todde Posted February 21, 2013 ID:649732 Share Posted February 21, 2013 I've been recently infected with numerous malware and trojans. I have cleaned my system to the best of my ability including malwarebytes, but am uncertain whether I am "totally clean" at this point. Any help would be appreciated. Thanks. Link to post Share on other sites More sharing options...
MrCharlie Posted February 21, 2013 ID:649733 Share Posted February 21, 2013 Welcome to the forum, please start at the link below:http://forums.malwar...?showtopic=9573Post back the 2 logs here.....DDS.txt and Attach.txt<====><====><====><====><====><====><====><====>Next.......Please remove any usb or external drives from the computer before you run this scan!Quit all running programs.Please download and run RogueKiller to your desktop.http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe <---use this one for 64 bit systemsFor Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>Please stick with me until I give you the "all clear".------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
todde Posted February 21, 2013 Author ID:649740 Share Posted February 21, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22Run by Mojo Studios at 14:32:41 on 2013-02-21Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4021.1698 [GMT -8:00].AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedc:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exeC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exeC:\Program Files (x86)\Backblaze\bzserv.exeC:\Program Files (x86)\Common Files\Nuance\dgnsvc.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exeC:\Program Files (x86)\Hotspot Shield\bin\hsswd.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exeC:\Program Files (x86)\Backblaze\bzbui.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Windows\SysWOW64\fpplock.exeC:\Program Files (x86)\AirPort\APAgent.exeC:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exeC:\Program Files (x86)\AVG Secure Search\vprot.exeC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Program Files (x86)\BlueStacks\HD-Agent.exeC:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\StuffIt\ArcNameService.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exeC:\Program Files (x86)\BlueStacks\HD-Service.exeC:\Program Files (x86)\BlueStacks\HD-Network.exeC:\Program Files (x86)\BlueStacks\HD-BlockDevice.exeC:\Program Files (x86)\BlueStacks\HD-SharedFolder.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\alg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\RapidBIT\cidaemon.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\AVG\AVG2013\avgcfgex.exeC:\Users\MOJOST~1\AppData\Local\Temp\nsh8DA3.tmp\PEV.DATC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://google.com/uProxyOverride = <local>uURLSearchHooks: HotSpot Shield Elite Toolbar: {f16708b8-d2df-482d-9dfa-aa8d8894f0f4} - C:\Program Files (x86)\HotSpot_Shield_Elite\prxtbHotS.dllmURLSearchHooks: HotSpot Shield Elite Toolbar: {f16708b8-d2df-482d-9dfa-aa8d8894f0f4} - C:\Program Files (x86)\HotSpot_Shield_Elite\prxtbHotS.dllBHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dllBHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} -BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dllBHO: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: HotSpot Shield Elite Toolbar: {f16708b8-d2df-482d-9dfa-aa8d8894f0f4} - C:\Program Files (x86)\HotSpot_Shield_Elite\prxtbHotS.dllBHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: HotSpot Shield Elite Toolbar: {F16708B8-D2DF-482D-9DFA-AA8D8894F0F4} - C:\Program Files (x86)\HotSpot_Shield_Elite\prxtbHotS.dllTB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dllTB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dllTB: HotSpot Shield Elite Toolbar: {f16708b8-d2df-482d-9dfa-aa8d8894f0f4} - C:\Program Files (x86)\HotSpot_Shield_Elite\prxtbHotS.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllEB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dlluRun: [backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quietuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"mRun: [Warning: do not remove it!] fpplock.exemRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exemRun: [FAStartup] <no file>dRun: [backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quietuPolicies-Explorer: NoDriveTypeAutoRun = dword:255uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{50DBE44B-745F-4DD8-A394-473AB230DE08} : NameServer = 8.8.8.8TCP: Interfaces\{953851C7-181E-49D7-B27D-A96A2841E3BC} : DHCPNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{953851C7-181E-49D7-B27D-A96A2841E3BC}\16474777966696 : DHCPNameServer = 192.168.5.1TCP: Interfaces\{953851C7-181E-49D7-B27D-A96A2841E3BC}\34163756023547574697 : DHCPNameServer = 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dllNotify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dllSSODL: WebCheck - <orphaned>SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dllSTS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLLSA: Notification Packages = scecli FAPassSyncx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cabx64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabx64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cabx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dllx64-SSODL: WebCheck - <orphaned>x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dllx64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dllx64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Mojo Studios\AppData\Roaming\Mozilla\Firefox\Profiles\a6ra2175.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&CUI=UN16866301222210229FF - prefs.js: browser.search.selectedEngine - WhiteSmoke B Customized Web SearchFF - prefs.js: browser.startup.homepage - hxxp://google.com/FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN16866301222210229&UM=UM_ID&q=FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dllFF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dllFF - ExtSQL: 2013-01-27 17:58; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1FF - ExtSQL: 2013-02-04 11:13; firebug@software.joehewitt.com; C:\Users\Mojo Studios\AppData\Roaming\Mozilla\Firefox\Profiles\a6ra2175.default\extensions\firebug@software.joehewitt.com.xpiFF - ExtSQL: 2013-02-12 18:10; afurladvisor@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com.============= SERVICES / DRIVERS ===============.R0 apmwin;apmwin;C:\Windows\System32\drivers\apmwin.sys [2011-11-10 51504]R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]R0 gpt_loader;GUID Partition table support driver;C:\Windows\System32\drivers\gpt_loader.sys [2011-11-10 61232]R0 mounthlp;Mounter helper driver for HFS volumes;C:\Windows\System32\drivers\mounthlp.sys [2011-11-10 42800]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-4 55280]R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 50296]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-17 39768]R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-2-5 42184]R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-9-21 89600]R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-21 202752]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-10-25 393080]R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-10-25 71032]R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-10-25 384888]R2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2010-11-17 206000]R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2011-2-6 21520]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-2-22 2409800]R2 HfsplusRec;HfsplusRec;C:\Windows\System32\drivers\hfsplusrec.sys [2011-11-10 16176]R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-2-11 536360]R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-2-11 389928]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-4 13336]R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-7-17 4948992]R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-9-21 60416]R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-9-21 80896]R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-9-21 55808]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-4 689472]R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2012-7-24 352144]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-11-4 172704]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-21 151040]R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-9-21 317480]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-4 42328]S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 FlexService;Remote Connections Service;C:\Program Files (x86)\RapidBIT\cisvc.exe [2009-5-17 41984]S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]S3 Hfsplus;Hfsplus;C:\Windows\System32\drivers\hfsplus.sys [2011-11-10 197936]S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\System32\drivers\MAudioFastTrack.sys [2010-12-7 187912]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-12 1255736]S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\System32\drivers\ymidusbx64.sys [2011-1-31 49256].=============== File Associations ===============.ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1".=============== Created Last 30 ================.2013-02-21 21:04:38 -------- d-----w- C:\Program Files (x86)\SpywareBlaster2013-02-21 19:46:47 -------- d-sh--w- C:\$RECYCLE.BIN2013-02-21 17:25:29 -------- d-----w- C:\Program Files (x86)\BlueStacks2013-02-20 17:25:53 -------- d-----w- C:\Users\Mojo Studios\AppData\Local\SwvUpdater2013-02-20 17:25:20 -------- d-----w- C:\Users\Mojo Studios\AppData\Roaming\SearchProtect2013-02-20 17:24:24 -------- d-----w- C:\AI_RecycleBin2013-02-20 17:16:49 -------- d-----w- C:\ProgramData\BlueStacksSetup2013-02-20 17:16:49 -------- d-----w- C:\ProgramData\BlueStacks2013-02-20 05:35:47 -------- d-----w- C:\Windows\SysWow64\microsoft2013-02-06 17:41:59 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe2013-02-05 23:04:10 42184 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys2013-02-04 19:08:51 -------- d-----w- C:\Users\Mojo Studios\AppData\Local\Mozilla2013-02-04 19:08:46 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service2013-02-04 18:43:47 98816 ----a-w- C:\Windows\sed.exe2013-02-04 18:43:47 256000 ----a-w- C:\Windows\PEV.exe2013-02-04 18:43:47 208896 ----a-w- C:\Windows\MBR.exe2013-02-03 04:14:44 -------- d-----w- C:\Users\Mojo Studios\AppData\Roaming\Strongvault2013-02-03 04:14:29 -------- d-----w- C:\Program Files (x86)\WhatsRunning2013-02-03 04:14:23 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap2013-02-03 04:14:13 -------- d-----w- C:\Users\Mojo Studios\AppData\Local\Stronghold_LLC2013-02-03 04:13:58 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin2013-02-03 04:13:18 -------- d-----w- C:\Users\Mojo Studios\AppData\Local\Coupon Companion Plugin2013-02-03 04:13:11 -------- d-----w- C:\Users\Mojo Studios\AppData\Local\Updater218042013-02-03 04:13:08 -------- d-----w- C:\Program Files (x86)\Coupon Companion Plugin2013-02-03 01:25:52 -------- d-----w- C:\_OTM.==================== Find3M ====================.2013-02-21 19:46:00 22368 ----a-w- C:\Windows\System32\drivers\WS2IFSL.SYS2013-02-21 19:46:00 22368 ----a-w- C:\Windows\System32\drivers\AFD.SYS2013-02-19 04:36:28 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2013-02-10 04:08:15 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-02-10 04:08:15 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-01-05 03:48:36 42328 ----a-w- C:\Windows\System32\drivers\taphss6.sys2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2012-12-20 13:59:36 1188864 ----a-w- C:\Windows\System32\wininet.dll2012-12-20 12:53:51 981504 ----a-w- C:\Windows\SysWow64\wininet.dll2012-12-20 12:02:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb2012-12-20 11:20:29 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-12-19 17:55:14 208216 ----a-w- C:\Windows\System32\drivers\41391239.sys2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2003-12-07 06:12:54 121856 --sha-w- C:\Windows\SysWOW64\fpplock.exe.============= FINISH: 14:34:56.98 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 11/11/2010 9:51:27 AMSystem Uptime: 2/21/2013 11:45:41 AM (3 hours ago).Motherboard: Dell Inc. | | 05P36GProcessor: Intel® Core i5 CPU M 460 @ 2.53GHz | U2E1 | 1190/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 451 GiB total, 70.839 GiB free.D: is CDROM (UDF).==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: facap, FastAccess Video CaptureDevice ID: ROOT\IMAGE\0000Manufacturer: Sensible VisionName: facap, FastAccess Video CapturePNP Device ID: ROOT\IMAGE\0000Service: FACAP.==== System Restore Points ===================.RP420: 2/12/2013 11:45:35 PM - Windows UpdateRP421: 2/20/2013 9:33:49 AM - Removed Miro Video Converter.==== Installed Programs ======================.µTorrent64 Bit HP CIO Components InstallerAdobe AIRAdobe Community HelpAdobe Creative Suite 5 Master CollectionAdobe Download AssistantAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Illustrator CS5.1Adobe Media PlayerAdobe Photoshop Lightroom 3.3 64-bitAdobe Reader XI (11.0.01)Adobe Shockwave Player 11.6Advanced Audio FX EngineAIO_CDB_ProductContextAIO_CDB_SoftwareAIO_ScanAirfoilAirPortAkamai NetSession InterfaceAkamai NetSession Interface ServiceAmpegSVXAmpliTube 2 LiveAmpliTube FenderAmpliTube Jimi HendrixAmpliTube MetalAmpliTube X-GEARAmpliTube2Apple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Control CenterAVG 2013AVG Security ToolbarBackblazeBlueStacks App PlayerBonjourBufferChmCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCleanerConsumer In-Home Service AgreementCoupon Companion PluginDefinition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionDell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DataSafe OnlineDell DockDell Driver Download ManagerDell Edoc ViewerDell Getting Started GuideDell TouchpadDell Webcam CentralDirectXInstallServiceDragon NaturallySpeaking 11DropboxEMC 10 ContentEMCGadgets64FastAccessFaxFolder Password Expert 2.1Google Calendar SyncGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToAssist 8.0.0.514HandBrake 0.9.6HiJackThisHotspot Shield 2.85HotSpot Shield Elite ToolbarHP Photo CreationsHP Photosmart 7510 series Basic Device SoftwareHP Photosmart 7510 series Product Improvement StudyHP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.BiCloudIntel PROSet WirelessIntel® Control CenterIntel® PROSet/Wireless WiFi SoftwareIntel® Rapid Storage TechnologyIntel® Turbo Boost Technology MonitoriTunesJava Auto UpdaterJava 6 Update 20 (64-bit)Java 6 Update 22Java 7 Update 1 (64-bit)Java SE Development Kit 7 Update 1 (64-bit)LAME v3.99.3 (for Windows)Live 8.0.1Live! Cam Avatar CreatorM-Audio FastTrack Driver 6.0.6 (x64)Malwarebytes Anti-Malware version 1.70.0.1100Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Expression Encoder 4Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Microsoft_VC90_MFCLOC_x86MobileMe Control PanelMozilla Firefox 18.0.2 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Native Instruments Controller EditorNative Instruments Guitar Rig 4Native Instruments Kontakt 4Native Instruments Service CenterNotification CenterOctoshape add-in for Adobe Flash PlayerParagon HFS+ for Windows™ 9.0PDF Settings CS5PxMergeModuleQuickset64QuickTimeQuickVoice SyncRecuvaRoxio Activation ModuleRoxio BackOnTrackRoxio Central AudioRoxio Central CopyRoxio Central CoreRoxio Central DataRoxio Central ToolsRoxio Easy CD and DVD BurningRoxio Express Labeler 3Roxio File BackupRoxio Update ManagerScanSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 64-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2687508) 64-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 64-Bit EditionSkinsSonic CinePlayer Decoder PackSpywareBlaster 4.6Strongvault Online BackupStuffIt 12swMSMTL Space Native 7.4ToolboxUnloadSupportUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2598242) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 64-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 64-Bit EditionUpdate for Microsoft OneNote 2010 (KB2687277) 64-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 64-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 64-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 64-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit EditionVisual C++ 8.0 CRT (x86) WinSXS MSMVisual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)Visual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesVLC media player 2.0.1Vst To Rtas Adapter V2.11WebRegWhat's Running 2.2Wild West Press version 2.0Windows Media Player Firefox PluginWinRAR archiverWinZip 14.0WunderlistYamaha USB-MIDI Driver.==== Event Viewer Messages From Past Week ========.2/21/2013 9:27:41 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.2/21/2013 9:22:32 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@010100042/21/2013 9:22:16 AM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.2/21/2013 12:01:21 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JCHELLARD-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{953851C7-181E-49D7-B27D-A96A2841E3BC}. The master browser is stopping or an election is being forced.2/21/2013 11:46:39 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.2/21/2013 11:41:31 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.2/21/2013 11:37:10 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.2/21/2013 11:17:27 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).2/21/2013 11:17:27 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).2/21/2013 11:17:27 AM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.2/20/2013 9:25:53 AM, Error: Service Control Manager [7034] - The vToolbarUpdater14.2.0 service terminated unexpectedly. It has done this 1 time(s).2/14/2013 2:37:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.2/14/2013 2:37:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}2/14/2013 2:37:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}2/14/2013 2:37:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}2/14/2013 2:37:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}2/14/2013 2:37:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd AVGIDSDriver Avgldx64 Avgtdia DfsC discache HssDRV6 NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.2/14/2013 2:37:04 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.2/14/2013 12:32:59 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{953851C7-181E-49D7-B27D-A96A2841E3BC} because another computer on the network has the same name. The server could not start..==== End Of File =========================== Link to post Share on other sites More sharing options...
todde Posted February 21, 2013 Author ID:649745 Share Posted February 21, 2013 RogueKiller V8.5.1 _x64_ [Feb 21 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Mojo Studios [Admin rights]Mode : Scan -- Date : 02/21/2013 14:44:17| ARK || FAK || MBR |¤¤¤ Bad processes : 2 ¤¤¤[Microsoft][HJNAME] notepad.exe -- C:\Windows\SysWOW64\notepad.exe [7] -> KILLED [TermProc][Microsoft][HJNAME] notepad.exe -- C:\Windows\SysWOW64\notepad.exe [7] -> KILLED [TermProc]¤¤¤ Registry Entries : 2 ¤¤¤[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST9500420AS +++++--- User ---[MBR] c3077f3f19565c8c2fd233bb489c52f0[bSP] 7604063f9306d4c3c722bddd444a7bf4 : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 461899 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_02212013_02d1444.txt >>RKreport[1]_S_02212013_02d1444.txt Link to post Share on other sites More sharing options...
MrCharlie Posted February 21, 2013 ID:649750 Share Posted February 21, 2013 Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.Continued use of filesharing or ill-advised downloads will surely re-infect your system.Risks of File-Sharing Technology.P2P file sharing: Know the risksIt's also against the forums policy concerning P2P programs:If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.I also recommend you uninstall these:Hotspot Shield 2.85HotSpot Shield Elite Toolbar------------------------------------------------------------------Then,,,,,,,,,,,,Please create a new system restore point before running Malwarebytes Anti-Rootkit.Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.Verify that your system is now functioning normally.MrC Link to post Share on other sites More sharing options...
todde Posted February 21, 2013 Author ID:649754 Share Posted February 21, 2013 Here are the two log files... thanks!mbar-log-2013-02-21 (15-21-35).txtsystem-log.txt Link to post Share on other sites More sharing options...
MrCharlie Posted February 21, 2013 ID:649756 Share Posted February 21, 2013 Looks Clean...next:Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
todde Posted February 22, 2013 Author ID:649769 Share Posted February 22, 2013 ComboFix 13-02-21.02 - Mojo Studios 02/21/2013 16:16:18.3.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4021.1841 [GMT -8:00]Running from: c:\users\Mojo Studios\Desktop\ComboFix.exeAV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-01-22 to 2013-02-22 )))))))))))))))))))))))))))))))..2013-02-22 00:28 . 2013-02-22 00:28 -------- d-----w- c:\users\Default\AppData\Local\temp2013-02-21 22:57 . 2013-02-21 22:57 -------- d-----w- c:\programdata\hsswpr2013-02-21 21:04 . 2013-02-21 21:07 -------- d-----w- c:\program files (x86)\SpywareBlaster2013-02-21 17:25 . 2013-02-21 17:25 -------- d-----w- c:\program files (x86)\BlueStacks2013-02-20 17:25 . 2013-02-21 18:13 -------- d-----w- c:\users\Mojo Studios\AppData\Local\SwvUpdater2013-02-20 17:25 . 2013-02-20 17:25 -------- d-----w- c:\users\Mojo Studios\AppData\Roaming\SearchProtect2013-02-20 17:24 . 2013-02-20 17:31 -------- d-----w- C:\AI_RecycleBin2013-02-20 17:16 . 2013-02-21 17:25 -------- d-----w- c:\programdata\BlueStacks2013-02-20 05:35 . 2013-02-20 05:35 -------- d-----w- c:\windows\SysWow64\microsoft2013-02-12 22:41 . 2013-01-08 05:40 97792 ----a-w- c:\windows\system32\mshtmled.dll2013-02-05 23:04 . 2013-02-05 23:04 42184 ----a-w- c:\windows\system32\drivers\hssdrv6.sys2013-02-04 19:08 . 2013-02-04 19:08 -------- d-----w- c:\users\Mojo Studios\AppData\Local\Mozilla2013-02-04 19:08 . 2013-02-07 03:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service2013-02-03 04:14 . 2013-02-20 17:24 -------- d-----w- c:\users\Mojo Studios\AppData\Roaming\Strongvault2013-02-03 04:14 . 2013-02-03 04:19 -------- d-----w- c:\program files (x86)\WhatsRunning2013-02-03 04:14 . 2013-02-03 04:14 -------- d-----w- c:\users\Mojo Studios\AppData\Local\Stronghold_LLC2013-02-03 04:13 . 2013-02-20 17:31 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin2013-02-03 04:13 . 2013-02-03 04:13 -------- d-----w- c:\users\Mojo Studios\AppData\Local\Coupon Companion Plugin2013-02-03 04:13 . 2013-02-03 04:13 -------- d-----w- c:\users\Mojo Studios\AppData\Local\Updater218042013-02-03 04:13 . 2013-02-21 23:32 -------- d-----w- c:\program files (x86)\Coupon Companion Plugin2013-02-03 01:25 . 2013-02-03 01:25 -------- d-----w- C:\_OTM...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-21 19:46 . 2012-02-15 16:13 22368 ----a-w- c:\windows\system32\drivers\AFD.SYS2013-02-21 19:46 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS2013-02-19 04:36 . 2012-09-17 16:14 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys2013-02-13 07:55 . 2010-11-14 18:58 70004024 ----a-w- c:\windows\system32\MRT.exe2013-02-10 04:08 . 2012-05-15 21:15 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-02-10 04:08 . 2012-05-15 21:15 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-01-05 03:48 . 2013-01-05 03:48 42328 ----a-w- c:\windows\system32\drivers\taphss6.sys2013-01-04 04:43 . 2013-02-12 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll2012-12-19 17:55 . 2012-12-19 17:55 208216 ----a-w- c:\windows\system32\drivers\41391239.sys2012-12-16 17:11 . 2012-12-20 20:37 46080 ----a-w- c:\windows\system32\atmlib.dll2012-12-16 14:45 . 2012-12-20 20:37 367616 ----a-w- c:\windows\system32\atmfd.dll2012-12-16 14:13 . 2012-12-20 20:37 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2012-12-16 14:13 . 2012-12-20 20:37 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2012-12-15 00:49 . 2011-01-03 06:50 24176 ----a-w- c:\windows\system32\drivers\mbam.sys2012-12-07 13:20 . 2013-01-09 18:39 441856 ----a-w- c:\windows\system32\Wpc.dll2012-12-07 13:15 . 2013-01-09 18:39 2746368 ----a-w- c:\windows\system32\gameux.dll2012-12-07 12:26 . 2013-01-09 18:39 308736 ----a-w- c:\windows\SysWow64\Wpc.dll2012-12-07 12:20 . 2013-01-09 18:39 2576384 ----a-w- c:\windows\SysWow64\gameux.dll2012-12-07 11:20 . 2013-01-09 18:39 30720 ----a-w- c:\windows\system32\usk.rs2012-12-07 11:20 . 2013-01-09 18:39 43520 ----a-w- c:\windows\system32\csrr.rs2012-12-07 11:20 . 2013-01-09 18:39 23552 ----a-w- c:\windows\system32\oflc.rs2012-12-07 11:20 . 2013-01-09 18:39 45568 ----a-w- c:\windows\system32\oflc-nz.rs2012-12-07 11:20 . 2013-01-09 18:39 44544 ----a-w- c:\windows\system32\pegibbfc.rs2012-12-07 11:20 . 2013-01-09 18:39 20480 ----a-w- c:\windows\system32\pegi-fi.rs2012-12-07 11:20 . 2013-01-09 18:39 20480 ----a-w- c:\windows\system32\pegi-pt.rs2012-12-07 11:19 . 2013-01-09 18:39 20480 ----a-w- c:\windows\system32\pegi.rs2012-12-07 11:19 . 2013-01-09 18:39 46592 ----a-w- c:\windows\system32\fpb.rs2012-12-07 11:19 . 2013-01-09 18:39 40960 ----a-w- c:\windows\system32\cob-au.rs2012-12-07 11:19 . 2013-01-09 18:39 21504 ----a-w- c:\windows\system32\grb.rs2012-12-07 11:19 . 2013-01-09 18:39 15360 ----a-w- c:\windows\system32\djctq.rs2012-12-07 11:19 . 2013-01-09 18:39 55296 ----a-w- c:\windows\system32\cero.rs2012-12-07 11:19 . 2013-01-09 18:39 51712 ----a-w- c:\windows\system32\esrb.rs2012-12-07 10:46 . 2013-01-09 18:39 43520 ----a-w- c:\windows\SysWow64\csrr.rs2012-12-07 10:46 . 2013-01-09 18:39 30720 ----a-w- c:\windows\SysWow64\usk.rs2012-12-07 10:46 . 2013-01-09 18:39 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs2012-12-07 10:46 . 2013-01-09 18:39 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs2012-12-07 10:46 . 2013-01-09 18:39 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs2012-12-07 10:46 . 2013-01-09 18:39 23552 ----a-w- c:\windows\SysWow64\oflc.rs2012-12-07 10:46 . 2013-01-09 18:39 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs2012-12-07 10:46 . 2013-01-09 18:39 46592 ----a-w- c:\windows\SysWow64\fpb.rs2012-12-07 10:46 . 2013-01-09 18:39 20480 ----a-w- c:\windows\SysWow64\pegi.rs2012-12-07 10:46 . 2013-01-09 18:39 21504 ----a-w- c:\windows\SysWow64\grb.rs2012-12-07 10:46 . 2013-01-09 18:39 40960 ----a-w- c:\windows\SysWow64\cob-au.rs2012-12-07 10:46 . 2013-01-09 18:39 15360 ----a-w- c:\windows\SysWow64\djctq.rs2012-12-07 10:46 . 2013-01-09 18:39 55296 ----a-w- c:\windows\SysWow64\cero.rs2012-12-07 10:46 . 2013-01-09 18:39 51712 ----a-w- c:\windows\SysWow64\esrb.rs2012-11-30 05:45 . 2013-01-09 18:38 362496 ----a-w- c:\windows\system32\wow64win.dll2012-11-30 05:45 . 2013-01-09 18:38 243200 ----a-w- c:\windows\system32\wow64.dll2012-11-30 05:45 . 2013-01-09 18:38 13312 ----a-w- c:\windows\system32\wow64cpu.dll2012-11-30 05:43 . 2013-01-09 18:38 16384 ----a-w- c:\windows\system32\ntvdm64.dll2012-11-30 05:41 . 2013-01-09 18:38 424448 ----a-w- c:\windows\system32\KernelBase.dll2012-11-30 05:41 . 2013-01-09 18:38 1161216 ----a-w- c:\windows\system32\kernel32.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll2012-11-30 04:53 . 2013-01-09 18:38 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll2012-11-30 04:45 . 2013-01-09 18:38 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 18:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}]c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]2013-02-19 04:36 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-19 1929392].[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\Mojo Studios\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\Mojo Studios\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\users\Mojo Studios\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]2012-04-09 23:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Backblaze"="c:\program files (x86)\Backblaze\bzbui.exe" [2012-11-08 491184]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-11 39408].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Warning: do not remove it!"="fpplock.exe" [2003-12-07 121856]"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-22 95560]"FAStartup"="" [bU]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-19 1151152]"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2012-10-26 593784].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"Z1"="c:\users\Mojo Studios\Downloads\mbar-1.01.0.1020\mbar\mbar.exe" [2013-02-05 1363528].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Backblaze"="c:\program files (x86)\Backblaze\bzbui.exe" [2012-11-08 491184].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]2010-02-22 20:24 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages REG_MULTI_SZ scecli FAPassSync.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 FlexService;Remote Connections Service;c:\program files (x86)\RapidBIT\cisvc.exe [2009-05-17 41984]R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]R3 Hfsplus;Hfsplus;c:\windows\system32\DRIVERS\hfsplus.sys [2011-10-04 197936]R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2010-12-08 187912]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-05 42328]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-12 1255736]R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2011-01-31 49256]S0 apmwin;apmwin;c:\windows\system32\DRIVERS\apmwin.sys [2011-10-04 51504]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]S0 gpt_loader;GUID Partition table support driver;c:\windows\system32\DRIVERS\gpt_loader.sys [2011-10-04 61232]S0 mounthlp;Mounter helper driver for HFS volumes;c:\windows\system32\DRIVERS\mounthlp.sys [2011-10-04 42800]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-19 39768]S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-10-26 71032]S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-10-26 384888]S2 bzserv;Backblaze Service;c:\program files (x86)\Backblaze\bzserv.exe [2012-11-08 206000]S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-22 2409800]S2 HfsplusRec;HfsplusRec;c:\windows\system32\DRIVERS\hfsplusrec.sys [2011-10-04 16176]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-19 968880]S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys [2012-04-09 352144]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 151040]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-23 317480]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]..--- Other Services/Drivers In Memory ---.*Deregistered* - HssDRV6.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]Akamai REG_MULTI_SZ Akamaihpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 04:08].2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 19:42].2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 19:42].2013-02-21 c:\windows\Tasks\HP Photo Creations Communicator.job- c:\programdata\HP Photo Creations\Communicator.exe [2012-12-25 04:07].2013-02-21 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-28 01:57]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\Mojo Studios\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\Mojo Studios\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\Mojo Studios\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 162552 ----a-w- c:\users\Mojo Studios\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]2012-04-09 23:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105Trusted Zone: line6.netTCP: DhcpNameServer = 75.75.75.75 75.75.76.76Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dllFF - ProfilePath - c:\users\Mojo Studios\AppData\Roaming\Mozilla\Firefox\Profiles\a6ra2175.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&CUI=UN16866301222210229FF - prefs.js: browser.search.selectedEngine - WhiteSmoke B Customized Web SearchFF - prefs.js: browser.startup.homepage - hxxp://google.com/FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN16866301222210229&UM=UM_ID&q=FF - ExtSQL: 2013-01-27 17:58; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\14.2.0.1FF - ExtSQL: 2013-02-04 11:13; firebug@software.joehewitt.com; c:\users\Mojo Studios\AppData\Roaming\Mozilla\Firefox\Profiles\a6ra2175.default\extensions\firebug@software.joehewitt.com.xpi.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{f16708b8-d2df-482d-9dfa-aa8d8894f0f4} - (no file)Toolbar-Locked - (no file)Toolbar-10 - (no file)Toolbar-!{3bbd3c14-4c16-4989-8366-95bc9179779d} - (no file)WebBrowser-{F16708B8-D2DF-482D-9DFA-AA8D8894F0F4} - (no file)...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\BlueStacks]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-02-21 16:32:52ComboFix-quarantined-files.txt 2013-02-22 00:32ComboFix2.txt 2013-02-21 19:44ComboFix3.txt 2013-02-04 19:01.Pre-Run: 85,178,195,968 bytes freePost-Run: 85,256,413,184 bytes free.- - End Of File - - 8CF4C12FC87A9F1AC96A4FD424BA743D Link to post Share on other sites More sharing options...
MrCharlie Posted February 22, 2013 ID:649782 Share Posted February 22, 2013 Looks GoodDownload, unzip and double click on the attached fix.zip (fix.reg) and allow it to merge into the registry.Next.........Please download AdwCleaner from here and save it on your Desktop.AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.MrC Link to post Share on other sites More sharing options...
todde Posted February 22, 2013 Author ID:649784 Share Posted February 22, 2013 # AdwCleaner v2.112 - Logfile created 02/21/2013 at 17:49:58# Updated 10/02/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Mojo Studios - MOJOSTUDIOS# Boot Mode : Normal# Running from : C:\Users\Mojo Studios\Desktop\adwcleaner0.exe# Option [search]***** [services] ********** [Files / Folders] *****File Found : C:\ENDFile Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xmlFolder Found : C:\Program Files (x86)\AVG Secure SearchFolder Found : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Found : C:\Program Files (x86)\ConduitFolder Found : C:\Program Files (x86)\Coupon Companion PluginFolder Found : C:\ProgramData\AVG Secure SearchFolder Found : C:\ProgramData\boost_interprocessFolder Found : C:\ProgramData\WeCareReminderFolder Found : C:\Users\Mojo Studios\AppData\Local\AVG Secure SearchFolder Found : C:\Users\Mojo Studios\AppData\Local\ConduitFolder Found : C:\Users\Mojo Studios\AppData\Local\Coupon Companion PluginFolder Found : C:\Users\Mojo Studios\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcFolder Found : C:\Users\Mojo Studios\AppData\Local\Ilivid PlayerFolder Found : C:\Users\Mojo Studios\AppData\Local\OpenCandyFolder Found : C:\Users\Mojo Studios\AppData\Local\SwvUpdaterFolder Found : C:\Users\Mojo Studios\AppData\LocalLow\AVG Secure SearchFolder Found : C:\Users\Mojo Studios\AppData\LocalLow\ConduitFolder Found : C:\Users\Mojo Studios\AppData\LocalLow\PriceGongFolder Found : C:\Users\Mojo Studios\AppData\LocalLow\searchqubandFolder Found : C:\Users\Mojo Studios\AppData\Roaming\OpenCandyFolder Found : C:\Users\Mojo Studios\AppData\Roaming\SearchProtect***** [Registry] *****Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Found : HKCU\Software\AppDataLow\Software\CrossriderKey Found : HKCU\Software\AppDataLow\Software\PriceGongKey Found : HKCU\Software\AppDataLow\Software\searchqutoolbarKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AVG Secure SearchKey Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Found : HKCU\Software\InstalledBrowserExtensionsKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKCU\Software\SoftonicKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKLM\Software\AVG Secure SearchKey Found : HKLM\Software\AVG Security ToolbarKey Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exeKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHOKey Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.SandboxKey Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocolKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2707060Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279141Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Found : HKLM\Software\ConduitKey Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181104}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomcKey Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKU\S-1-5-21-3499270314-2644087536-4287733573-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKU\S-1-5-21-3499270314-2644087536-4287733573-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKU\S-1-5-21-3499270314-2644087536-4287733573-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]***** [internet Browsers] *****-\\ Internet Explorer v8.0.7601.17514[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={E93886F6-495E-42F3-9C76-8E066B6D5E22}&mid=480d51e292f247d1b2212104e4b14e96-71bacdbea90424d8209e805a059d7311e9a53178〈=en&ds=AVG&pr=pr&d=2012-09-17 09:14:53&pid=avg&sg=&v=14.2.0.1&sap=nt-\\ Mozilla Firefox v18.0.2 (en-US)File : C:\Users\Mojo Studios\AppData\Roaming\Mozilla\Firefox\Profiles\a6ra2175.default\prefs.jsFound : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3279141&SearchSource=1[...]Found : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke B Customized Web Search");Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141[...]Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279141");Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke B Customized Web Search");Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&Sea[...]Found : user_pref("browser.search.selectedEngine", "WhiteSmoke B Customized Web Search");Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CU[...]Found : user_pref("smartBar.searchInNewTabOwner", "CT3279141");-\\ Google Chrome v [unable to get version]File : C:\Users\Mojo Studios\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [11411 octets] - [21/02/2013 17:49:58]########## EOF - C:\AdwCleaner[R1].txt - [11472 octets] ########## Link to post Share on other sites More sharing options...
todde Posted February 22, 2013 Author ID:649785 Share Posted February 22, 2013 I don't see anything in there to keep. Looks like junk to me. Link to post Share on other sites More sharing options...
MrCharlie Posted February 22, 2013 ID:649789 Share Posted February 22, 2013 Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Then......Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
todde Posted February 22, 2013 Author ID:649919 Share Posted February 22, 2013 Mr C, unfortunately after rebooting after running AdCleaner, I am no longer able to access the Internet. Typing this from my iPad now. I can see my Wireless Network Connection, but there is "No Internet access" Link to post Share on other sites More sharing options...
MrCharlie Posted February 22, 2013 ID:649927 Share Posted February 22, 2013 Use system restore to go back,Can you also post the log from Adwcleaner.Let me know....MrC Link to post Share on other sites More sharing options...
todde Posted February 22, 2013 Author ID:649935 Share Posted February 22, 2013 Ran System restore, still no Internet access Link to post Share on other sites More sharing options...
MrCharlie Posted February 22, 2013 ID:649936 Share Posted February 22, 2013 Try this:Click on the Start button.Click on the Settings menu option.Click on the Control Panel option.When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.You will now see a menu similar to the image below. Simply click on the Repair menu option.http://www.bleepstatic.com/combofix/en/repair.jpgRepair Internet ConnectionLet the repair process perform its tasks and when it has finished, your Internet connection should be working again.Alternatively, if your network icon also appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair as shown below.http://www.bleepstatic.com/combofix/en/tray-repair.jpgRepair Internet connection via Tray IconLet me know.....MrC Link to post Share on other sites More sharing options...
todde Posted February 22, 2013 Author ID:649955 Share Posted February 22, 2013 Windows 7, went to Network and sharing center - identify and repair network problems. Message says... Problem with wireless adapter or access point Link to post Share on other sites More sharing options...
MrCharlie Posted February 22, 2013 ID:649956 Share Posted February 22, 2013 Does anything show in the device manager by the adapter?? MrC Link to post Share on other sites More sharing options...
todde Posted February 22, 2013 Author ID:649960 Share Posted February 22, 2013 No. Intel centrino advanced-N 6200 AGN Link to post Share on other sites More sharing options...
MrCharlie Posted February 22, 2013 ID:649963 Share Posted February 22, 2013 OK, try this...I guess you have a wireless modem/router.Shut down the computer and then reset the modem/routerThere should be a reset button that you push or hole that you stick a pin to reset the router (usually 10 seconds)It's usually located on the back of the router, check your owners manual.If you can't find one, just disconnect the power from the router for about a minute, then reconnect it, let it reset then turn the computer back on and see how it is.After the that resets, boot the computer up and see if you can connect now.MrC Link to post Share on other sites More sharing options...
todde Posted February 22, 2013 Author ID:649978 Share Posted February 22, 2013 Nothing different. Can see and connect to my Network, but no Internet Access. Link to post Share on other sites More sharing options...
MrCharlie Posted February 22, 2013 ID:649981 Share Posted February 22, 2013 Does the network show up if you left click the wireless network symbol in the system tray (lower right of screen)? MrC Link to post Share on other sites More sharing options...
todde Posted February 22, 2013 Author ID:649984 Share Posted February 22, 2013 Yes, my network is called Mojo Dojo and it is there, but above that, it says... Indentifying... (Mojo Dojo) No Network AccessJust spins and never connects. There is no problem with my cable Internet as there are many computers in the house using the Internet as we speak. Link to post Share on other sites More sharing options...
MrCharlie Posted February 22, 2013 ID:649987 Share Posted February 22, 2013 Can you locate this:C:\Windows\ERDNT\hiv-backup\erdnt.exeMrC Link to post Share on other sites More sharing options...
todde Posted February 22, 2013 Author ID:650002 Share Posted February 22, 2013 Yes Link to post Share on other sites More sharing options...
Recommended Posts