Jump to content

Recommended Posts

So, two days ago: business as usual.

Yesterday morning, SOME (not all) random programs (MP3 Rocket, PS3 Media Server, and some others) would not open.

Yesteday late-afternoon. Some file folders went missing (Age Of Empires III, all of me Media Dowload files and folders.)

No sign of Malware.

Today, MORE Folders are gone-- practically everything.

I tried a System restore point-- only one exists-- from yesterday morning. (I never deleted any old restore points, and had set the maximum amount of memory allotment.)

First, HiJackThis log came back fine. Then,I tried several antivirus software in Safe Mode (Malwarebytes, Avast, and SuperAntiSpyware) as well as many undelete programs. More files wound up missing upon restart and boot into Normal Mode.

Used the only system restore point and got back several EMPTY folders!

Now, ALL of my really important files are GONE! All backup options seem to be gone, and there is STILL no sign of Malware!!!

HELP.... please?

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by Girrard at 13:04:39 on 2013-03-06

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8190.5929 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Users\Girrard\Desktop\uTorrent.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Glary Undelete\undelete.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\mmc.exe

C:\Windows\explorer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?ilc=14

uWindow Title = Internet Explorer, optimized for Bing and MSN

mWinlogon: Userinit = userinit.exe

BHO: Vid-Saver Extension: {11111111-1111-1111-1111-110211181108} - C:\Program Files (x86)\Vid-Saver Extension\Vid-Saver Extension.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

uRun: [uTorrent] "C:\Users\Girrard\Desktop\uTorrent.exe" /MINIMIZED

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Download by Orbit - C:\Users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - C:\Users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - C:\Users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - C:\Users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{7206DB69-FC8C-4E02-882D-32368A869EB5} : NameServer = 8.26.56.26,156.154.70.22

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-5 65408]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-5 177672]

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-12-17 21616]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-17 1025880]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-17 377992]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-11-7 584056]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-11-7 38144]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-17 33472]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-17 80888]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-5 45248]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-17 104560]

R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;C:\Windows\System32\drivers\rtl8192cu.sys [2012-12-17 848384]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-17 46136]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2012-12-23 276256]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-1-9 97040]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

.

=============== Created Last 30 ================

.

2013-03-06 18:52:17 -------- d-----w- C:\Users\Girrard\AppData\Roaming\GlarySoft

2013-03-06 16:17:47 -------- d-----w- C:\Program Files (x86)\Glary Undelete

2013-03-06 13:16:58 26024 ----a-w- C:\Windows\System32\drivers\rsdrvx64.sys

2013-03-06 00:36:36 177672 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-03-06 00:36:35 65408 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-03-06 00:22:55 -------- d-----w- C:\Users\Girrard\AppData\Roaming\WinPatrol

2013-03-06 00:22:52 -------- d-----w- C:\ProgramData\InstallMate

2013-03-06 00:13:30 -------- d-----w- C:\Users\Girrard\MP3 Rocket

2013-02-22 21:00:44 -------- d-----w- C:\Users\Girrard\Startup Inspector for Windows

2013-02-06 21:28:05 -------- d-----w- C:\Downloads

2013-02-06 21:28:04 -------- d-----w- C:\Users\Girrard\AppData\Roaming\ProgSense

2013-02-06 21:05:14 -------- d-----w- C:\Users\Girrard\AppData\Roaming\AnvSoft

.

==================== Find3M ====================

.

2013-02-28 08:36:33 71064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-02-28 08:36:33 1025880 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-02-28 08:36:32 80888 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-02-28 08:36:07 41664 ----a-w- C:\Windows\avastSS.scr

2013-02-26 21:03:28 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-26 21:03:28 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-12 13:08:00 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-02-12 13:08:00 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-12-24 22:30:49 276256 ----a-w- C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys

2012-12-19 22:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe

2012-12-19 22:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-12-19 22:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-12-19 22:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-12-19 22:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-12-19 22:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll

2012-12-19 22:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-12-19 22:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-12-19 22:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll

2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll

2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll

2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe

2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll

2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll

2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-12-18 02:25:01 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2012-12-18 02:25:00 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-12-18 02:25:00 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2012-12-17 22:09:59 0 ----a-w- C:\Windows\ativpsrm.bin

.

============= FINISH: 13:05:07.32 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/17/2012 2:15:56 PM

System Uptime: 3/6/2013 11:13:13 AM (2 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2P

Processor: AMD FX-4100 Quad-Core Processor | Socket M2 | 3600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 749.394 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 0 GiB total, 0.031 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP78: 3/6/2013 6:00:03 AM - Installed Java 6 Update 39

RP79: 3/6/2013 11:08:42 AM - Restore Operation

RP80: 3/6/2013 11:19:40 AM - Windows Backup

.

==== Installed Programs ======================

.

µTorrent

7-Zip 9.20 (x64 edition)

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Age of Empires III

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

ATI AVIVO64 Codecs

avast! Free Antivirus

Belkin N300 Micro USB Wireless Adapter

Canon iP2700 series Printer Driver

Canon iP2700 series User Registration

Canon Utilities My Printer

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Spanish

COMODO Internet Security

Debut Video Capture Software

DVD43 Plug-in v1.0.0.5

ffdshow v1.1.4369 [2012-03-03]

Free DVD ISO Burner version 1.2

Glary Undelete 1.8.0.468

HydraVision

Java 7 Update 17

Java Auto Updater

Java SE Runtime Environment 6 Update 1

League of Legends

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MP3 Rocket

neroxml

ON_OFF Charge B11.1102.1

PS3 Media Server

Realtek High Definition Audio Driver

Sid Meier's Civilization 4 Complete

Sid Meier's Civilization IV Colonization

The Lord of the Rings FREE Trial

Total Video Converter 3.71 100812

Vid-Saver Extension

WinPatrol

Xiph.Org Open Codecs 0.85.17777

.

==== Event Viewer Messages From Past Week ========

.

3/6/2013 9:24:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

3/6/2013 11:01:29 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2013 11:01:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/6/2013 11:01:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/6/2013 11:01:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/6/2013 11:01:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/6/2013 11:01:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/6/2013 11:01:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/6/2013 11:01:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger aswRdr aswSnx aswSP aswTdi cmdGuard cmdHlp CSC DfsC discache ElRawDisk inspect NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/6/2013 10:10:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

3/6/2013 10:10:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

3/6/2013 1:56:28 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

3/5/2013 2:57:51 PM, Error: Service Control Manager [7034] - The PS3 Media Server service terminated unexpectedly. It has done this 1 time(s).

3/5/2013 10:29:15 AM, Error: Service Control Manager [7024] - The PS3 Media Server service terminated with service-specific error The system cannot join or substitute a drive to or for a directory on the same drive..

2/27/2013 8:36:36 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer ADDISON-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB}. The master browser is stopping or an election is being forced.

2/27/2013 2:55:24 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB}. The master browser is stopping or an election is being forced.

2/27/2013 11:17:10 AM, Error: Service Control Manager [7030] - The PS3 Media Server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

2/27/2013 11:12:03 AM, Error: Service Control Manager [7024] - The PS3 Media Server service terminated with service-specific error Incorrect function..

2/27/2013 10:29:22 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

2/27/2013 10:29:22 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

2/27/2013 10:29:22 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.

2/27/2013 10:29:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Please run the following:

Please download Unhide.exe to your desktop:

  • Double-click on the Unhide.exe icon on your desktop and allow the program to run.
  • This program will remove the hidden attributes from all the files on your system.
  • Note: If you had purposely hidden any files, then you will need to hide them again after this tool has run.

NEXT

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-03-2013 01

Ran by SYSTEM at 06-03-2013 17:14:12

Running from F:\

Windows 7 Professional (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-16] (Realtek Semiconductor)

HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9577680 2012-11-07] (COMODO)

HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-02-28] (AVAST Software)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)

HKU\Girrard\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-04-19] (AMD)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

AppInit_DLLs: C:\Windows\system32\guard64.dll

Tcpip\..\Interfaces\{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB}: [NameServer]8.26.56.26,156.154.70.22

Tcpip\..\Interfaces\{7206DB69-FC8C-4E02-882D-32368A869EB5}: [NameServer]8.26.56.26,156.154.70.22

==================== Services (Whitelisted) ===================

3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [45248 2013-02-28] (AVAST Software)

2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2828408 2012-11-07] (COMODO)

==================== Drivers (Whitelisted) =====================

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21616 2011-11-02] ()

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33472 2013-02-28] (AVAST Software)

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [80888 2013-02-28] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [71064 2013-02-28] (AVAST Software)

0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65408 2013-02-28] ()

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025880 2013-02-28] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377992 2013-02-28] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68992 2013-02-28] (AVAST Software)

0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177672 2013-02-28] ()

1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [584056 2012-11-07] (COMODO)

1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [38144 2012-11-07] (COMODO)

3 DigiartyVirtualCDBus; C:\Windows\System32\Drivers\DigiartyVirtualCDBus.sys [276256 2012-12-24] (Digiarty Software, Inc.)

1 inspect; C:\Windows\System32\Drivers\inspect.sys [94288 2012-11-07] (COMODO)

3 RTL8192cu; C:\Windows\System32\Drivers\RTL8192cu.sys [848384 2011-02-10] (Realtek Semiconductor Corporation )

3 gdrv; \??\C:\Windows\gdrv.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-03-06 17:13 - 2013-03-06 17:13 - 00000000 ____D C:\FRST

2013-03-06 15:53 - 2013-03-06 15:53 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\Girrard\Desktop\unhide.exe

2013-03-06 15:52 - 2013-03-06 15:54 - 00002506 ____A C:\Users\Girrard\Desktop\unhide.txt

2013-03-06 12:05 - 2013-03-06 12:05 - 00015981 ____A C:\Users\Girrard\Desktop\dds.txt

2013-03-06 12:05 - 2013-03-06 12:05 - 00011788 ____A C:\Users\Girrard\Desktop\attach.txt

2013-03-06 10:52 - 2013-03-06 10:52 - 00001009 ____A C:\Users\Girrard\Desktop\Glary Undelete.lnk

2013-03-06 10:52 - 2013-03-06 10:52 - 00000170 ____A C:\Users\Girrard\Desktop\Glarysoft Freeware.url

2013-03-06 10:52 - 2013-03-06 10:52 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\GlarySoft

2013-03-06 08:32 - 2013-03-06 11:37 - 00000000 ____D C:\Users\Girrard\Desktop\various music recov

2013-03-06 08:32 - 2013-03-06 10:11 - 00000000 ____D C:\Users\Girrard\Desktop\aoe3 recov

2013-03-06 08:32 - 2013-03-06 09:06 - 00000000 ____D C:\Users\Girrard\Desktop\other recov

2013-03-06 08:17 - 2013-03-06 10:52 - 00000000 ____D C:\Program Files (x86)\Glary Undelete

2013-03-06 07:23 - 2013-03-06 10:11 - 00000000 ____D C:\Users\Girrard\Desktop\Malwarebytes' Anti-Malware

2013-03-06 05:16 - 2013-03-06 10:11 - 00000000 ____D C:\Users\Girrard\Desktop\Remo Recover 4.0

2013-03-06 05:16 - 2009-02-12 14:11 - 00026024 ____A (EldoS Corporation) C:\Windows\System32\Drivers\rsdrvx64.sys

2013-03-05 18:31 - 2013-03-05 18:31 - 00579488 ____A C:\Users\Girrard\Desktop\Presentation1.pptx

2013-03-05 17:26 - 2013-03-06 10:13 - 00000000 ____D C:\Users\Girrard\Desktop\Age of Empires III

2013-03-05 17:18 - 2013-03-05 20:02 - 00000000 ____D C:\Users\Girrard\Documents\DESKTOP STUFF

2013-03-05 16:36 - 2013-02-28 00:36 - 00177672 ____A C:\Windows\System32\Drivers\aswVmm.sys

2013-03-05 16:36 - 2013-02-28 00:36 - 00065408 ____A C:\Windows\System32\Drivers\aswRvrt.sys

2013-03-05 16:22 - 2013-03-06 10:11 - 00000000 ____D C:\ProgramData\InstallMate

2013-03-05 16:22 - 2013-03-05 16:22 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\WinPatrol

2013-03-05 16:13 - 2013-03-05 16:14 - 00000000 ____D C:\Users\Girrard\MP3 Rocket

2013-03-05 10:29 - 2013-03-05 13:19 - 00000000 ____D C:\Users\Girrard\Desktop\player

2013-02-27 10:21 - 2013-03-05 16:38 - 00004438 ____A C:\Windows\PFRO.log

2013-02-27 10:01 - 2013-03-06 16:07 - 00005436 ____A C:\Windows\setupact.log

2013-02-27 10:01 - 2013-02-27 10:01 - 00000000 ____A C:\Windows\setuperr.log

2013-02-22 13:00 - 2013-02-22 13:00 - 00000000 ____D C:\Users\Girrard\Documents\wsInspector

2013-02-19 15:49 - 2013-03-05 13:01 - 00000000 ____D C:\Users\Girrard\Desktop\Movies

2013-02-09 11:16 - 2013-02-09 11:16 - 00000000 ____D C:\ProgramData\McAfee

2013-02-06 13:28 - 2013-02-06 13:28 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\ProgSense

2013-02-06 13:26 - 2013-03-05 10:15 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\Orbit

2013-02-06 13:21 - 2013-02-06 13:21 - 00000000 ____D C:\Windows\Sun

2013-02-06 13:20 - 2013-02-06 13:20 - 00000000 ____D C:\Users\Girrard\Documents\MyFlash

2013-02-06 13:05 - 2013-02-06 13:05 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\AnvSoft

==================== One Month Modified Files and Folders =======

2013-03-06 17:13 - 2013-03-06 17:13 - 00000000 ____D C:\FRST

2013-03-06 16:10 - 2012-12-17 13:15 - 01136936 ____A C:\Windows\WindowsUpdate.log

2013-03-06 16:10 - 2009-07-13 20:45 - 00020512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-03-06 16:10 - 2009-07-13 20:45 - 00020512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-03-06 16:07 - 2013-02-27 10:01 - 00005436 ____A C:\Windows\setupact.log

2013-03-06 16:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-03-06 15:55 - 2009-07-13 21:13 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI

2013-03-06 15:54 - 2013-03-06 15:52 - 00002506 ____A C:\Users\Girrard\Desktop\unhide.txt

2013-03-06 15:53 - 2013-03-06 15:53 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\Girrard\Desktop\unhide.exe

2013-03-06 15:03 - 2012-12-17 19:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-03-06 12:13 - 2012-12-18 13:40 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\uTorrent

2013-03-06 12:05 - 2013-03-06 12:05 - 00015981 ____A C:\Users\Girrard\Desktop\dds.txt

2013-03-06 12:05 - 2013-03-06 12:05 - 00011788 ____A C:\Users\Girrard\Desktop\attach.txt

2013-03-06 11:37 - 2013-03-06 08:32 - 00000000 ____D C:\Users\Girrard\Desktop\various music recov

2013-03-06 11:13 - 2012-12-17 20:04 - 00000000 ____D C:\Users\Girrard\Desktop\Docs

2013-03-06 10:52 - 2013-03-06 10:52 - 00001009 ____A C:\Users\Girrard\Desktop\Glary Undelete.lnk

2013-03-06 10:52 - 2013-03-06 10:52 - 00000170 ____A C:\Users\Girrard\Desktop\Glarysoft Freeware.url

2013-03-06 10:52 - 2013-03-06 10:52 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\GlarySoft

2013-03-06 10:52 - 2013-03-06 08:17 - 00000000 ____D C:\Program Files (x86)\Glary Undelete

2013-03-06 10:13 - 2013-03-05 17:26 - 00000000 ____D C:\Users\Girrard\Desktop\Age of Empires III

2013-03-06 10:13 - 2012-12-17 13:16 - 00000000 ____D C:\users\Girrard

2013-03-06 10:12 - 2013-01-11 23:33 - 00000000 ____D C:\Users\Girrard\Desktop\Civ IV

2013-03-06 10:12 - 2012-12-18 17:18 - 00000000 ____D C:\Users\Girrard\Desktop\hijackthis

2013-03-06 10:12 - 2012-12-18 13:36 - 00000000 ____D C:\Users\Girrard\Desktop\League of Legends

2013-03-06 10:12 - 2012-12-17 18:33 - 00000000 ____D C:\Users\Girrard\Desktop\Comodo

2013-03-06 10:11 - 2013-03-06 08:32 - 00000000 ____D C:\Users\Girrard\Desktop\aoe3 recov

2013-03-06 10:11 - 2013-03-06 07:23 - 00000000 ____D C:\Users\Girrard\Desktop\Malwarebytes' Anti-Malware

2013-03-06 10:11 - 2013-03-06 05:16 - 00000000 ____D C:\Users\Girrard\Desktop\Remo Recover 4.0

2013-03-06 10:11 - 2013-03-05 16:22 - 00000000 ____D C:\ProgramData\InstallMate

2013-03-06 10:11 - 2012-12-17 13:16 - 00000000 ____D C:\Users\Girrard\AppData\Local\VirtualStore

2013-03-06 10:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-03-06 09:06 - 2013-03-06 08:32 - 00000000 ____D C:\Users\Girrard\Desktop\other recov

2013-03-05 20:02 - 2013-03-05 17:18 - 00000000 ____D C:\Users\Girrard\Documents\DESKTOP STUFF

2013-03-05 18:31 - 2013-03-05 18:31 - 00579488 ____A C:\Users\Girrard\Desktop\Presentation1.pptx

2013-03-05 16:44 - 2012-12-17 19:22 - 00000000 ____D C:\ProgramData\Adobe

2013-03-05 16:38 - 2013-02-27 10:21 - 00004438 ____A C:\Windows\PFRO.log

2013-03-05 16:36 - 2012-12-17 18:04 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2013-03-05 16:30 - 2012-12-17 19:38 - 00000000 ____D C:\Program Files (x86)\Java

2013-03-05 16:30 - 2012-12-17 19:12 - 00003981 ____A C:\Windows\SysWOW64\jupdate-1.6.0_01-b06.log

2013-03-05 16:22 - 2013-03-05 16:22 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\WinPatrol

2013-03-05 16:14 - 2013-03-05 16:13 - 00000000 ____D C:\Users\Girrard\MP3 Rocket

2013-03-05 16:07 - 2012-12-17 19:09 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\MP3Rocket

2013-03-05 13:19 - 2013-03-05 10:29 - 00000000 ____D C:\Users\Girrard\Desktop\player

2013-03-05 13:01 - 2013-02-19 15:49 - 00000000 ____D C:\Users\Girrard\Desktop\Movies

2013-03-05 10:15 - 2013-02-06 13:26 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\Orbit

2013-03-03 19:33 - 2012-12-17 19:21 - 00000000 ____D C:\Users\Girrard\Incomplete

2013-03-03 18:34 - 2012-12-23 19:21 - 00000000 ____D C:\ProgramData\DVD Shrink

2013-03-03 17:25 - 2012-12-18 06:36 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\NCH Software

2013-03-03 17:25 - 2012-12-18 06:36 - 00000000 ____D C:\ProgramData\NCH Software

2013-02-28 00:36 - 2013-03-05 16:36 - 00177672 ____A C:\Windows\System32\Drivers\aswVmm.sys

2013-02-28 00:36 - 2013-03-05 16:36 - 00065408 ____A C:\Windows\System32\Drivers\aswRvrt.sys

2013-02-28 00:36 - 2012-12-17 18:04 - 01025880 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2013-02-28 00:36 - 2012-12-17 18:04 - 00377992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2013-02-28 00:36 - 2012-12-17 18:04 - 00080888 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2013-02-28 00:36 - 2012-12-17 18:04 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2013-02-28 00:36 - 2012-12-17 18:04 - 00068992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2013-02-28 00:36 - 2012-12-17 18:04 - 00033472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2013-02-28 00:36 - 2012-12-17 18:03 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr

2013-02-28 00:35 - 2012-12-17 18:04 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2013-02-27 10:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2013-02-27 10:01 - 2013-02-27 10:01 - 00000000 ____A C:\Windows\setuperr.log

2013-02-27 07:09 - 2013-01-25 20:18 - 00000000 ____D C:\Windows\Minidump

2013-02-27 07:09 - 2012-12-17 14:06 - 00000000 ____D C:\Windows\Panther

2013-02-27 07:03 - 2013-01-06 11:04 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\wsInspector

2013-02-26 13:03 - 2012-12-17 19:23 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-02-26 13:03 - 2012-12-17 19:23 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-02-22 13:00 - 2013-02-22 13:00 - 00000000 ____D C:\Users\Girrard\Documents\wsInspector

2013-02-20 07:44 - 2013-01-17 07:36 - 00000000 ____D C:\ProgramData\YTD Video Downloader

2013-02-16 12:10 - 2012-12-20 13:52 - 00000000 ____D C:\!~dvdAuthorTempDir~

2013-02-13 07:35 - 2012-12-18 10:39 - 00000000 ____D C:\Users\Girrard\Desktop\PS3

2013-02-12 05:08 - 2012-12-17 19:39 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-02-12 05:08 - 2012-12-17 19:39 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-02-09 11:16 - 2013-02-09 11:16 - 00000000 ____D C:\ProgramData\McAfee

2013-02-06 13:28 - 2013-02-06 13:28 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\ProgSense

2013-02-06 13:21 - 2013-02-06 13:21 - 00000000 ____D C:\Windows\Sun

2013-02-06 13:20 - 2013-02-06 13:20 - 00000000 ____D C:\Users\Girrard\Documents\MyFlash

2013-02-06 13:05 - 2013-02-06 13:05 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\AnvSoft

2013-02-06 12:38 - 2013-01-29 07:12 - 00000000 ____A C:\Windows\Infob.dat

2013-02-06 12:38 - 2013-01-29 07:12 - 00000000 ____A C:\Windows\Infoa.dat

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-06 05:00:12

Restore point made on: 2013-03-06 10:08:53

Restore point made on: 2013-03-06 10:19:51

==================== Memory info ===========================

Percentage of memory in use: 9%

Total physical RAM: 8189.55 MB

Available physical RAM: 7404.34 MB

Total Pagefile: 8187.7 MB

Available Pagefile: 7393.14 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:740.48 GB) NTFS

3 Drive f: (USB20FD) (Removable) (Total:14.92 GB) (Free:14.87 GB) FAT32

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 14 GB 0 B

Partitions of Disk 0:

===============

Disk ID: 9AF280C4

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 04030201

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 14 GB 5272 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F USB20FD FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2013-03-05 13:42

==================== End Of Log =============================

Link to post
Share on other sites

  • Staff

Please run the following

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

---*Please note, I did disable all Comodo applications upon reading the prompt they were still on*---

ComboFix 13-03-05.01 - Girrard 03/06/2013 17:49:24.1.4 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8190.6700 [GMT -7:00]

Running from: c:\users\Girrard\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Vid-Saver Extension\ViD-saver extension.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 )))))))))))))))))))))))))))))))

.

.

2013-03-07 01:13 . 2013-03-07 01:13 -------- d-----w- C:\FRST

2013-03-07 00:52 . 2013-03-07 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-06 18:52 . 2013-03-06 18:52 -------- d-----w- c:\users\Girrard\AppData\Roaming\GlarySoft

2013-03-06 16:17 . 2013-03-06 18:52 -------- d-----w- c:\program files (x86)\Glary Undelete

2013-03-06 13:16 . 2009-02-12 22:11 26024 ----a-w- c:\windows\system32\drivers\rsdrvx64.sys

2013-03-06 00:36 . 2013-02-28 08:36 177672 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-03-06 00:36 . 2013-02-28 08:36 65408 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-03-06 00:22 . 2013-03-06 00:22 -------- d-----w- c:\users\Girrard\AppData\Roaming\WinPatrol

2013-03-06 00:22 . 2013-03-06 18:11 -------- d-----w- c:\programdata\InstallMate

2013-03-06 00:13 . 2013-03-06 00:14 -------- d-----w- c:\users\Girrard\MP3 Rocket

2013-02-22 21:00 . 2013-02-22 21:01 -------- d-----w- c:\users\Girrard\Startup Inspector for Windows

2013-02-12 13:08 . 2013-03-06 00:28 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-02-09 19:16 . 2013-02-09 19:16 -------- d-----w- c:\programdata\McAfee

2013-02-06 21:28 . 2013-02-06 21:28 -------- d-----w- C:\Downloads

2013-02-06 21:28 . 2013-02-06 21:28 -------- d-----w- c:\users\Girrard\AppData\Roaming\ProgSense

2013-02-06 21:26 . 2013-03-05 18:15 -------- d-----w- c:\users\Girrard\AppData\Roaming\Orbit

2013-02-06 21:21 . 2013-02-06 21:21 -------- d-----w- c:\windows\Sun

2013-02-06 21:05 . 2013-02-06 21:05 -------- d-----w- c:\users\Girrard\AppData\Roaming\AnvSoft

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-28 08:36 . 2012-12-18 02:04 68992 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-02-28 08:36 . 2012-12-18 02:04 377992 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-02-28 08:36 . 2012-12-18 02:04 71064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-02-28 08:36 . 2012-12-18 02:04 1025880 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-02-28 08:36 . 2012-12-18 02:04 80888 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-02-28 08:36 . 2012-12-18 02:04 33472 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-02-28 08:36 . 2012-12-18 02:03 41664 ----a-w- c:\windows\avastSS.scr

2013-02-28 08:35 . 2012-12-18 02:04 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-02-26 21:03 . 2012-12-18 03:23 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-26 21:03 . 2012-12-18 03:23 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-12 13:08 . 2012-12-18 03:39 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-02-12 13:08 . 2012-12-18 03:39 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-01-02 00:08 . 2013-01-02 00:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2013-01-02 00:08 . 2013-01-02 00:08 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2013-01-02 00:08 . 2013-01-02 00:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2013-01-02 00:08 . 2013-01-02 00:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-12-24 22:30 . 2012-12-24 04:10 276256 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys

2012-12-19 22:45 . 2012-12-19 22:45 222720 ----a-w- c:\windows\system32\clinfo.exe

2012-12-19 22:44 . 2012-12-19 22:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-12-19 22:44 . 2012-12-19 22:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-12-19 22:44 . 2012-12-19 22:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll

2012-12-19 22:44 . 2012-12-19 22:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-12-19 22:44 . 2012-12-19 22:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll

2012-12-19 22:38 . 2012-12-19 22:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-12-19 22:34 . 2012-12-19 22:34 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-12-19 22:34 . 2012-12-19 22:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-12-19 20:50 . 2012-12-19 20:50 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll

2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll

2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll

2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-12-19 20:09 . 2012-12-19 20:09 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-12-19 20:08 . 2011-04-20 02:07 1151488 ----a-w- c:\windows\system32\aticfx64.dll

2012-12-19 20:06 . 2012-12-19 20:06 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-12-19 19:59 . 2012-12-19 19:59 5087744 ----a-w- c:\windows\system32\atiumd6a.dll

2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll

2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe

2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe

2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-12-19 19:49 . 2011-04-20 01:49 7370752 ----a-w- c:\windows\system32\atidxx64.dll

2012-12-19 19:44 . 2012-12-19 19:44 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-12-19 19:44 . 2012-12-19 19:44 6786560 ----a-w- c:\windows\system32\atiumd64.dll

2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-12-19 19:31 . 2011-04-20 01:21 130048 ----a-w- c:\windows\system32\atiuxp64.dll

2012-12-19 19:31 . 2012-12-19 19:31 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-12-19 19:31 . 2012-12-19 19:31 104448 ----a-w- c:\windows\system32\atiu9p64.dll

2012-12-19 19:30 . 2012-12-19 19:30 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-12-18 16:16 . 2012-12-18 16:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-12-18 16:16 . 2012-12-18 16:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-12-18 16:16 . 2012-12-18 16:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-12-18 16:16 . 2012-12-18 16:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-12-18 16:16 . 2012-12-18 16:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-12-18 16:16 . 2012-12-18 16:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-12-18 16:16 . 2012-12-18 16:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-12-18 16:16 . 2012-12-18 16:16 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-12-18 16:16 . 2012-12-18 16:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-12-18 16:16 . 2012-12-18 16:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-12-18 16:16 . 2012-12-18 16:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-12-18 16:16 . 2012-12-18 16:16 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-12-18 16:16 . 2012-12-18 16:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-12-18 16:16 . 2012-12-18 16:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-12-18 16:16 . 2012-12-18 16:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-12-18 16:16 . 2012-12-18 16:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-12-18 16:16 . 2012-12-18 16:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-12-18 16:16 . 2012-12-18 16:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-12-18 16:16 . 2012-12-18 16:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-12-18 16:16 . 2012-12-18 16:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-12-18 16:16 . 2012-12-18 16:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-12-18 16:16 . 2012-12-18 16:16 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-12-18 16:16 . 2012-12-18 16:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-12-18 16:16 . 2012-12-18 16:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-12-18 16:16 . 2012-12-18 16:16 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-12-18 16:16 . 2012-12-18 16:16 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-12-18 16:16 . 2012-12-18 16:16 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-12-18 16:16 . 2012-12-18 16:16 82432 ----a-w- c:\windows\system32\icardie.dll

2012-12-18 16:16 . 2012-12-18 16:16 816640 ----a-w- c:\windows\system32\jscript.dll

2012-12-18 16:16 . 2012-12-18 16:16 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-12-18 16:16 . 2012-12-18 16:16 729088 ----a-w- c:\windows\system32\msfeeds.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-04-20 393216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-12-24 276256]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-08 584056]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-08 38144]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-02-28 80888]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]

S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-10 848384]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 21:03]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-02-28 08:35 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-08 9577680]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/?ilc=14

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Download by Orbit - c:\users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{7206DB69-FC8C-4E02-882D-32368A869EB5}: NameServer = 8.26.56.26,156.154.70.22

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{11111111-1111-1111-1111-110211181108} - c:\program files (x86)\Vid-Saver Extension\Vid-Saver Extension.dll

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-Debut - c:\program files (x86)\NCH Software\Debut\debut.exe

AddRemove-Free DVD ISO Burner (by minidvdsoft)_is1 - c:\users\Girrard\Desktop\Audio-Video\Free DVD ISO Burner\unins000.exe

AddRemove-PS3 Media Server - c:\users\Girrard\Desktop\Audio-Video\PS3 Media Server\uninst.exe

AddRemove-Total Video Converter 3.71_is1 - c:\users\Girrard\Desktop\Audio-Video\Total Video Converter\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-06 17:55:08

ComboFix-quarantined-files.txt 2013-03-07 00:55

.

Pre-Run: 795,066,892,288 bytes free

Post-Run: 794,510,708,736 bytes free

.

- - End Of File - - EE2FDAB2BB8DEF4C09BAB49289CAABAC

Link to post
Share on other sites

  • Staff

Please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.9 (03.06.2013:1)

OS: Windows 7 Professional x64

Ran by Girrard on Wed 03/06/2013 at 18:13:24.46

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload

Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\firstsearch

Successfully deleted: [Registry Key] hkey_local_machine\software\iminent

Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021808.BHO

Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021808.Sandbox

Successfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021808.Sandbox.1

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021808.BHO

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021808.Sandbox

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021808.Sandbox.1

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 03/06/2013 at 18:21:32.59

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.114 - Logfile created 03/06/2013 at 18:49:13

# Updated 05/03/2013 by Xplode

# Operating system : Windows 7 Professional (64 bits)

# User : Girrard - G-COM

# Boot Mode : Normal

# Running from : C:\Users\Girrard\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\Speedbit

***** [Registry] *****

Key Deleted : HKCU\Software\GreenTree Applications

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181108}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181108}

Key Deleted : HKCU\Software\SpeedBit

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181108}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181108}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181108}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181108}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181108}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Girrard\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [2149 octets] - [06/03/2013 18:49:13]

########## EOF - C:\AdwCleaner[s1].txt - [2209 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.07.03

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Girrard :: G-COM [administrator]

3/6/2013 7:28:25 PM

mbam-log-2013-03-06 (19-28-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213030

Time elapsed: 1 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Staff

that item is in ComboFix quarantine and will be removed when we uninstall ComboFix

please remove this old version of Java from Programs and Features

Java™ SE Runtime Environment 6 Update 1

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.