013-01-27 23:14 -------- d-----w- c:\program files (x86)\Google 2013-01-27 23:13 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-01-27 23:13 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-01-27 23:13 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-01-27 23:13 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-01-27 23:13 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-01-27 23:13 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-01-27 23:13 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2013-01-27 23:12 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr 2013-01-27 23:12 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2013-01-27 23:11 . 2013-01-27 23:11 -------- d-----w- c:\programdata\AVAST Software 2013-01-27 23:11 . 2013-01-27 23:11 -------- d-----w- c:\program files\AVAST Software 2013-01-27 23:02 . 2013-01-27 23:02 -------- d-----w- C:\found.005 2013-01-27 21:52 . 2013-01-27 21:52 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-01-27 20:29 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-27 20:29 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-27 20:28 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2013-01-27 20:28 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-01-27 20:24 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-27 20:22 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-27 20:22 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-27 20:07 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-27 20:07 . 2013-01-29 01:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-27 20:07 . 2013-01-27 20:07 -------- d-----w- c:\users\roxane\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-09 03:40 . 2012-02-11 23:05 45056 ----a-w- c:\windows\system32\acovcnt.exe 2013-01-27 21:52 . 2012-04-17 18:38 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-27 21:52 . 2011-07-14 05:34 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-27 21:01 . 2012-06-05 13:42 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2013-01-27 20:59 . 2012-06-05 13:42 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-01-27 20:59 . 2012-06-05 13:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-01-27 20:58 . 2012-06-05 13:41 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2013-01-17 06:28 . 2011-07-13 22:20 273840 ------w- c:\windows\system32\MpSigStub.exe 2012-12-16 22:31 . 2011-07-14 23:33 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-11-30 04:45 . 2013-01-27 20:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll 2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-11 3077528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-04-26 1597440] "Online Vault"="c:\program files (x86)\OnlineVault\OVTray.exe" [2012-11-12 371360] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UacDisableNotify"=dword:00000001 . 2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [2009-12-23 174592] R3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2009-12-23 81920] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-14 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-12-23 71168] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312] . . Contents of the 'Scheduled Tasks' folder . 2013-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 21:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-01-27 1445888] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mDefault_Page_URL = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.2.1 DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://static-www3.cdn.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2894406037-275763777-2117583697-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2894406037-275763777-2117583697-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-09 13:20:41 ComboFix-quarantined-files.txt 2013-02-09 18:20 ComboFix2.txt 2013-02-09 17:01 . Pre-Run: 19,904,888,832 bytes free Post-Run: 19,608,158,208 bytes free . - - End Of File - - B45A1D04B121320E096413FA3F206094

Thanks for the help. There were 4 report files generated from RogueKiller. See below... RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : roxane [Admin rights] Mode : Scan -- Date : 02/08/2013 22:51:09 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> FOUND [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\roxane\Desktop\dds.scr) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 72.29.93.243 www.google-analytics.com. 72.29.93.243 ad-emea.doubleclick.net. 72.29.93.243 www.statcounter.com. 64.27.10.42 www.google-analytics.com. 64.27.10.42 ad-emea.doubleclick.net. 64.27.10.42 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-80A0RT0 +++++ --- User --- [MBR] 0a2f32079f6be98e749353b6bb8d540f [bSP] f1f9153ef8e260d2eff473717bad4035 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 7687 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 15743700 | Size: 76308 Mo 2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 172024020 | Size: 221249 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02082013_02d2251.txt >> RKreport[1]_S_02082013_02d2251.txt RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : roxane [Admin rights] Mode : Remove -- Date : 02/08/2013 22:52:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> DELETED [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\roxane\Desktop\dds.scr) -> REPLACED (C:\Windows\system32\logon.scr) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 72.29.93.243 www.google-analytics.com. 72.29.93.243 ad-emea.doubleclick.net. 72.29.93.243 www.statcounter.com. 64.27.10.42 www.google-analytics.com. 64.27.10.42 ad-emea.doubleclick.net. 64.27.10.42 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-80A0RT0 +++++ --- User --- [MBR] 0a2f32079f6be98e749353b6bb8d540f [bSP] f1f9153ef8e260d2eff473717bad4035 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 7687 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 15743700 | Size: 76308 Mo 2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 172024020 | Size: 221249 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_02082013_02d2252.txt >> RKreport[1]_S_02082013_02d2251.txt ; RKreport[2]_D_02082013_02d2252.txt RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : roxane [Admin rights] Mode : Shortcuts HJfix -- Date : 02/08/2013 22:54:30 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 2 / Fail 0 Quick launch: Success 1 / Fail 0 Programs: Success 9 / Fail 0 Start menu: Success 1 / Fail 0 User folder: Success 281 / Fail 0 My documents: Success 0 / Fail 0 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 24 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 78 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped Finished : << RKreport[3]_SC_02082013_02d2254.txt >> RKreport[1]_S_02082013_02d2251.txt ; RKreport[2]_D_02082013_02d2252.txt ; RKreport[3]_SC_02082013_02d2254.txt RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : roxane [Admin rights] Mode : HOSTSFix -- Date : 02/08/2013 22:54:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 72.29.93.243 www.google-analytics.com. 72.29.93.243 ad-emea.doubleclick.net. 72.29.93.243 www.statcounter.com. 64.27.10.42 www.google-analytics.com. 64.27.10.42 ad-emea.doubleclick.net. 64.27.10.42 www.statcounter.com. ¤¤¤ Reset HOSTS: ¤¤¤ Finished : << RKreport[4]_H_02082013_02d2254.txt >> RKreport[1]_S_02082013_02d2251.txt ; RKreport[2]_D_02082013_02d2252.txt ; RKreport[3]_SC_02082013_02d2254.txt ; RKreport[4]_H_02082013_02d2254.txt

Thanks for the help. There were 4 report files generated from RogueKiller. See below... RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : roxane [Admin rights] Mode : Scan -- Date : 02/08/2013 22:51:09 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> FOUND [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\roxane\Desktop\dds.scr) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 72.29.93.243 www.google-analytics.com. 72.29.93.243 ad-emea.doubleclick.net. 72.29.93.243 www.statcounter.com. 64.27.10.42 www.google-analytics.com. 64.27.10.42 ad-emea.doubleclick.net. 64.27.10.42 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-80A0RT0 +++++ --- User --- [MBR] 0a2f32079f6be98e749353b6bb8d540f [bSP] f1f9153ef8e260d2eff473717bad4035 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 7687 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 15743700 | Size: 76308 Mo 2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 172024020 | Size: 221249 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02082013_02d2251.txt >> RKreport[1]_S_02082013_02d2251.txt RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : roxane [Admin rights] Mode : Remove -- Date : 02/08/2013 22:52:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> DELETED [TASK][sUSP PATH] FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 : C:\Users\roxane\AppData\Local\Temp\Fixit\DeleteAclKey.bat -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\roxane\Desktop\dds.scr) -> REPLACED (C:\Windows\system32\logon.scr) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 72.29.93.243 www.google-analytics.com. 72.29.93.243 ad-emea.doubleclick.net. 72.29.93.243 www.statcounter.com. 64.27.10.42 www.google-analytics.com. 64.27.10.42 ad-emea.doubleclick.net. 64.27.10.42 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-80A0RT0 +++++ --- User --- [MBR] 0a2f32079f6be98e749353b6bb8d540f [bSP] f1f9153ef8e260d2eff473717bad4035 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 7687 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 15743700 | Size: 76308 Mo 2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 172024020 | Size: 221249 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_02082013_02d2252.txt >> RKreport[1]_S_02082013_02d2251.txt ; RKreport[2]_D_02082013_02d2252.txt RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : roxane [Admin rights] Mode : Shortcuts HJfix -- Date : 02/08/2013 22:54:30 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 2 / Fail 0 Quick launch: Success 1 / Fail 0 Programs: Success 9 / Fail 0 Start menu: Success 1 / Fail 0 User folder: Success 281 / Fail 0 My documents: Success 0 / Fail 0 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 24 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 78 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped Finished : << RKreport[3]_SC_02082013_02d2254.txt >> RKreport[1]_S_02082013_02d2251.txt ; RKreport[2]_D_02082013_02d2252.txt ; RKreport[3]_SC_02082013_02d2254.txt RogueKiller V8.5.0 _x64_ [Feb 8 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : roxane [Admin rights] Mode : HOSTSFix -- Date : 02/08/2013 22:54:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 72.29.93.243 www.google-analytics.com. 72.29.93.243 ad-emea.doubleclick.net. 72.29.93.243 www.statcounter.com. 64.27.10.42 www.google-analytics.com. 64.27.10.42 ad-emea.doubleclick.net. 64.27.10.42 www.statcounter.com. ¤¤¤ Reset HOSTS: ¤¤¤ Finished : << RKreport[4]_H_02082013_02d2254.txt >> RKreport[1]_S_02082013_02d2251.txt ; RKreport[2]_D_02082013_02d2252.txt ; RKreport[3]_SC_02082013_02d2254.txt ; RKreport[4]_H_02082013_02d2254.txt

Every time I launch internet explorer and browse to a site, a get a pop up in the lower left and lower right sections of the browser window. The window wants to redirect me to a site ad.xtendmedia.com. I have run a scan on the system with MalwareBytes Pro and a full system scan with AVAST virus scanner. Neither have turned up an issue. Can you please help me with this? Below are the DDS.txt and Attach.txt from a scan of the system... DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by roxane at 13:21:48 on 2013-02-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2925.1534 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\OnlineVault\OVTray.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\SysWOW64\ctfmon.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearch Bar = Preserve mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe -update activex mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [Online Vault] "C:\Program Files (x86)\OnlineVault\OVTray.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://static-www3.cdn.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{D6FC9E43-CEB0-49C8-9B8C-725C8E082D4E} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{D6FC9E43-CEB0-49C8-9B8C-725C8E082D4E}\2656C6B696E6E2634336 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{D6FC9E43-CEB0-49C8-9B8C-725C8E082D4E}\65562796A7F6E602D494649443531303C4029334833402355636572756 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{D6FC9E43-CEB0-49C8-9B8C-725C8E082D4E}\74275656E6350727573656D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.33.1 TCP: Interfaces\{D6FC9E43-CEB0-49C8-9B8C-725C8E082D4E}\A41637F6E6D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{D6FC9E43-CEB0-49C8-9B8C-725C8E082D4E}\E4544574541425 : DHCPNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 72.29.93.243 www.google-analytics.com. Hosts: 72.29.93.243 ad-emea.doubleclick.net. Hosts: 72.29.93.243 www.statcounter.com. Hosts: 64.27.10.42 www.google-analytics.com. Hosts: 64.27.10.42 ad-emea.doubleclick.net. . Note: multiple HOSTS entries found. Please refer to Attach.txt . ============= SERVICES / DRIVERS =============== . R?2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29 404992] R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-10-18 15928] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-27 984144] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-27 370288] R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-10-18 379520] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-27 25232] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-27 71600] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-27 44808] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-18 2314240] R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360] R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2009-12-22 71168] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-4-13 135560] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-18 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-2 271872] R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472] R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-24 115312] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-27 398184] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-27 682344] S3 bpmp;bpmp;C:\Windows\System32\drivers\bpmp.sys [2009-12-22 174592] S3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2009-12-22 81920] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-18 35104] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-7-15 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-27 24176] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-15 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-14 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-01-30 01:03:28 1036 ----a-w- C:\FixitRegBackup.reg 2013-01-30 00:54:27 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-01-30 00:54:18 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E381820-B06D-4635-967E-CA8653384148}\mpengine.dll 2013-01-29 11:56:57 -------- d-sh--w- C:\$RECYCLE.BIN 2013-01-28 20:54:28 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2013-01-28 20:54:26 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2013-01-28 20:54:24 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-01-28 20:54:24 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-01-28 12:46:11 46080 ----a-w- C:\Windows\System32\atmlib.dll 2013-01-28 12:46:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2013-01-28 12:46:09 367616 ----a-w- C:\Windows\System32\atmfd.dll 2013-01-28 12:46:08 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2013-01-27 23:13:08 -------- d-----w- C:\Users\roxane\AppData\Local\Google 2013-01-27 23:13:05 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-01-27 23:13:03 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-01-27 23:13:02 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-01-27 23:12:21 41224 ----a-w- C:\Windows\avastSS.scr 2013-01-27 23:11:50 -------- d-----w- C:\ProgramData\AVAST Software 2013-01-27 23:11:50 -------- d-----w- C:\Program Files\AVAST Software 2013-01-27 23:02:28 -------- d-sh--w- C:\found.005 2013-01-27 21:52:08 16369160 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-01-27 20:29:34 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-27 20:29:34 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-27 20:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-01-27 20:28:53 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-01-27 20:24:41 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-01-27 20:22:32 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-01-27 20:22:31 3149824 ----a-w- C:\Windows\System32\win32k.sys 2013-01-27 20:07:51 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-01-27 20:07:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-27 20:07:35 -------- d-----w- C:\Users\roxane\AppData\Local\Programs . ==================== Find3M ==================== . 2013-01-29 11:52:34 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2013-01-27 21:52:28 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-27 21:52:28 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll 2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll . ============= FINISH: 13:23:31.54 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/14/2011 8:02:35 AM System Uptime: 2/8/2013 1:11:08 PM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K52F Processor: Intel® Pentium® CPU P6100 @ 2.00GHz | Socket 989 | 919/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 17.198 GiB free. D: is FIXED (NTFS) - 216 GiB total, 215.7 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP151: 1/27/2013 5:50:17 PM - Removed AVG 2012 RP152: 1/27/2013 5:53:29 PM - Removed AVG 2012 RP153: 1/27/2013 6:10:53 PM - avast! Free Antivirus Setup RP155: 1/28/2013 7:42:39 AM - Windows Modules Installer RP156: 1/28/2013 7:43:55 AM - Windows Modules Installer RP157: 1/29/2013 6:29:30 AM - Windows Update RP158: 1/29/2013 1:15:00 PM - Removed Facebook Video Calling 1.2.0.287 RP159: 1/29/2013 6:38:30 PM - Installed Microsoft Fix it 50267 RP160: 1/29/2013 8:02:28 PM - Installed Microsoft Fix it 50535 . ==== Hosts File Hijack ====================== . Hosts: 72.29.93.243 www.google-analytics.com. Hosts: 72.29.93.243 ad-emea.doubleclick.net. Hosts: 72.29.93.243 www.statcounter.com. Hosts: 64.27.10.42 www.google-analytics.com. Hosts: 64.27.10.42 ad-emea.doubleclick.net. Hosts: 64.27.10.42 www.statcounter.com. . ==== Installed Programs ====================== . Acrobat.com Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Apple Application Support Apple Mobile Device Support Apple Software Update ASUS AI Recovery ASUS CopyProtect ASUS Data Security Manager ASUS FancyStart ASUS LifeFrame3 ASUS Live Update ASUS MultiFrame ASUS Power4Gear Hybrid ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS Virtual Camera ATK Package avast! Free Antivirus Bonjour Conexant HD Audio ControlDeck D3DX10 ETDWare PS/2-x64 7.0.5.11_WHQL Fast Boot Free Realms Intel PROSet Wireless Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software Intel® PROSet/Wireless WiMAX Software iTunes Java Auto Updater Java 6 Update 22 Java 6 Update 26 JMicron Ethernet Adapter NDIS Driver JMicron Flash Media Controller Driver Junk Mail filter update K_Series_ScreenSaver_EN Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSVCRT_amd64 Online Vault OpenOffice.org 3.3 Pando Media Booster QuickTime Roblox for roxane Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Spelling Dictionaries Support For Adobe Reader 9 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) USB 2.0 2.0M UVC WebCam USB 2.0 VGA UVC WebCam Visual Studio 2008 x64 Redistributables VLC media player 2.0.1 WIDCOMM Bluetooth Software Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinFlash Wireless Console 3 Wizard101 Yahoo! BrowserPlus 2.9.8 Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 2/8/2013 1:15:12 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 2/8/2013 1:14:59 PM, Error: Service Control Manager [7022] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting. 2/8/2013 1:10:33 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service depends on the Intel® PROSet/Wireless WiMAX Service service which failed to start because of the following error: The pipe has been ended. 2/8/2013 1:10:33 PM, Error: Service Control Manager [7001] - The Intel® PROSet/Wireless Event Log service depends on the Windows Management Instrumentation service which failed to start because of the following error: A system shutdown is in progress. 2/8/2013 1:10:33 PM, Error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The pipe has been ended. 2/8/2013 1:10:33 PM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The pipe has been ended. 2/8/2013 1:10:31 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The pipe has been ended. 2/8/2013 1:10:29 PM, Error: Service Control Manager [7038] - The WinDefend service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 2/8/2013 1:10:29 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not start due to a logon failure. 2/8/2013 1:10:29 PM, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless WiMAX Service service failed to start due to the following error: The pipe has been ended. 2/8/2013 1:10:28 PM, Error: Service Control Manager [7038] - The stisvc service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 2/8/2013 1:10:28 PM, Error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not start due to a logon failure. 2/8/2013 1:10:28 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: A system shutdown is in progress. 2/8/2013 1:10:28 PM, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: The pipe has been ended. 2/8/2013 1:10:28 PM, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: A system shutdown is in progress. 2/8/2013 1:10:27 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 2/8/2013 1:10:27 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure. 2/8/2013 1:10:27 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Failed to start language pack setup wizard. Please restart the system and try running the wizard again. 2/8/2013 1:10:26 PM, Error: Service Control Manager [7038] - The NlaSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 2/8/2013 1:10:26 PM, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: A system shutdown is in progress. 2/8/2013 1:10:26 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The service did not start due to a logon failure. 2/8/2013 1:10:26 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The pipe has been ended. 2/8/2013 1:10:25 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The pipe has been ended. 2/8/2013 1:10:24 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application Local Management Service service failed to start due to the following error: The pipe has been ended. 2/8/2013 1:10:23 PM, Error: Service Control Manager [7038] - The FDResPub service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 2/8/2013 1:10:23 PM, Error: Service Control Manager [7038] - The DPS service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 2/8/2013 1:10:23 PM, Error: Service Control Manager [7038] - The CryptSvc service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 2/8/2013 1:10:23 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: A system shutdown is in progress. 2/8/2013 1:10:23 PM, Error: Service Control Manager [7000] - The Function Discovery Resource Publication service failed to start due to the following error: The service did not start due to a logon failure. 2/8/2013 1:10:23 PM, Error: Service Control Manager [7000] - The Encrypting File System (EFS) service failed to start due to the following error: A system shutdown is in progress. 2/8/2013 1:10:23 PM, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The service did not start due to a logon failure. 2/8/2013 1:10:23 PM, Error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not start due to a logon failure. 2/8/2013 1:10:23 PM, Error: Service Control Manager [7000] - The Bluetooth Service service failed to start due to the following error: The pipe has been ended. 2/8/2013 1:10:19 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. . ==== End Of File ===========================